Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1528477
MD5:	9fc1b0376a8aba2ff9fb5872400ae57f
SHA1:	6a45de509e3d8df50ded0d93b4901b4c7df20fa2
SHA256:	64e2fdeb459780d6aacaebbefd2a99c7210092d559038b90adc39664e1b6381c
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7324 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9FC1B0376A8ABA2FF9FB5872400AE57F)

taskkill.exe (PID: 7340 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7404 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7468 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7532 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7588 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 7688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 7324	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 505sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: sets.json.11.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.11.dr	String found in binary or memory: https://24.hu
Source: sets.json.11.dr	String found in binary or memory: https://aajtak.in
Source: chromecache_153.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_153.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: sets.json.11.dr	String found in binary or memory: https://alice.tw
Source: sets.json.11.dr	String found in binary or memory: https://ambitionbox.com
Source: chromecache_160.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_153.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: sets.json.11.dr	String found in binary or memory: https://autobild.de
Source: sets.json.11.dr	String found in binary or memory: https://bild.de
Source: sets.json.11.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.11.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.11.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.11.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.11.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.11.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.11.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.11.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.11.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.11.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.11.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.11.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.11.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.11.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.11.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.11.dr	String found in binary or memory: https://chennien.com
Source: sets.json.11.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.11.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.11.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.11.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.11.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.11.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.11.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.11.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.11.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.11.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.11.dr	String found in binary or memory: https://css-load.com
Source: sets.json.11.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.11.dr	String found in binary or memory: https://deere.com
Source: sets.json.11.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.11.dr	String found in binary or memory: https://drimer.io
Source: sets.json.11.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.11.dr	String found in binary or memory: https://efront.com
Source: sets.json.11.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.11.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.11.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.11.dr	String found in binary or memory: https://ella.sv
Source: sets.json.11.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.11.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.11.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.11.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.11.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.11.dr	String found in binary or memory: https://fakt.pl
Source: chromecache_153.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: sets.json.11.dr	String found in binary or memory: https://finn.no
Source: sets.json.11.dr	String found in binary or memory: https://firstlook.biz
Source: chromecache_160.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_160.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_153.13.dr	String found in binary or memory: https://g.co/recover
Source: sets.json.11.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.11.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.11.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.11.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.11.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.11.dr	String found in binary or memory: https://grid.id
Source: sets.json.11.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.11.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.11.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.11.dr	String found in binary or memory: https://hapara.com
Source: sets.json.11.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.11.dr	String found in binary or memory: https://hc1.com
Source: sets.json.11.dr	String found in binary or memory: https://hc1.global
Source: sets.json.11.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.11.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.11.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.11.dr	String found in binary or memory: https://hearty.app
Source: sets.json.11.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.11.dr	String found in binary or memory: https://hearty.me
Source: sets.json.11.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.11.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.11.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.11.dr	String found in binary or memory: https://hj.rs
Source: sets.json.11.dr	String found in binary or memory: https://hjck.com
Source: sets.json.11.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.11.dr	String found in binary or memory: https://html-load.com
Source: sets.json.11.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.11.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.11.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.11.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.11.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.11.dr	String found in binary or memory: https://img-load.com
Source: sets.json.11.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.11.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.11.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.11.dr	String found in binary or memory: https://interia.pl
Source: sets.json.11.dr	String found in binary or memory: https://intoday.in
Source: sets.json.11.dr	String found in binary or memory: https://iolam.it
Source: sets.json.11.dr	String found in binary or memory: https://ishares.com
Source: sets.json.11.dr	String found in binary or memory: https://jagran.com
Source: sets.json.11.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.11.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.11.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.11.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.11.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.11.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.11.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.11.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.11.dr	String found in binary or memory: https://kompas.com
Source: sets.json.11.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.11.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.11.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.11.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.11.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.11.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.11.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.11.dr	String found in binary or memory: https://libero.it
Source: sets.json.11.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.11.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.11.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.11.dr	String found in binary or memory: https://livemint.com
Source: sets.json.11.dr	String found in binary or memory: https://max.auto
Source: sets.json.11.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.11.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.11.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.11.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.11.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.11.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.11.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.11.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.11.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.11.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.11.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.11.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.11.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.11.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.11.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.11.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.11.dr	String found in binary or memory: https://nacion.com
Source: sets.json.11.dr	String found in binary or memory: https://naukri.com
Source: sets.json.11.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.11.dr	String found in binary or memory: https://nien.co
Source: sets.json.11.dr	String found in binary or memory: https://nien.com
Source: sets.json.11.dr	String found in binary or memory: https://nien.org
Source: sets.json.11.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.11.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.11.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.11.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.11.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.11.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.11.dr	String found in binary or memory: https://onet.pl
Source: sets.json.11.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.11.dr	String found in binary or memory: https://p106.net
Source: sets.json.11.dr	String found in binary or memory: https://p24.hu
Source: sets.json.11.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.11.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.11.dr	String found in binary or memory: https://phonandroid.com
Source: chromecache_153.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_153.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_153.13.dr	String found in binary or memory: https://play.google/intl/
Source: sets.json.11.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.11.dr	String found in binary or memory: https://poalim.site
Source: sets.json.11.dr	String found in binary or memory: https://poalim.xyz
Source: chromecache_153.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_153.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_153.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_153.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_153.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_153.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_153.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_153.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: sets.json.11.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.11.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.11.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.11.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.11.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.11.dr	String found in binary or memory: https://repid.org
Source: sets.json.11.dr	String found in binary or memory: https://reshim.org
Source: sets.json.11.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.11.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.11.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.11.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.11.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.11.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.11.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.11.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.11.dr	String found in binary or memory: https://shock.co
Source: sets.json.11.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.11.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.11.dr	String found in binary or memory: https://socket-to-me.vip
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_160.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: sets.json.11.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.11.dr	String found in binary or memory: https://supereva.it
Source: chromecache_153.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_153.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_153.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: sets.json.11.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.11.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.11.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.11.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.11.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.11.dr	String found in binary or memory: https://top.pl
Source: sets.json.11.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.11.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.11.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.11.dr	String found in binary or memory: https://tucarro.com.ve
Source: chromecache_160.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: sets.json.11.dr	String found in binary or memory: https://welt.de
Source: sets.json.11.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.11.dr	String found in binary or memory: https://wordle.at
Source: sets.json.11.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_153.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_153.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_160.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_160.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_160.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_160.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_160.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_160.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_153.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_153.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: sets.json.11.dr	String found in binary or memory: https://yours.co.uk
Source: file.exe, 00000000.00000003.1702919868.0000000001224000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_153.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49501
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49500
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49451 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49463 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49485 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49300
Source: unknown	Network traffic detected: HTTP traffic on port 49406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49419
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49418
Source: unknown	Network traffic detected: HTTP traffic on port 49361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49417
Source: unknown	Network traffic detected: HTTP traffic on port 49346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49413
Source: unknown	Network traffic detected: HTTP traffic on port 49484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49412
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49411
Source: unknown	Network traffic detected: HTTP traffic on port 49323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49449 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49469
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49468
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49467
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49466
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49465
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49344
Source: unknown	Network traffic detected: HTTP traffic on port 49431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49464
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49463
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49462
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49461
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49340
Source: unknown	Network traffic detected: HTTP traffic on port 49339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49339
Source: unknown	Network traffic detected: HTTP traffic on port 49380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49459
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49458
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49457
Source: unknown	Network traffic detected: HTTP traffic on port 49327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49455
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49453
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49452
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49330
Source: unknown	Network traffic detected: HTTP traffic on port 49407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49451
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49450
Source: unknown	Network traffic detected: HTTP traffic on port 49379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49449
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49448
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49445
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49444
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49442
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49441
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49440
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49443 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49439
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49438
Source: unknown	Network traffic detected: HTTP traffic on port 49499 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49437
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49436
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49434
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49433
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49431
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49430
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49309
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49429
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49428
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49306
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49427
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49426
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49384
Source: unknown	Network traffic detected: HTTP traffic on port 49370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49383
Source: unknown	Network traffic detected: HTTP traffic on port 49393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49382
Source: unknown	Network traffic detected: HTTP traffic on port 49429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49381
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49380
Source: unknown	Network traffic detected: HTTP traffic on port 49487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49441 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49499
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49376
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49496
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49495
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49494
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49493
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49492
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49491
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49490
Source: unknown	Network traffic detected: HTTP traffic on port 49337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49489
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49487
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49486
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49364
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49485
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49484
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49483
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49482
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49360
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49481
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49480
Source: unknown	Network traffic detected: HTTP traffic on port 49453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49479
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49357
Source: unknown	Network traffic detected: HTTP traffic on port 49325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49478
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49477
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49475
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49353
Source: unknown	Network traffic detected: HTTP traffic on port 49430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49474
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49473
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49472
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49471
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49470
Source: unknown	Network traffic detected: HTTP traffic on port 49486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49445 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49457 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49480 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49299
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49298
Source: unknown	Network traffic detected: HTTP traffic on port 49297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49296
Source: unknown	Network traffic detected: HTTP traffic on port 49319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49294
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49293
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49292
Source: unknown	Network traffic detected: HTTP traffic on port 49354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49491 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49391
Source: unknown	Network traffic detected: HTTP traffic on port 49377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49390
Source: unknown	Network traffic detected: HTTP traffic on port 49341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49479 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49467 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49489 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49455 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49483 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49471 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49435 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49332 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49488 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FFEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00FFEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FFED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00FFED6A

Source: C:\Users\user\Desktop\file.exe

0_2_00FFEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FEAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00FEAA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_01019576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_01019576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1680129207.0000000001042000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_199324c5-7
Source: file.exe, 00000000.00000000.1680129207.0000000001042000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_f27b444b-d
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_34dd1674-5
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_63baecb3-b

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FED5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00FED5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00FE1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FEE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00FEE8F6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_7688_1423143030

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F88060	0_2_00F88060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF2046	0_2_00FF2046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE8298	0_2_00FE8298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FBE4FF	0_2_00FBE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB676B	0_2_00FB676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01014873	0_2_01014873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8CAF0	0_2_00F8CAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FACAA0	0_2_00FACAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9CC39	0_2_00F9CC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB6DD9	0_2_00FB6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F891C0	0_2_00F891C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9B119	0_2_00F9B119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA1394	0_2_00FA1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA1706	0_2_00FA1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA781B	0_2_00FA781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA19B0	0_2_00FA19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9997D	0_2_00F9997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F87920	0_2_00F87920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA7A4A	0_2_00FA7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA7CA7	0_2_00FA7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA1C77	0_2_00FA1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB9EEE	0_2_00FB9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0100BE44	0_2_0100BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA1F32	0_2_00FA1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00F9F9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00FA0A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@52/37@12/7

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FF37B5 GetLastError,FormatMessageW,

0_2_00FF37B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE10BF AdjustTokenPrivileges,CloseHandle,		0_2_00FE10BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00FE16C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FF51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00FF51CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0100A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0100A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FF648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00FF648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00F842A2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\b4a58f00-5063-4b11-b0b5-34b2573cc445.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7596:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7348:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00F842DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FA0A76 push ecx; ret

0_2_00FA0A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00F9F98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01011C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_01011C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-97056

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7232			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1776			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.6 %

Source: C:\Users\user\Desktop\file.exe TID: 7328	Thread sleep count: 7232 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7328	Thread sleep time: -72320s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7328	Thread sleep count: 171 > 30	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7232 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00FEDBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF68EE FindFirstFileW,FindClose,	0_2_00FF68EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00FF698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00FED076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00FED3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00FF9642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00FF979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00FF9B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF5C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00FF5C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00F842DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FFEAA2 BlockInput,

0_2_00FFEAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00FB2622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00F842DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FA4CE8 mov eax, dword ptr fs:[00000030h]

0_2_00FA4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00FE0B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00FB2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00FA083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA09D5 SetUnhandledExceptionFilter,	0_2_00FA09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00FA0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00FE1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FC2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00FC2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FEB226 SendInput,keybd_event,

0_2_00FEB226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FEE3B9 mouse_event,

0_2_00FEE3B9

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00FE0B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FE1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00FE1663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FA0698 cpuid

0_2_00FA0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FF8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00FF8195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FDD27A GetUserNameW,

0_2_00FDD27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FBBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00FBBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00F842DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 7324, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 7324, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01001204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_01001204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01001806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_01001806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	1 File Deletion	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Valid Accounts	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Virtualization/Sandbox Evasion	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Access Token Manipulation	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	2 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://wieistmeineip.de	0%	URL Reputation	safe
https://mercadoshops.com.co	0%	URL Reputation	safe
https://gliadomain.com	0%	URL Reputation	safe
https://poalim.xyz	0%	URL Reputation	safe
https://mercadolivre.com	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://reshim.org	0%	URL Reputation	safe
https://nourishingpursuits.com	0%	URL Reputation	safe
https://medonet.pl	0%	URL Reputation	safe
https://mercadoshops.com.br	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://johndeere.com	0%	URL Reputation	safe
https://supereva.it	0%	URL Reputation	safe
https://elfinancierocr.com	0%	URL Reputation	safe
https://bolasport.com	0%	URL Reputation	safe
https://rws1nvtvt.com	0%	URL Reputation	safe
https://desimartini.com	0%	URL Reputation	safe
https://hearty.app	0%	URL Reputation	safe
https://hearty.gift	0%	URL Reputation	safe
https://mercadoshops.com	0%	URL Reputation	safe
https://heartymail.com	0%	URL Reputation	safe
https://p106.net	0%	URL Reputation	safe
https://finn.no	0%	URL Reputation	safe
https://hc1.com	0%	URL Reputation	safe
https://kompas.tv	0%	URL Reputation	safe
https://mystudentdashboard.com	0%	URL Reputation	safe
https://smaker.pl	0%	URL Reputation	safe
https://mercadopago.com.mx	0%	URL Reputation	safe
https://p24.hu	0%	URL Reputation	safe
https://mercadopago.com.pe	0%	URL Reputation	safe
https://cardsayings.net	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://mightytext.net	0%	URL Reputation	safe
https://hazipatika.com	0%	URL Reputation	safe
https://joyreactor.com	0%	URL Reputation	safe
https://cookreactor.com	0%	URL Reputation	safe
https://eworkbookcloud.com	0%	URL Reputation	safe
https://cognitiveai.ru	0%	URL Reputation	safe
https://nacion.com	0%	URL Reputation	safe
https://chennien.com	0%	URL Reputation	safe
https://drimer.travel	0%	URL Reputation	safe
https://deccoria.pl	0%	URL Reputation	safe
https://mercadopago.cl	0%	URL Reputation	safe
https://bonvivir.com	0%	URL Reputation	safe
https://carcostadvisor.be	0%	URL Reputation	safe
https://salemovetravel.com	0%	URL Reputation	safe
https://welt.de	0%	URL Reputation	safe
https://poalim.site	0%	URL Reputation	safe
https://drimer.io	0%	URL Reputation	safe
https://infoedgeindia.com	0%	URL Reputation	safe
https://blackrockadvisorelite.it	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://cognitive-ai.ru	0%	URL Reputation	safe
https://cafemedia.com	0%	URL Reputation	safe
https://graziadaily.co.uk	0%	URL Reputation	safe
https://thirdspace.org.au	0%	URL Reputation	safe
https://mercadoshops.com.ar	0%	URL Reputation	safe
https://smpn106jkt.sch.id	0%	URL Reputation	safe
https://elpais.uy	0%	URL Reputation	safe
https://landyrev.com	0%	URL Reputation	safe
https://commentcamarche.com	0%	URL Reputation	safe
https://tucarro.com.ve	0%	URL Reputation	safe
https://rws3nvtvt.com	0%	URL Reputation	safe
https://eleconomista.net	0%	URL Reputation	safe
https://mercadolivre.com.br	0%	URL Reputation	safe
https://salemovefinancial.com	0%	URL Reputation	safe
https://mercadopago.com.br	0%	URL Reputation	safe
https://commentcamarche.net	0%	URL Reputation	safe
https://etfacademy.it	0%	URL Reputation	safe
https://mighty-app.appspot.com	0%	URL Reputation	safe
https://hj.rs	0%	URL Reputation	safe
https://hearty.me	0%	URL Reputation	safe
https://mercadolibre.com.gt	0%	URL Reputation	safe
https://indiatodayne.in	0%	URL Reputation	safe
https://idbs-staging.com	0%	URL Reputation	safe
https://blackrock.com	0%	URL Reputation	safe
https://idbs-eworkbook.com	0%	URL Reputation	safe
https://motherandbaby.com	0%	URL Reputation	safe
https://mercadolibre.co.cr	0%	URL Reputation	safe
https://hjck.com	0%	URL Reputation	safe
https://prisjakt.no	0%	URL Reputation	safe
https://kompas.com	0%	URL Reputation	safe
https://mercadopago.com.ar	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe
https://tucarro.com.co	0%	URL Reputation	safe
https://terazgotuje.pl	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	142.250.186.78	true	false	unknown
www3.l.google.com	142.250.186.110	true	false	unknown
play.google.com	142.250.186.78	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
youtube.com	142.250.186.174	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/favicon.ico	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wieistmeineip.de	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.co	sets.json.11.dr	false	URL Reputation: safe	unknown
https://gliadomain.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://poalim.xyz	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_153.13.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_153.13.dr	false	URL Reputation: safe	unknown
https://reshim.org	sets.json.11.dr	false	URL Reputation: safe	unknown
https://nourishingpursuits.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://medonet.pl	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.br	sets.json.11.dr	false	URL Reputation: safe	unknown
https://joyreactor.cc	sets.json.11.dr	false		unknown
https://policies.google.com/technologies/cookies	chromecache_153.13.dr	false	URL Reputation: safe	unknown
https://johndeere.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://supereva.it	sets.json.11.dr	false	URL Reputation: safe	unknown
https://elfinancierocr.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://bolasport.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://rws1nvtvt.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_153.13.dr	false		unknown
https://desimartini.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://hearty.app	sets.json.11.dr	false	URL Reputation: safe	unknown
https://hearty.gift	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://heartymail.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://nlc.hu	sets.json.11.dr	false		unknown
https://p106.net	sets.json.11.dr	false	URL Reputation: safe	unknown
https://finn.no	sets.json.11.dr	false	URL Reputation: safe	unknown
https://hc1.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://kompas.tv	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mystudentdashboard.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://smaker.pl	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.mx	sets.json.11.dr	false	URL Reputation: safe	unknown
https://p24.hu	sets.json.11.dr	false	URL Reputation: safe	unknown
https://24.hu	sets.json.11.dr	false		unknown
https://mercadopago.com.pe	sets.json.11.dr	false	URL Reputation: safe	unknown
https://cardsayings.net	sets.json.11.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/api.js	chromecache_160.13.dr	false	URL Reputation: safe	unknown
https://mightytext.net	sets.json.11.dr	false	URL Reputation: safe	unknown
https://hazipatika.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://joyreactor.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://cookreactor.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://eworkbookcloud.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://cognitiveai.ru	sets.json.11.dr	false	URL Reputation: safe	unknown
https://nacion.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://chennien.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://drimer.travel	sets.json.11.dr	false	URL Reputation: safe	unknown
https://deccoria.pl	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadopago.cl	sets.json.11.dr	false	URL Reputation: safe	unknown
https://naukri.com	sets.json.11.dr	false		unknown
https://interia.pl	sets.json.11.dr	false		unknown
https://bonvivir.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://carcostadvisor.be	sets.json.11.dr	false	URL Reputation: safe	unknown
https://salemovetravel.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://welt.de	sets.json.11.dr	false	URL Reputation: safe	unknown
https://poalim.site	sets.json.11.dr	false	URL Reputation: safe	unknown
https://drimer.io	sets.json.11.dr	false	URL Reputation: safe	unknown
https://infoedgeindia.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://blackrockadvisorelite.it	sets.json.11.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_153.13.dr	false	URL Reputation: safe	unknown
https://cognitive-ai.ru	sets.json.11.dr	false	URL Reputation: safe	unknown
https://cafemedia.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://graziadaily.co.uk	sets.json.11.dr	false	URL Reputation: safe	unknown
https://thirdspace.org.au	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.ar	sets.json.11.dr	false	URL Reputation: safe	unknown
https://smpn106jkt.sch.id	sets.json.11.dr	false	URL Reputation: safe	unknown
https://elpais.uy	sets.json.11.dr	false	URL Reputation: safe	unknown
https://landyrev.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://commentcamarche.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://tucarro.com.ve	sets.json.11.dr	false	URL Reputation: safe	unknown
https://rws3nvtvt.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://eleconomista.net	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com.br	sets.json.11.dr	false	URL Reputation: safe	unknown
https://07c225f3.online	sets.json.11.dr	false		unknown
https://salemovefinancial.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.br	sets.json.11.dr	false	URL Reputation: safe	unknown
https://commentcamarche.net	sets.json.11.dr	false	URL Reputation: safe	unknown
https://etfacademy.it	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mighty-app.appspot.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://hj.rs	sets.json.11.dr	false	URL Reputation: safe	unknown
https://hearty.me	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadolibre.com.gt	sets.json.11.dr	false	URL Reputation: safe	unknown
https://indiatodayne.in	sets.json.11.dr	false	URL Reputation: safe	unknown
https://idbs-staging.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://blackrock.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://idbs-eworkbook.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://motherandbaby.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadolibre.co.cr	sets.json.11.dr	false	URL Reputation: safe	unknown
https://hjck.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://prisjakt.no	sets.json.11.dr	false	URL Reputation: safe	unknown
https://kompas.com	sets.json.11.dr	false	URL Reputation: safe	unknown
https://idbs-dev.com	sets.json.11.dr	false		unknown
https://mercadolibre.cl	sets.json.11.dr	false		unknown
https://mercadopago.com.ar	sets.json.11.dr	false	URL Reputation: safe	unknown
https://mercadolibre.com.hn	sets.json.11.dr	false		unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_153.13.dr	false	URL Reputation: safe	unknown
https://linternaute.com	sets.json.11.dr	false		unknown
https://tucarro.com.co	sets.json.11.dr	false	URL Reputation: safe	unknown
https://landyrev.ru	sets.json.11.dr	false		unknown
https://terazgotuje.pl	sets.json.11.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.186.78	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
142.250.186.174	youtube.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
142.250.186.110	www3.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528477
Start date and time:	2024-10-08 00:02:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@52/37@12/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 39 Number of non-executed functions: 309
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.251.168.84, 142.250.186.46, 34.104.35.123, 172.217.18.3, 142.250.185.99, 142.250.186.138, 142.250.185.74, 216.58.206.42, 142.250.184.202, 142.250.184.234, 172.217.18.10, 142.250.185.106, 142.250.185.202, 142.250.185.234, 142.250.185.170, 172.217.16.202, 142.250.186.170, 172.217.23.106, 142.250.186.106, 216.58.206.74, 172.217.18.106, 216.58.212.138, 93.184.221.240, 192.229.221.95, 216.58.212.131, 173.194.76.84, 142.250.184.238
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	RemittanceDetails(Rjackson)CQDM.html	Get hash	malicious	HTMLPhisher	Browse
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==	Get hash	malicious	Unknown	Browse
	https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0	Get hash	malicious	Unknown	Browse
	https://login.stmarytx.edu/cas/logout?service=http%3A%2F%2Fgoogle.com%2Famp%2Fmatrikaengineeringworks.com/hebc/?#?m=bWVsaXNzYWdAd2Utd29ybGR3aWRlLmNvbQ==	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse
	L-tron_Payroll.docx	Get hash	malicious	Unknown	Browse
	https://communications-chamber-confidentiality-limitation.trycloudflare.com/spec/#bWNhcnR3cmlnaHRAY2hlbXVuZ2NhbmFsLmNvbQ==	Get hash	malicious	Unknown	Browse
	+18365366724753456-83736-10244688.html	Get hash	malicious	HTMLPhisher	Browse
	https://mailstat.us/tr/t/5w8u1qwlwl61e4h/1/https:/krediti.ca/#Y2FyYS5jJGNiZmxvb3JzaW5jLmNvbQ==	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	RemittanceDetails(Rjackson)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	PFW1cgN8EK.exe	Get hash	malicious	LummaC	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	https://url.avanan.click/v2/r01/___https://www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.ht.zpdzwq?v=frudxdBjlfmjfqymhfwj.ht.pjd.kwjsy___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpiNGZlZGFhNjcxOTBhYjU4MTE5MjBlZTRiYTAxZmUwMTo3OmIxYWM6MDg1ODNlNjljZDkwNThkM2ZiM2RjYTI4MzFjZGY4NGFmMTYyZTlhYmVjYWYxY2Q4MmNkZDhiNmFmOWVkOWUxOTpoOlQ6VA#Sm9hbi5LbmlwcGVuQEVsa2F5LkNvbQ==	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exe	Get hash	malicious	LummaC	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	utmggBCMML.exe	Get hash	malicious	LummaC	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	lihZ6gUU7V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	Bn7LPdQA1s.exe	Get hash	malicious	LummaC, Vidar	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	https://login.stmarytx.edu/cas/logout?service=http%3A%2F%2Fgoogle.com%2Famp%2Fmatrikaengineeringworks.com/hebc/?#?m=bWVsaXNzYWdAd2Utd29ybGR3aWRlLmNvbQ==	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50
	L-tron_Payroll.docx	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.60 20.12.23.50

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\ba39f3ed-e03d-4351-803a-cb86d0c978fe (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	6482
Entropy (8bit):	7.936064640963947
Encrypted:	false
SSDEEP:	192:cfxTTMoALWt8J9crwcPaHp8nBalWvTgINwoItPma9Yii:WxTTMut8JOrWp8n8KMINw7ma9YB
MD5:	45A44A890D8B31E3F6245F8B5A64FE86
SHA1:	2BF72986CE1630EFA81C027190535B43F8F576A4
SHA-256:	E1330A6C4191C77B8156F584D49439F29BA48BDCE981D8293A85B6D40FE0FF4D
SHA-512:	59E50385EB1AC72450258F5BEE1758E96169B437CD891164A8118919249214BA2A73B84674D88643BBA1A7BB428E26C6DE6ABB03500126FB9E1183048E8847B3
Malicious:	false
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<............y.x...2LP.n9O.y.$M..f..J....E../..b..=1n.9..&Z...A.h&1. ...'\|..{f..h../@.....6}L..^.k.k9.i..T.0...0.-:.N.\..O..J......y...t&.Z.]....-.%.J%...! o...jG ..7.p...!.=K..A"...../.....j=Sv....$.....t..........6.....I..$1.q..5..H....w.wDs.;......@.9.j...44&.<....5.7............:<.y.:....9V;.....O...c.q.]fC.3._..f........`,%oO........[&.L...$..xD.Ru......a.>I.B.....l..d....J...r..`......I.Rn\-_%-.#0...b]d...~4

C:\Users\user\Downloads\b4a58f00-5063-4b11-b0b5-34b2573cc445.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	6482
Entropy (8bit):	7.936064640963947
Encrypted:	false
SSDEEP:	192:cfxTTMoALWt8J9crwcPaHp8nBalWvTgINwoItPma9Yii:WxTTMut8JOrWp8n8KMINw7ma9YB
MD5:	45A44A890D8B31E3F6245F8B5A64FE86
SHA1:	2BF72986CE1630EFA81C027190535B43F8F576A4
SHA-256:	E1330A6C4191C77B8156F584D49439F29BA48BDCE981D8293A85B6D40FE0FF4D
SHA-512:	59E50385EB1AC72450258F5BEE1758E96169B437CD891164A8118919249214BA2A73B84674D88643BBA1A7BB428E26C6DE6ABB03500126FB9E1183048E8847B3
Malicious:	false
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<............y.x...2LP.n9O.y.$M..f..J....E../..b..=1n.9..&Z...A.h&1. ...'\|..{f..h../@.....6}L..^.k.k9.i..T.0...0.-:.N.\..O..J......y...t&.Z.]....-.%.J%...! o...jG ..7.p...!.=K..A"...../.....j=Sv....$.....t..........6.....I..$1.q..5..H....w.wDs.;......@.9.j...44&.<....5.7............:<.y.:....9V;.....O...c.q.]fC.3._..f........`,%oO........[&.L...$..xD.Ru......a.>I.B.....l..d....J...r..`......I.Rn\-_%-.#0...b]d...~4

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.021127689065198
Encrypted:	false
SSDEEP:	48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7
MD5:	68E6B5733E04AB7BF19699A84D8ABBC2
SHA1:	1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
SHA-256:	F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
SHA-512:	9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9159446964030753
Encrypted:	false
SSDEEP:	3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k
MD5:	CFB54589424206D0AE6437B5673F498D
SHA1:	D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
SHA-256:	285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
SHA-512:	70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
Malicious:	false
Preview:	1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.4533115571544695
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln
MD5:	C3419069A1C30140B77045ABA38F12CF
SHA1:	11920F0C1E55CADC7D2893D1EEBB268B3459762A
SHA-256:	DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
SHA-512:	C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
Malicious:	false
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9748
Entropy (8bit):	4.629326694042306
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq
MD5:	EEA4913A6625BEB838B3E4E79999B627
SHA1:	1B4966850F1B117041407413B70BFA925FD83703
SHA-256:	20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
SHA-512:	31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
Malicious:	false
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9211
Entropy (8bit):	5.393454943843583
Encrypted:	false
SSDEEP:	192:t7mFYxV97IeIa0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Ir2t+dEF1JlNg
MD5:	1848ADF9DF4F0B9EB4E56FFA23A16796
SHA1:	CC54EFA712F6F82DE0977905A5FFF1D1029B5BDF
SHA-256:	5A43C2FDD10E0D10637D203FAEA519F034A13303F0ED542408C558D727C1AA56
SHA-512:	AB63E6B3394B274C0546BBFF4444816CF79A4D892DE9BB7FBC7EEAFBE37A396F22278D5EDBA81DD19D28B9614AB0D83243E12B1F4322FE95E13FD7271CE05255
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4068
Entropy (8bit):	5.370430682968771
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTsw:3mTOImedWOVF6vtUJyA8xJZ
MD5:	AF3C2B50FABC8DDB5CDAEFFEA7878CB9
SHA1:	2D75D985CCE4453480787700B96B81809BB0DAEC
SHA-256:	3468FD73B47F212173B6C8B32DB6DD9F3348617BA4BFDC77A1939B1BB98A2438
SHA-512:	8CCD6C833BEAF40E0CD35F48E8BCE38CD8315B38C4A1EAFFE958A79D37A145FB16BB217A503C37F29A09949E837A4A5BBB1C96B1F4E8D1A66D3FCEB188EE17B9
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698854
Entropy (8bit):	5.5949878545992435
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJi9pZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiSU+
MD5:	16A9D8B7D80B923760B086BCBE3F98DE
SHA1:	DFCDCDCAC1E5D5148C61B0BF9ACAD1BF59011AA5
SHA-256:	404818CE1670AF132D3DD0E6A6AFFD2D2B23167CBDFBBFCB62D52AD36B164380
SHA-512:	11E6899995C67296B65FBEA94A2944B8C7AA49C3A11DC9A249C9D5BB4738CAD2FBF3FDECA306FCE1EB6ECF19794370B983BC87029B2EAB4C8C5FC32F8154A9B9
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGqcF1JyRErjAxv_amnGYgqlRhohw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.79285531568665
Encrypted:	false
SSDEEP:	6144:U5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:+OeKGSpgu/
MD5:	AF2F24CF00448CCDCEAF7AB0351AFE41
SHA1:	2189F4FC3711D05FEB5EE0E73B4C24C900F487CD
SHA-256:	A259A10517D736CCDF3AAFBDAECB55564E627A0E55AC609557427F7F31A40244
SHA-512:	6FF7AEC0D0E156321A32482F4A97576D2003AA980E58725282C8A421603DB7340B18C47C6C4A56BE86A8BA77D500BA97ABC3315539702AD182AD89546B75DE3B
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=5MFgKBmmEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlFonF9nvByb-WRNTYg3r4hrywUWLA/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1e4, 0x20469864, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.58383056123256
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	9fc1b0376a8aba2ff9fb5872400ae57f
SHA1:	6a45de509e3d8df50ded0d93b4901b4c7df20fa2
SHA256:	64e2fdeb459780d6aacaebbefd2a99c7210092d559038b90adc39664e1b6381c
SHA512:	ff8d01277bdeecc1f4e230a5d312f268c806f24cbb0203363a916e9e5d1deed25c0fc54ca17c7353d67283d984cc9e0a369aa5fa3a146995f882a9ba331dbf79
SSDEEP:	24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8a4eK:STvC/MTQYxsWR7a4
TLSH:	44159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67044ED9 [Mon Oct 7 21:12:57 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F3B1C4CB323h
jmp 00007F3B1C4CAC2Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F3B1C4CAE0Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F3B1C4CADDAh
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F3B1C4CD9CDh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F3B1C4CDA18h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F3B1C4CDA01h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	c6c1b68a32a2adb33bf6af84bbe8cf29	False	0.3167317708333333	data	5.33239614641708	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 00:03:04.039959908 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 8, 2024 00:03:04.254987001 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.255021095 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.255108118 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.255563021 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.255574942 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.255856037 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.255969048 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.256103039 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.256306887 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.256345987 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.869646072 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.869929075 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.869946003 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.870480061 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.870568991 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.871521950 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.871800900 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.872553110 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.872636080 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.872755051 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.872761011 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.872951984 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.873156071 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.873178959 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.873939991 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.874001026 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.874938011 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.874990940 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.875755072 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.875860929 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.914669991 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.930238008 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:04.930255890 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:04.977118969 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:05.148487091 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:05.148747921 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:05.148804903 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:05.187413931 CEST	49732	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:05.187432051 CEST	443	49732	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:05.221437931 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:05.221472025 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:05.221533060 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:05.221952915 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:05.221982002 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:05.833250046 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:05.833554029 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:05.833573103 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:05.834119081 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:05.834173918 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:05.835115910 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:05.835167885 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:05.836445093 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:05.836525917 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:05.836641073 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:05.836649895 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:05.882941008 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:06.744776011 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:06.744791985 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:06.744842052 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:06.744856119 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:06.745105028 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:06.747592926 CEST	49737	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:06.747615099 CEST	443	49737	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:08.362267971 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:08.362370014 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:08.362463951 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:08.362663031 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:08.362699986 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:08.431670904 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:08.431740999 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:08.431828976 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:08.433516026 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:08.433535099 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:09.056633949 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:09.057171106 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:09.057220936 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:09.058099985 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:09.058192015 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:09.059461117 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:09.059520960 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:09.099021912 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:09.099035978 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:09.145860910 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:11.474984884 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:11.475234032 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.483632088 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.483680010 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:11.484050035 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:11.536032915 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.540823936 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.587404966 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:11.721534967 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:11.721693039 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:11.721893072 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.721893072 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.721893072 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.762502909 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.762543917 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:11.762644053 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.762892962 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:11.762909889 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.023901939 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:12.023983955 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.386620045 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.386727095 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:12.388041973 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:12.388070107 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.388468027 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.389595032 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:12.435403109 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.643416882 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.643553019 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.643620968 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:12.644166946 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:12.644191980 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:12.644201994 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 8, 2024 00:03:12.644207954 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 8, 2024 00:03:13.984338045 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:13.984376907 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:13.984441996 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:13.984936953 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:13.984951973 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.585414886 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.608580112 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.608603954 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.609173059 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.609230995 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.610172987 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.610219002 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.619735956 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.619817972 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.620122910 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.620138884 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.666234970 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.894625902 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.894685984 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.894728899 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.894850969 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.894851923 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.894867897 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.900862932 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.900919914 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.900928020 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.906183004 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.906224012 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.906246901 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.906255007 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.906296015 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.912260056 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.912322044 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.917929888 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.918005943 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.918059111 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.918116093 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.977125883 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.977207899 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.977289915 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.977298021 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.977344036 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.979513884 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.979581118 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.985258102 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.985332966 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.985490084 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.985538960 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.991513014 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.991580963 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.995378017 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:14.995429993 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:14.995487928 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:14.995712042 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:14.995729923 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:14.997304916 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:14.997369051 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:14.997376919 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:15.003690004 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:15.003745079 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:15.003753901 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:15.009958982 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:15.010016918 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:15.010024071 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:15.010099888 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:15.010145903 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:15.010318995 CEST	49757	443	192.168.2.4	142.250.186.110
Oct 8, 2024 00:03:15.010333061 CEST	443	49757	142.250.186.110	192.168.2.4
Oct 8, 2024 00:03:15.063335896 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.063373089 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.063453913 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.063721895 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.063735962 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.684083939 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.684463024 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.684472084 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.684981108 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.685157061 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.686016083 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.686084032 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.687771082 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.687849045 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.688011885 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.702653885 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.704428911 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.704453945 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.704957008 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.705104113 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.705957890 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.706043005 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.706157923 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.706234932 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.706301928 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.732794046 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.732801914 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.748262882 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.748272896 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.779019117 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.794326067 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.991889000 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.992567062 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.992628098 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.993604898 CEST	49761	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.993619919 CEST	443	49761	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.994695902 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.994751930 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:15.994910955 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.995157003 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:15.995183945 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.461438894 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.461824894 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.461880922 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.462208986 CEST	49763	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.462222099 CEST	443	49763	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.463660002 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.463763952 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.463838100 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.464204073 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.464243889 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.600810051 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.601070881 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.601098061 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.601459980 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.601521969 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.602075100 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.602165937 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.602530956 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.602585077 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.602874041 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.602886915 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.603121042 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.647406101 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.775245905 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:16.775295019 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:16.775402069 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:16.793190956 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:16.793220043 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:16.840708971 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:16.883428097 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:16.897242069 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.898827076 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:16.898894072 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.901300907 CEST	49766	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:16.901324034 CEST	443	49766	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.078520060 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.084614038 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.084667921 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.085216045 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.085289955 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.086220026 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.086272001 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.087528944 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.087614059 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.090173960 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.090198040 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.090234995 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.094327927 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:17.094496012 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:17.094520092 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:17.094540119 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:17.094578981 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:17.094604015 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:17.094631910 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:17.094744921 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:17.094800949 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:17.110443115 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:03:17.110476971 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 8, 2024 00:03:17.134035110 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.134098053 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.298361063 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.299380064 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.299434900 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.300348043 CEST	49769	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:17.300395012 CEST	443	49769	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:17.372473001 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:17.372546911 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:17.375240088 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:17.375253916 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:17.375586987 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:17.415146112 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:18.060395002 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:18.107402086 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.243545055 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.243618011 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.243639946 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.243683100 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.243689060 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:18.243726015 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.243750095 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.243782043 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:18.243782043 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:18.243782043 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:18.243818045 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:18.244519949 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.244602919 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:18.244618893 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.244731903 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:18.244786024 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:19.159482956 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:19.159539938 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:19.159573078 CEST	49770	443	192.168.2.4	20.12.23.50
Oct 8, 2024 00:03:19.159595013 CEST	443	49770	20.12.23.50	192.168.2.4
Oct 8, 2024 00:03:23.121681929 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:23.121718884 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:23.121792078 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:23.122143984 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:23.122159958 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:23.725652933 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:23.725836992 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:23.725855112 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:23.726372957 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:23.726628065 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:23.726710081 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:23.726731062 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:23.726748943 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:23.726761103 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:23.778429985 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:24.042272091 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:24.043560982 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:24.043617964 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:24.044660091 CEST	49782	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:24.044677019 CEST	443	49782	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:45.917897940 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:45.917993069 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:45.918076992 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:45.918479919 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:45.918517113 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:46.572139025 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:46.572432995 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:46.572478056 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:46.573729038 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:46.574096918 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:46.574270964 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:46.574285984 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:46.574292898 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:46.574395895 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:46.616750002 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:46.861118078 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:46.861392975 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:46.861567020 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:46.861862898 CEST	49783	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:46.861896038 CEST	443	49783	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.275702000 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.275752068 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.275825024 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.276099920 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.276113987 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.384731054 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.384776115 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.385170937 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.385385990 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.385418892 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.920806885 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.921883106 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.921917915 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.923146963 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.923463106 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.923604965 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.923609018 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.923616886 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:47.923635006 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:47.976990938 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.056473970 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.056782961 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.056814909 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.057558060 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.057898045 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.057940960 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.057940960 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.057959080 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.058146000 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.104532957 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.214514971 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.215339899 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.215398073 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.215526104 CEST	49784	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.215538979 CEST	443	49784	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.346854925 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.347281933 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:48.347357988 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.347656012 CEST	49785	443	192.168.2.4	142.250.186.78
Oct 8, 2024 00:03:48.347672939 CEST	443	49785	142.250.186.78	192.168.2.4
Oct 8, 2024 00:03:49.930906057 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:03:49.930964947 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:03:55.968189955 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:55.968236923 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:55.968466043 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:55.968854904 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:55.968897104 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:56.434366941 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:56.434391975 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:56.434462070 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:56.434808016 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:56.434819937 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:56.751622915 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:56.751866102 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:56.755629063 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:56.755636930 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:56.755996943 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:56.764251947 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:56.807400942 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.084491968 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.084587097 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.085144043 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.085180998 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.085200071 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.085228920 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:57.085237026 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.085262060 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:57.085280895 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:57.086296082 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.086333036 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.086357117 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:57.086361885 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.086425066 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.086455107 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:57.086464882 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:57.088709116 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.088737011 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.089112997 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.102682114 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:57.102693081 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.102724075 CEST	49786	443	192.168.2.4	4.175.87.197
Oct 8, 2024 00:03:57.102727890 CEST	443	49786	4.175.87.197	192.168.2.4
Oct 8, 2024 00:03:57.106550932 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.151407957 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.204907894 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.205014944 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.205060959 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.205087900 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.205121994 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.205138922 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.205193996 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.283083916 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.283137083 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.283164978 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.283183098 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.283209085 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.283229113 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.287345886 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.287424088 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.287456989 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.287470102 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.287496090 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.287519932 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.365044117 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.365083933 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.365137100 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.365150928 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.365180016 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.365214109 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.365755081 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.365797997 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.365832090 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.365842104 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.365869045 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.365885973 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.368484974 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.368577957 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.368621111 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.368632078 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.368659973 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.368676901 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.370687962 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.370729923 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.370758057 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.370769024 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.370794058 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.370811939 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.447864056 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.447920084 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.448019028 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.448055029 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.448081017 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.448102951 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.448196888 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.448249102 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.448273897 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.448292017 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.448317051 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.448344946 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.448467016 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.448512077 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.448535919 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.448551893 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.448571920 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.448594093 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.449244976 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.449285030 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.449321032 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.449331999 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.449382067 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.449382067 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.449645996 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.449759960 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.449815035 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.450328112 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.450351000 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.483702898 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.483746052 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.483958960 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.484524012 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.484565973 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.484622955 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.484798908 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.484842062 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.485393047 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.485403061 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.485457897 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.485553026 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.485559940 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.486815929 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.486845016 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.486900091 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.487283945 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.487325907 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.487381935 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.487407923 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.487421036 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.487498999 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.487514019 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:57.487576008 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:57.487593889 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.095560074 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.096158028 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.096223116 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.096817017 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.096828938 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.099085093 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.099350929 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.099397898 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.099828959 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.099848986 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.102066040 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.103497028 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.103538036 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.103876114 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.103885889 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.107204914 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.107531071 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.107880116 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.107913971 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.108048916 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.108076096 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.108249903 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.108261108 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.108614922 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.108620882 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.191610098 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.191639900 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.191716909 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.191720963 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.191951036 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.192008018 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.192053080 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.192090034 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.192106009 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.195301056 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.195400953 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.198527098 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.198584080 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.198652029 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.198674917 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.198702097 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.198728085 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.198743105 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.198826075 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.198959112 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.198972940 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.199050903 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.199070930 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.199081898 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.199090004 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.200550079 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.201235056 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.201313019 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.201464891 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.201483011 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.201522112 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.201529026 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.201894999 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.201911926 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.202121973 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.202231884 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.202286959 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.202338934 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.202377081 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.202382088 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.202543974 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.202553988 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.202567101 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.202573061 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.203520060 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.203576088 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.203641891 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.203660011 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.203704119 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.203936100 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.203967094 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.203979015 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.204020023 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.204180002 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.204195976 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.204225063 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.204233885 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.204248905 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.204256058 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.204534054 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.204555988 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.206515074 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.206547976 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.206588984 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.206660986 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.206688881 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.206698895 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.206825972 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.206860065 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.730829000 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.733267069 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.733272076 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.733715057 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.733716965 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.818451881 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.824537039 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.824601889 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.825839043 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.826670885 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.826730967 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.826780081 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.828977108 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.830157042 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.830168009 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.833916903 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.833936930 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.834259987 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.834266901 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.838161945 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.838179111 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.845628977 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.845638037 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.845824957 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.845849037 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.845861912 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.845866919 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.847410917 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.849853039 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.849920034 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.850189924 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.850205898 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.851835012 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.851900101 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.851973057 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.852078915 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.852112055 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.922059059 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.922209978 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.922306061 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.925071001 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.925096989 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.925111055 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.925117970 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.925800085 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.925967932 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.926022053 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.926593065 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.926604986 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.926637888 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.926645041 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.930810928 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.930833101 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.930896044 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.931587934 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.931651115 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.931708097 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.931821108 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.931833029 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.932106972 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.932126045 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.938844919 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.938994884 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.939053059 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.939094067 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.939104080 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.939115047 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.939120054 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.941098928 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.941184998 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.941251040 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.941387892 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.941426039 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.945772886 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.945924997 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.945992947 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.946080923 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.946080923 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.946126938 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.946155071 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.948445082 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.948467016 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:58.948533058 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.948657036 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:58.948681116 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.477051020 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.477627993 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.477720022 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.478107929 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.478122950 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.543667078 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.544085979 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.544095039 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.544476032 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.544478893 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.565504074 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.565840006 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.565880060 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.566186905 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.566194057 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.576258898 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.576301098 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.576412916 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.576565027 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.576565027 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.576615095 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.576643944 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.579102039 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.579144955 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.579225063 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.579364061 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.579370975 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.588067055 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.588360071 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.588406086 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.588792086 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.588819027 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.588942051 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.589153051 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.589160919 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.589433908 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.589440107 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.648902893 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.649066925 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.649136066 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.649194002 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.649207115 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.649219990 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.649224043 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.652324915 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.652431965 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.652515888 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.652620077 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.652640104 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.670561075 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.670892954 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.670980930 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.670980930 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.671022892 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.671040058 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.672827005 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.672911882 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.672992945 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.673326015 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.673361063 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.688277960 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.688447952 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.688508034 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.688546896 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.688546896 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.688565969 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.688580036 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.688702106 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.688765049 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.688810110 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.688838005 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.688855886 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.688868999 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.688875914 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.690762997 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.690848112 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.690931082 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.691037893 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.691057920 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.691309929 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.691344023 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:03:59.691417933 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.691488981 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:03:59.691509962 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.229315042 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.232812881 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.232836008 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.233225107 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.233232021 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.237359047 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.240653038 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.240731001 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.241014004 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.241028070 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.265525103 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.265847921 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.265918970 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.266169071 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.266186953 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.283885002 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.285161018 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.285247087 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.287918091 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.287972927 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.315747023 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.316606998 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.316653967 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.316952944 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.316963911 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.334666967 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.334714890 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.334774971 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.334937096 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.334964991 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.334979057 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.334986925 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.336390972 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.336545944 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.336616039 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.337280035 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.337301970 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.337302923 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.337346077 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.337376118 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.337393999 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.338867903 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.338886023 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.338916063 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.338941097 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.339006901 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.339027882 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.339073896 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.339077950 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.364264965 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.364423037 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.365073919 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.365195990 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.365195990 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.365228891 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.365252972 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.366692066 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.366710901 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.366775990 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.366909027 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.366915941 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.378942013 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.379084110 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.379169941 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.379237890 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.379237890 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.379266977 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.379292965 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.380893946 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.380961895 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.381031990 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.381160975 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.381189108 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.411509991 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.411679029 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.411746979 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.411788940 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.411806107 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.411828995 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.411843061 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.413405895 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.413490057 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.413569927 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.413670063 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.413691044 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.949351072 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.957448006 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.957467079 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.957886934 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.957905054 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.978796959 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.987379074 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.987406015 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:00.987818003 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:00.987837076 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.022690058 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.023974895 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.024043083 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.024713039 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.024728060 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.047772884 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.048291922 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.048329115 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.049026012 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.049068928 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.049107075 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.050772905 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.050785065 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.050976038 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.050987005 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.050997019 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.051001072 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.053145885 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.053179979 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.053251982 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.053354025 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.053369999 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.080421925 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.080580950 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.080725908 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.085284948 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.085294962 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.085304976 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.085309982 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.088309050 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.088320971 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.088391066 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.088504076 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.088510036 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.131169081 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.131323099 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.131521940 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.145636082 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.145787001 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.145989895 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.151249886 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.151249886 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.151333094 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.151371002 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.154139042 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.154191971 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.154222965 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.154238939 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.156512976 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.156562090 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.156656981 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.156699896 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.156701088 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.156753063 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.156837940 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.156855106 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.156969070 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.156979084 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.679073095 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.680056095 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.680085897 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.680408955 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.680438042 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.774462938 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.775029898 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.775059938 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.775433064 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.775440931 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.788316011 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.788779974 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.788847923 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.790117979 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.790132999 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.808656931 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.808696985 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.808849096 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.809182882 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.809218884 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.809237003 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.809246063 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.811501980 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.811594009 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.811678886 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.811780930 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.811799049 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.903088093 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.903512001 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.903570890 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.903915882 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.903932095 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.923155069 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.923249006 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.923322916 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.923466921 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.923468113 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.923515081 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.923542976 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.925661087 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.925827980 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.925878048 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.926035881 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.926054001 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.926065922 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.926073074 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.926255941 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.926311016 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.926372051 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.926609993 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.926631927 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.928277016 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.928340912 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:01.928419113 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.928601027 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:01.928622961 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.001231909 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.001384974 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.001465082 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.001465082 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.001465082 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.003626108 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.003710032 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.003786087 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.003921986 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.003951073 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.305093050 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.305140972 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.535825968 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.536236048 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.536300898 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.536649942 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.536662102 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.606065989 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.606483936 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.606551886 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.606862068 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.606874943 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.644583941 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.645076036 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.645148039 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.645299911 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.645317078 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.693067074 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.693816900 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.693857908 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.694061995 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.694088936 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.704947948 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.705115080 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.705301046 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.705465078 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.705465078 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.705513000 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.705547094 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.707855940 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.707906961 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.707964897 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.707983017 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.708023071 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.708081961 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.708085060 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.708085060 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.708110094 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.708132982 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.708234072 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.708245993 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.709870100 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.709878922 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.709942102 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.710055113 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.710067987 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.751106024 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.751269102 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.751337051 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.751435041 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.751435041 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.751466990 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.751492023 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.753608942 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.753642082 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.753710032 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.753823042 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.753840923 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.792402029 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.792556047 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.792617083 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.792644978 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.792660952 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.792673111 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.792679071 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.794475079 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.794498920 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:02.794568062 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.794676065 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:02.794686079 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.334392071 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.334840059 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.334865093 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.335351944 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.335357904 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.362582922 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.362976074 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.362984896 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.363368034 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.363373995 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.379973888 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.380295038 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.380311966 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.380630016 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.380635977 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.458010912 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.458463907 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.458502054 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.458940029 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.458966970 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.681081057 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.681133032 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.681138992 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.681217909 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.681225061 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.681296110 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.681358099 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.681391001 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.681431055 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.686814070 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.710625887 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.710690975 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.716726065 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.716742039 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.722661018 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.722683907 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.722695112 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.722698927 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.737154007 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.737195969 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.737216949 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.737224102 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.774318933 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.774492979 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.774671078 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.796992064 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.797009945 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.797020912 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.797024965 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.815046072 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.815201998 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.815402031 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.815768957 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.815819979 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.815853119 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.815869093 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.853117943 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.853117943 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.853184938 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.853219986 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.859199047 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.859246016 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.859298944 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.859929085 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.859947920 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.860902071 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.860951900 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.861021042 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.861140966 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.861162901 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.862078905 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862164974 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.862241030 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862314939 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862416029 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862420082 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.862451077 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.862499952 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862576008 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862607956 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.862729073 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862750053 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:03.862804890 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862898111 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:03.862912893 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.496231079 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.496803045 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.496843100 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.497222900 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.497235060 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.498778105 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.499419928 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.500530005 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.500585079 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.500591993 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.500893116 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.500905991 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.501286983 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.501360893 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.501576900 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.501590967 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.501786947 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.501821995 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.502084017 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.502095938 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.510936022 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.511555910 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.511575937 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.511904001 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.511909008 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.591840029 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.591880083 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.592055082 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.592334032 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.592334032 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.592375994 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.592403889 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.594022989 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.594180107 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.594257116 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.594335079 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.594335079 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.594378948 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.594408035 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.594917059 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.594959021 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.595040083 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.595169067 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.595197916 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.595479965 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.595630884 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.595769882 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.595769882 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.595846891 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.595884085 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.596194029 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.596287966 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.596369982 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.596468925 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.596492052 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.597434998 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.597476959 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.597548008 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.597670078 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.597683907 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.597683907 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.597836971 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.597884893 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.597909927 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.597914934 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.597924948 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.597930908 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.599495888 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.599507093 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.599574089 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.599687099 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.599699974 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.609849930 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.609988928 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.610044956 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.610085011 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.610085011 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.610097885 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.610105991 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.611875057 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.611901045 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:04.611982107 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.612096071 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:04.612123013 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.198854923 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.199368000 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.199436903 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.199784040 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.199801922 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.219949007 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.220716000 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.220782042 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.220998049 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.221013069 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.227154016 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.227351904 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.227474928 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.227497101 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.227793932 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.227807999 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.227830887 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.227835894 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.228173018 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.228177071 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.252473116 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.252762079 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.252783060 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.253088951 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.253102064 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.294150114 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.294187069 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.294307947 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.294418097 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.294418097 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.294451952 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.294476032 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.296930075 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.297024965 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.297116995 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.297224045 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.297247887 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.315356970 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.315531969 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.315588951 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.315665007 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.315665007 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.315707922 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.315733910 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.317533016 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.317548037 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.317802906 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.317933083 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.317943096 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.322304964 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.322446108 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.322499037 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.322571993 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.322586060 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.322597027 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.322607040 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.322689056 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.322758913 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.322809935 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.322900057 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.322907925 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.322920084 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.322923899 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.325090885 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.325098038 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.325146914 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.325287104 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.325292110 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.325556993 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.325647116 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.325721025 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.325809002 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.325834990 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.350291014 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.350425959 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.350517035 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.350558043 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.350558043 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.350578070 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.350600004 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.352545977 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.352621078 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.352695942 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.352827072 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.352863073 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.719742060 CEST	49456	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:05.724733114 CEST	53	49456	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:05.727545023 CEST	49456	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:05.727545023 CEST	49456	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:05.732367992 CEST	53	49456	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:05.930880070 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.931381941 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.931415081 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.931802988 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.931809902 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.940540075 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.944751978 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.944834948 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.945024967 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.945039988 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.969425917 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.972151995 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.972471952 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.972491026 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.972816944 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.972822905 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.973120928 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.973184109 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.973294020 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.973309994 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.978458881 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.979672909 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.979738951 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:05.980021000 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:05.980035067 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.026371002 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.026432991 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.026573896 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.026922941 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.026932955 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.026942968 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.026947975 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.029309034 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.029323101 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.029484987 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.029748917 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.029753923 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.045070887 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.045253038 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.045562029 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.049458981 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.049458981 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.049513102 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.049540997 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.063325882 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.063348055 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.063604116 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.070169926 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.070313931 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.070466995 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.070802927 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.070997953 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.071181059 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.076240063 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.076389074 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.076466084 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.114109993 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.114121914 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.114329100 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.114329100 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.114397049 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.114427090 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.141056061 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.141079903 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.154275894 CEST	53	49456	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:06.169281960 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.169282913 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.169370890 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.169472933 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.194694996 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.194803953 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.194916010 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.195641041 CEST	49456	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:06.243141890 CEST	49456	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:06.248236895 CEST	53	49456	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:06.249985933 CEST	49456	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:06.250957012 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.250998020 CEST	443	49461	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.251111031 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.251451015 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.251499891 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.252301931 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.252319098 CEST	443	49461	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.252861023 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.252871037 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.253150940 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.253339052 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.253350973 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.638293982 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.638838053 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.638851881 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.639481068 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.639487028 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.735865116 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.735903025 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.735946894 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.736129999 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.736140966 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.736150026 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.736154079 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.739047050 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.739101887 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.739188910 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.739337921 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.739346981 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.754512072 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.755026102 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.755047083 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.755621910 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.755626917 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.848735094 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.848893881 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.849029064 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.849029064 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.849029064 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.851639986 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.851728916 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.851830006 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.851946115 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.851964951 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.861736059 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.862076998 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.862106085 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.862648010 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.862675905 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.877563000 CEST	443	49461	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.877887964 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.877907991 CEST	443	49461	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.878412008 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.878417969 CEST	443	49461	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.894212008 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.894606113 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.894692898 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.894820929 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.894838095 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.955708981 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.955866098 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.955924988 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.956056118 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.956072092 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.956084013 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.956089973 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.959206104 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.959299088 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:06.959413052 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.959580898 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:06.959615946 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.009799004 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.009963036 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.010219097 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.010220051 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.010220051 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.012005091 CEST	443	49461	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.012159109 CEST	443	49461	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.012319088 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.012319088 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.012319088 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.012814999 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.012840033 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.012916088 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.013077021 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.013104916 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.013998985 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.014085054 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.014154911 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.014285088 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.014319897 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.163832903 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.163844109 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.320152044 CEST	49461	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.320168018 CEST	443	49461	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.320238113 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.320312977 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.356511116 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.357084990 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.357175112 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.357789993 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.357809067 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.451976061 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.452054977 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.452177048 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.452337980 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.452337980 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.452383995 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.452414989 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.454634905 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.454662085 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.454741955 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.454849958 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.454854965 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.504106045 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.504549980 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.504614115 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.505141020 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.505157948 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.585712910 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.586460114 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.586504936 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.587013006 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.587025881 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.603682995 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.603815079 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.603893995 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.603979111 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.603979111 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.604021072 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.604048014 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.606884003 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.606923103 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.607001066 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.607141972 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.607148886 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.649413109 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.649772882 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.649820089 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.649837017 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.650074005 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.650130987 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.650449991 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.650461912 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.650552988 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.650579929 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.699966908 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.700129986 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.700211048 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.700269938 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.700304031 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.700330019 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.700345039 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.703290939 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.703311920 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.703387022 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.703629971 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.703649044 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.745794058 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.745935917 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.746009111 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.746068954 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.746068954 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.746098042 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.746121883 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.748334885 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.748364925 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.748446941 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.748574018 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.748579979 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.751135111 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.751302958 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.751363039 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.751424074 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.751424074 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.751441956 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.751461983 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.753667116 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.753752947 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:07.753848076 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.753969908 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:07.753988981 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.004955053 CEST	49291	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:08.009869099 CEST	53	49291	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:08.010685921 CEST	49291	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:08.010719061 CEST	49291	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:08.015726089 CEST	53	49291	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:08.101881027 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.103035927 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.103058100 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.104444027 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.104451895 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.203654051 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.203715086 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.203778028 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.203959942 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.203974009 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.203989029 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.203995943 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.206655979 CEST	49292	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.206682920 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.206758022 CEST	49292	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.206928968 CEST	49292	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.206938028 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.267498016 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.270832062 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.270848989 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.271164894 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.271184921 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.346436977 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.347727060 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.347740889 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.348318100 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.348326921 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.366753101 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.366918087 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.367033958 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.367204905 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.367223978 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.367239952 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.367245913 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.369652987 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.370049953 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.370086908 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.370601892 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.370611906 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.370690107 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.370789051 CEST	443	49293	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.374656916 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.374806881 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.374826908 CEST	443	49293	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.395327091 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.398718119 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.398746014 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.399147987 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.399156094 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.403702974 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:04:08.403919935 CEST	443	49733	142.250.186.174	192.168.2.4
Oct 8, 2024 00:04:08.404000998 CEST	49733	443	192.168.2.4	142.250.186.174
Oct 8, 2024 00:04:08.404067039 CEST	49294	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:04:08.404110909 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:08.406651974 CEST	49294	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:04:08.406927109 CEST	49294	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:04:08.406944036 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:08.615277052 CEST	53	49291	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:08.615484953 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.615525007 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.615609884 CEST	49291	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:08.615783930 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.615868092 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.615906000 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.615961075 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.615986109 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.616010904 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.616115093 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.618303061 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.618303061 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.618304014 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.619899988 CEST	49296	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.619986057 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.620078087 CEST	49296	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.620821953 CEST	49297	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.620884895 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.620987892 CEST	49296	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.621017933 CEST	49297	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.621021986 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.621186018 CEST	49297	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.621220112 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.622663975 CEST	53	49291	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:08.622726917 CEST	49291	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:08.707993984 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.708604097 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.708659887 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.708698988 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.708719015 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.708731890 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.708739042 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.711016893 CEST	49298	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.711069107 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.711163998 CEST	49298	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.711451054 CEST	49298	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.711477995 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:08.930345058 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:08.930366993 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.003345966 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.003947973 CEST	49292	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.003983974 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.004297018 CEST	49292	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.004307032 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.129087925 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.129174948 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.129225016 CEST	49292	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.129340887 CEST	49292	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.129354000 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.129369974 CEST	49292	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.129375935 CEST	443	49292	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.131809950 CEST	49299	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.131895065 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.131973982 CEST	49299	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.132114887 CEST	49299	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.132137060 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.197154999 CEST	443	49293	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.197602987 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.197638988 CEST	443	49293	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.197926998 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.197933912 CEST	443	49293	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.225438118 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.225593090 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:09.225776911 CEST	49296	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.225836039 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.225907087 CEST	49294	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:04:09.225936890 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:09.226176023 CEST	49296	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.226190090 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.227054119 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:09.227412939 CEST	49294	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:04:09.227606058 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:09.275444984 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.275784016 CEST	49297	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.275847912 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.276478052 CEST	49294	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:04:09.276484966 CEST	49297	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.276499987 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.294725895 CEST	443	49293	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.294866085 CEST	443	49293	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.295006990 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.295006990 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.295006990 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.297328949 CEST	49300	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.297354937 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.297427893 CEST	49300	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.297537088 CEST	49300	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.297545910 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.320410967 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.320533037 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.320596933 CEST	49296	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.321188927 CEST	49296	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.321188927 CEST	49296	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.321232080 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.321258068 CEST	443	49296	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.324153900 CEST	49301	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.324193001 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.324331045 CEST	49301	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.324521065 CEST	49301	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.324539900 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.349303961 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.349797964 CEST	49298	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.349852085 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.350270033 CEST	49298	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.350281000 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.373415947 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.373570919 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.373631954 CEST	49297	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.373681068 CEST	49297	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.373682022 CEST	49297	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.373713970 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.373738050 CEST	443	49297	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.376338959 CEST	49302	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.376373053 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.377731085 CEST	49302	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.377731085 CEST	49302	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.377768993 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.449326038 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.449481010 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.449543953 CEST	49298	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.449575901 CEST	49298	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.449595928 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.449618101 CEST	49298	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.449630976 CEST	443	49298	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.451613903 CEST	49303	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.451653957 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.451745033 CEST	49303	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.453701973 CEST	49303	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.453717947 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.602535963 CEST	49293	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.602602005 CEST	443	49293	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.792256117 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.793608904 CEST	49299	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.793684959 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.794028044 CEST	49299	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.794043064 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.893531084 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.893594027 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.893656015 CEST	49299	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.893903971 CEST	49299	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.893903971 CEST	49299	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.893946886 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.893973112 CEST	443	49299	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.896678925 CEST	49304	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.896748066 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.896825075 CEST	49304	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.896961927 CEST	49304	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.896979094 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.907274961 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.907689095 CEST	49300	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.907721043 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.908305883 CEST	49300	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.908315897 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.933964968 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.935411930 CEST	49301	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.935411930 CEST	49301	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.935446024 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.935465097 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.994229078 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.994560957 CEST	49302	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.994580030 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:09.995090008 CEST	49302	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:09.995096922 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.009361982 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.009497881 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.009545088 CEST	49300	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.009882927 CEST	49300	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.009896994 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.009917974 CEST	49300	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.009923935 CEST	443	49300	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.012279987 CEST	49305	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.012315989 CEST	443	49305	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.012389898 CEST	49305	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.012496948 CEST	49305	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.012505054 CEST	443	49305	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.029740095 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.029778957 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.029881001 CEST	49301	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.029937983 CEST	49301	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.029937983 CEST	49301	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.029956102 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.029968023 CEST	443	49301	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.031600952 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.031615973 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.031678915 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.031763077 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.031769991 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.071455956 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.071846962 CEST	49303	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.071873903 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.072273016 CEST	49303	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.072279930 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.166435957 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.166480064 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.166538000 CEST	49303	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.166557074 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.166590929 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.166740894 CEST	49303	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.181073904 CEST	49303	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.181093931 CEST	443	49303	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.184606075 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.184705019 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.184782028 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.184967041 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.185003996 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.515430927 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.524327993 CEST	49304	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.524404049 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.524638891 CEST	49304	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.524652004 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.620836020 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.620904922 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.621083021 CEST	49304	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.629261971 CEST	49304	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.629261971 CEST	49304	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.629312038 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.629340887 CEST	443	49304	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.663999081 CEST	443	49305	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.664215088 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.681483030 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.681580067 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.681662083 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.687463045 CEST	49305	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.687479019 CEST	443	49305	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.694063902 CEST	49305	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.694092989 CEST	443	49305	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.694154024 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.694164038 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.694576025 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.694580078 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.695478916 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.695518017 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.785651922 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.785672903 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.786019087 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.786041975 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.786087036 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.786295891 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.786328077 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.786364079 CEST	49306	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.786372900 CEST	443	49306	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.788820982 CEST	49309	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.788861990 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.789004087 CEST	49309	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.789155960 CEST	49309	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.789164066 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.806394100 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.806802988 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.806860924 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.807235003 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.807248116 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.854161978 CEST	443	49305	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.854232073 CEST	443	49305	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.854578018 CEST	49305	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.854578018 CEST	49305	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.856456041 CEST	49310	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.856489897 CEST	49305	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.856496096 CEST	443	49310	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.856522083 CEST	443	49305	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.856709003 CEST	49310	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.856761932 CEST	49310	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.856776953 CEST	443	49310	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.900880098 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.900937080 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.901031017 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.901051044 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.901110888 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.901115894 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.901169062 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.901207924 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.901236057 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.901282072 CEST	49307	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.901297092 CEST	443	49307	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.902955055 CEST	49311	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.903044939 CEST	443	49311	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:10.903124094 CEST	49311	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.903244972 CEST	49311	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:10.903264046 CEST	443	49311	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.312643051 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.313688993 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.313754082 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.313996077 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.314012051 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.393181086 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.393847942 CEST	49309	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.393888950 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.394268990 CEST	49309	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.394275904 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.409136057 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.409158945 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.409210920 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.409353971 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.409354925 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.409456968 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.409456968 CEST	49308	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.409504890 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.409539938 CEST	443	49308	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.411827087 CEST	49312	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.411880016 CEST	443	49312	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.411958933 CEST	49312	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.412082911 CEST	49312	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.412101030 CEST	443	49312	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.489231110 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.489264011 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.489403009 CEST	49309	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.489881039 CEST	49309	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.489902020 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.489917040 CEST	49309	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.489923954 CEST	443	49309	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.492686987 CEST	49313	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.492707014 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.492775917 CEST	49313	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.492887020 CEST	49313	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.492892981 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.496928930 CEST	443	49310	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.497613907 CEST	49310	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.497622967 CEST	443	49310	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.498013020 CEST	49310	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.498020887 CEST	443	49310	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.509319067 CEST	443	49311	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.509731054 CEST	49311	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.509819984 CEST	443	49311	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.510015011 CEST	49311	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.510029078 CEST	443	49311	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.599555016 CEST	443	49310	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.599694014 CEST	443	49310	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.599993944 CEST	49310	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.599993944 CEST	49310	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.600436926 CEST	49310	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.600466013 CEST	443	49310	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.602281094 CEST	49314	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.602303982 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.602374077 CEST	49314	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.602473974 CEST	49314	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.602482080 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.605074883 CEST	443	49311	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.605426073 CEST	443	49311	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.605504990 CEST	49311	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.605504990 CEST	49311	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.605597019 CEST	49311	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.605637074 CEST	443	49311	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.607244968 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.607295036 CEST	443	49315	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:11.607374907 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.607485056 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:11.607518911 CEST	443	49315	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.019937992 CEST	443	49312	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.020380974 CEST	49312	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.020421028 CEST	443	49312	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.020778894 CEST	49312	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.020792007 CEST	443	49312	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.104679108 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.105597973 CEST	49313	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.105633020 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.106090069 CEST	49313	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.106096029 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.137245893 CEST	443	49312	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.137798071 CEST	443	49312	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.137876987 CEST	49312	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.137876987 CEST	49312	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.137985945 CEST	49312	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.138025999 CEST	443	49312	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.140430927 CEST	49316	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.140499115 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.140573025 CEST	49316	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.140693903 CEST	49316	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.140705109 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.168935061 CEST	443	49315	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.169255972 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.169298887 CEST	443	49315	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.169570923 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.169584036 CEST	443	49315	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.200604916 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.200671911 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.200732946 CEST	49313	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.200825930 CEST	49313	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.200844049 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.200855970 CEST	49313	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.200862885 CEST	443	49313	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.202603102 CEST	49317	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.202621937 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.202694893 CEST	49317	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.202783108 CEST	49317	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.202788115 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.248684883 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.249011040 CEST	49314	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.249031067 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.249336004 CEST	49314	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.249344110 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.266355991 CEST	443	49315	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.266397953 CEST	443	49315	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.266685963 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.266686916 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.266686916 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.268253088 CEST	49318	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.268261909 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.268335104 CEST	49318	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.268418074 CEST	49318	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.268420935 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.346177101 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.346681118 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.346771002 CEST	49314	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.346801043 CEST	49314	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.346812010 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.346822023 CEST	49314	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.346827030 CEST	443	49314	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.348581076 CEST	49319	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.348650932 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.348728895 CEST	49319	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.348855972 CEST	49319	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.348865986 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.570596933 CEST	49315	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.570673943 CEST	443	49315	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.751343012 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.752087116 CEST	49316	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.752139091 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.752630949 CEST	49316	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.752640009 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.808454037 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.811424971 CEST	49317	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.811444044 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.811851025 CEST	49317	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.811856985 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.852612972 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.852950096 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.853060961 CEST	49316	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.853168964 CEST	49316	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.853207111 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.853276968 CEST	49316	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.853292942 CEST	443	49316	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.856257915 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.856286049 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.856368065 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.856528997 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.856538057 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.899512053 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.899977922 CEST	49318	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.899990082 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.900567055 CEST	49318	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.900573015 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.904170990 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.904246092 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.904321909 CEST	49317	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.904427052 CEST	49317	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.904448986 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.904465914 CEST	49317	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.904476881 CEST	443	49317	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.907304049 CEST	49321	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.907341003 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.907417059 CEST	49321	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.907541990 CEST	49321	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.907546997 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.983371973 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.983556986 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.983623028 CEST	49302	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.983665943 CEST	49302	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.983665943 CEST	49302	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.983680964 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.983690023 CEST	443	49302	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.986949921 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.986964941 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.987040997 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.987215042 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.987227917 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.987250090 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.987600088 CEST	49319	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.987682104 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.987987995 CEST	49319	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.988002062 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.998543978 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.999733925 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.999804020 CEST	49318	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.999850035 CEST	49318	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.999870062 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:12.999885082 CEST	49318	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:12.999891043 CEST	443	49318	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.002316952 CEST	49323	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.002340078 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.002397060 CEST	49323	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.002547026 CEST	49323	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.002552032 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.085313082 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.085526943 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.085791111 CEST	49319	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.087487936 CEST	49324	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.087572098 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.087594032 CEST	49319	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.087594032 CEST	49319	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.087661982 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.087702990 CEST	443	49319	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.087713003 CEST	49324	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.088011980 CEST	49324	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.088072062 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.546997070 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.547763109 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.547791004 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.548340082 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.548362017 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.558295012 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.558546066 CEST	49321	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.558568954 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.558883905 CEST	49321	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.558887959 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.608820915 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.609181881 CEST	49323	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.609194994 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.609711885 CEST	49323	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.609715939 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.613583088 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.613887072 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.613902092 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.614417076 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.614420891 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.643850088 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.644131899 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.644179106 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.644182920 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.644227982 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.644264936 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.644279003 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.644289017 CEST	49320	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.644293070 CEST	443	49320	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.646848917 CEST	49325	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.646922112 CEST	443	49325	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.647000074 CEST	49325	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.647156000 CEST	49325	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.647171974 CEST	443	49325	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.659823895 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.659893036 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.659941912 CEST	49321	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.660073996 CEST	49321	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.660084963 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.660093069 CEST	49321	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.660096884 CEST	443	49321	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.662348986 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.662369013 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.662436962 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.662533045 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.662559032 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.705193043 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.705234051 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.705378056 CEST	49323	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.705507994 CEST	49323	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.705514908 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.705523968 CEST	49323	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.705528021 CEST	443	49323	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.707736015 CEST	49327	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.707818985 CEST	443	49327	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.707910061 CEST	49327	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.708015919 CEST	49327	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.708034992 CEST	443	49327	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.714745045 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.715306044 CEST	49324	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.715341091 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.715848923 CEST	49324	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.715861082 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.716680050 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.717186928 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.717251062 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.717262030 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.717288017 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.717334032 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.717348099 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.717353106 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.717360973 CEST	49322	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.717364073 CEST	443	49322	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.719178915 CEST	49328	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.719219923 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:13.719400883 CEST	49328	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.719400883 CEST	49328	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:13.719463110 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.165704966 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.165904045 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.166023016 CEST	49324	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.166169882 CEST	49324	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.166169882 CEST	49324	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.166213036 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.166240931 CEST	443	49324	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.169157982 CEST	49329	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.169264078 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.169348955 CEST	49329	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.169511080 CEST	49329	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.169550896 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.341399908 CEST	443	49325	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.343745947 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.343961000 CEST	49325	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.344022989 CEST	443	49325	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.344170094 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.344202995 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.344554901 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.344566107 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.344607115 CEST	49325	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.344616890 CEST	443	49325	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.346091032 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.346348047 CEST	49328	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.346366882 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.346827984 CEST	49328	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.346833944 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.350229025 CEST	443	49327	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.350464106 CEST	49327	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.350502014 CEST	443	49327	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.351030111 CEST	49327	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.351039886 CEST	443	49327	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.442982912 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.443382025 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.443468094 CEST	49328	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.443629980 CEST	49328	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.443629980 CEST	49328	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.443653107 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.443666935 CEST	443	49328	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.446554899 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.446654081 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.446747065 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.446878910 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.446902037 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.451149940 CEST	443	49327	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.451653004 CEST	443	49327	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.451731920 CEST	49327	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.451731920 CEST	49327	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.451805115 CEST	49327	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.451843023 CEST	443	49327	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.454121113 CEST	49331	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.454157114 CEST	443	49331	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.454231024 CEST	49331	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.454365969 CEST	49331	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.454380989 CEST	443	49331	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.505940914 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.506598949 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.506637096 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.506681919 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.506833076 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.506833076 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.506833076 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.509666920 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.509711027 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.509819031 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.509984016 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.510000944 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.608650923 CEST	443	49325	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.608743906 CEST	443	49325	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.608963966 CEST	49325	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.608963966 CEST	49325	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.609054089 CEST	49325	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.609095097 CEST	443	49325	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.611983061 CEST	49333	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.612085104 CEST	443	49333	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.612199068 CEST	49333	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.612341881 CEST	49333	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.612377882 CEST	443	49333	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.794457912 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.795173883 CEST	49329	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.795263052 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.795658112 CEST	49329	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.795674086 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.820300102 CEST	49326	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.820369959 CEST	443	49326	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.893563032 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.893793106 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.893980026 CEST	49329	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.894445896 CEST	49329	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.894498110 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.894530058 CEST	49329	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.894546032 CEST	443	49329	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.897875071 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.897967100 CEST	443	49334	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:14.898049116 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.898412943 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:14.898444891 CEST	443	49334	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.169275999 CEST	443	49331	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.173832893 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.216142893 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.222817898 CEST	49331	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.273211956 CEST	49331	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.273220062 CEST	443	49331	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.274797916 CEST	49331	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.274807930 CEST	443	49331	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.275686026 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.275744915 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.276109934 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.276124954 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.342412949 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.342856884 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.342895985 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.343416929 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.343424082 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.345613003 CEST	443	49333	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.345942020 CEST	49333	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.346026897 CEST	443	49333	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.346425056 CEST	49333	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.346440077 CEST	443	49333	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.368715048 CEST	443	49331	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.368947983 CEST	443	49331	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.369016886 CEST	49331	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.369046926 CEST	49331	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.369062901 CEST	443	49331	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.371154070 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.371417046 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.371493101 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.371522903 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.371586084 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.371720076 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.371769905 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.371803045 CEST	49330	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.371818066 CEST	443	49330	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.372168064 CEST	49335	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.372198105 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.372282028 CEST	49335	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.372457981 CEST	49335	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.372471094 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.374073029 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.374146938 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.374218941 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.374330044 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.374360085 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.437881947 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.437957048 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.437987089 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.438003063 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.438033104 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.438163042 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.438174009 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.438185930 CEST	49332	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.438190937 CEST	443	49332	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.440807104 CEST	49337	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.440891027 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.440965891 CEST	49337	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.441119909 CEST	49337	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.441154003 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.446012974 CEST	443	49333	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.446091890 CEST	443	49333	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.446144104 CEST	49333	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.446741104 CEST	49333	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.446774960 CEST	443	49333	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.449619055 CEST	49338	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.449647903 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.449712038 CEST	49338	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.449826002 CEST	49338	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.449850082 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.512052059 CEST	443	49334	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.515563965 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.515614986 CEST	443	49334	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.515986919 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.515995979 CEST	443	49334	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.608498096 CEST	443	49334	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.609276056 CEST	443	49334	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.609462023 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.609462023 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.609462023 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.611970901 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.612018108 CEST	443	49339	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.612108946 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.612291098 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.612319946 CEST	443	49339	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.914732933 CEST	49334	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.914805889 CEST	443	49334	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.981412888 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.981878042 CEST	49335	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.981904984 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:15.982289076 CEST	49335	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:15.982294083 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.015467882 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.015877962 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.015959024 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.016303062 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.016316891 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.061981916 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.062434912 CEST	49338	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.062510014 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.062983036 CEST	49338	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.062997103 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.077749014 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.077840090 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.077889919 CEST	49335	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.077970028 CEST	49335	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.077982903 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.077991962 CEST	49335	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.077996969 CEST	443	49335	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.080188990 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.080461979 CEST	49337	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.080492020 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.080812931 CEST	49337	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.080822945 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.081070900 CEST	49340	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.081159115 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.081227064 CEST	49340	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.081399918 CEST	49340	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.081434965 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.115701914 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.115768909 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.115866899 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.115927935 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.116002083 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.116002083 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.117695093 CEST	49336	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.117726088 CEST	443	49336	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.118451118 CEST	49341	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.118494034 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.118555069 CEST	49341	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.118767023 CEST	49341	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.118782997 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.160020113 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.160157919 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.160214901 CEST	49338	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.160260916 CEST	49338	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.160286903 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.160320044 CEST	49338	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.160332918 CEST	443	49338	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.162638903 CEST	49343	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.162729979 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.162858963 CEST	49343	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.162976027 CEST	49343	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.163016081 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.183443069 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.183487892 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.183537006 CEST	49337	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.183783054 CEST	49337	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.183799028 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.183821917 CEST	49337	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.183831930 CEST	443	49337	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.187496901 CEST	49344	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.187546015 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.187606096 CEST	49344	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.187884092 CEST	49344	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.187913895 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.229640961 CEST	443	49339	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.230262041 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.230295897 CEST	443	49339	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.230618954 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.230628967 CEST	443	49339	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.325428963 CEST	443	49339	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.325599909 CEST	443	49339	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.325776100 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.325776100 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.325777054 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.328072071 CEST	49345	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.328155994 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.328248024 CEST	49345	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.328507900 CEST	49345	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.328545094 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.633120060 CEST	49339	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.633197069 CEST	443	49339	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.820245981 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.821261883 CEST	49343	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.821369886 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.821630001 CEST	49343	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.821645975 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.898116112 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.899032116 CEST	49340	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.899097919 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.899429083 CEST	49340	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.899440050 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.905843019 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.906183958 CEST	49341	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.906212091 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.906533957 CEST	49341	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.906539917 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.907463074 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.907706976 CEST	49344	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.907804966 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.907963037 CEST	49344	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.907977104 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.920727968 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.920772076 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.920981884 CEST	49343	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.921040058 CEST	49343	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.921040058 CEST	49343	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.921078920 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.921101093 CEST	443	49343	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.923860073 CEST	49346	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.923947096 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.924056053 CEST	49346	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.924205065 CEST	49346	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.924238920 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.944231033 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.944601059 CEST	49345	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.944659948 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.944947004 CEST	49345	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.944962025 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.995562077 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.995631933 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.995680094 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.995740891 CEST	49340	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.995837927 CEST	49340	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.995837927 CEST	49340	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.995865107 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.995886087 CEST	443	49340	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.998430014 CEST	49347	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.998506069 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:16.998740911 CEST	49347	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.998740911 CEST	49347	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:16.998805046 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.003207922 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.003875971 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.003937960 CEST	49341	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.003969908 CEST	49341	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.003969908 CEST	49341	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.003983021 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.003993988 CEST	443	49341	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.005748034 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.006086111 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.006144047 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.006264925 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.006385088 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.006413937 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.006804943 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.006866932 CEST	49344	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.006923914 CEST	49344	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.006923914 CEST	49344	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.006946087 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.006967068 CEST	443	49344	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.008723974 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.008743048 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.008804083 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.008894920 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.008903980 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.048224926 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.048265934 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.048324108 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.048490047 CEST	49345	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.049067974 CEST	49345	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.049067974 CEST	49345	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.049110889 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.049138069 CEST	443	49345	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.050296068 CEST	49350	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.050307035 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.050375938 CEST	49350	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.050488949 CEST	49350	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.050501108 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.599205017 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.612832069 CEST	49346	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.612890959 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.613239050 CEST	49346	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.613251925 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.710747004 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.711968899 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.712049961 CEST	49346	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.716068983 CEST	49346	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.716099977 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.716193914 CEST	49346	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.716226101 CEST	443	49346	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.736375093 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.736486912 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.736603975 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.736736059 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.736772060 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.774157047 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.777086973 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.777322054 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.777358055 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.777717113 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.777724028 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.777988911 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.778069019 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.778346062 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.778363943 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.780174971 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.780436993 CEST	49350	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.780462027 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.780740976 CEST	49350	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.780747890 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.784483910 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.784780025 CEST	49347	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.784805059 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.785095930 CEST	49347	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.785101891 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.869987011 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.870390892 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.870434046 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.870450020 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.870481968 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.870556116 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.870579004 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.870596886 CEST	49349	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.870604038 CEST	443	49349	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.871036053 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.871201992 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.871275902 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.871418953 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.871458054 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.871490002 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.871515989 CEST	49348	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.871531010 CEST	443	49348	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.873205900 CEST	49352	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.873295069 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.873439074 CEST	49352	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.873563051 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.873586893 CEST	49352	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.873608112 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.873630047 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.873687983 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.873837948 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.873858929 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.876348019 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.876672983 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.876727104 CEST	49350	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.876766920 CEST	49350	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.876785994 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.876802921 CEST	49350	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.876810074 CEST	443	49350	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.878808975 CEST	49354	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.878834009 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.878921032 CEST	49354	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.879043102 CEST	49354	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.879069090 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.885276079 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.885471106 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.885519028 CEST	49347	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.885564089 CEST	49347	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.885577917 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.885595083 CEST	49347	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.885601044 CEST	443	49347	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.887365103 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.887381077 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.887469053 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.887584925 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:17.887597084 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:17.972907066 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:17.972958088 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:17.973023891 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:17.973242998 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:17.973257065 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.057820082 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.057917118 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.058027983 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.058589935 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.058624029 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.352840900 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.353373051 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.353393078 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.353837013 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.353843927 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.449697971 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.449897051 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.449937105 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.449961901 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.449990988 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.450026989 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.450050116 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.450063944 CEST	49351	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.450073004 CEST	443	49351	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.452466965 CEST	49358	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.452564001 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.452661037 CEST	49358	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.452795029 CEST	49358	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.452821016 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.490840912 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.491440058 CEST	49354	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.491472006 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.491849899 CEST	49354	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.491857052 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.492558956 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.492892981 CEST	49352	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.492922068 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.493233919 CEST	49352	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.493240118 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.497431040 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.497818947 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.497843981 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.498136044 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.498143911 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.522610903 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.523283958 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.523303986 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.523745060 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.523751974 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.579646111 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.580132008 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.580157042 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.580666065 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.581057072 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.581142902 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.581358910 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.581386089 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.581396103 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.587579012 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.587661028 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.587724924 CEST	49354	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.587898016 CEST	49354	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.587920904 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.587937117 CEST	49354	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.587944031 CEST	443	49354	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.590444088 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.590480089 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.590558052 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.590676069 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.590682983 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.592999935 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.593060017 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.593111038 CEST	49352	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.593189955 CEST	49352	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.593209028 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.593224049 CEST	49352	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.593230963 CEST	443	49352	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.595849037 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.596117973 CEST	49360	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.596158028 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.596182108 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.596226931 CEST	49360	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.596255064 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.596278906 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.596302032 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.596350908 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.596440077 CEST	49360	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.596451998 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.596487045 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.596497059 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.596509933 CEST	49353	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.596514940 CEST	443	49353	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.599143028 CEST	49361	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.599211931 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.599296093 CEST	49361	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.599442959 CEST	49361	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.599463940 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.621726990 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.622051954 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.622103930 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.622147083 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.622176886 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.622231960 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.622242928 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.622258902 CEST	49355	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.622265100 CEST	443	49355	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.625191927 CEST	49362	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.625238895 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.625309944 CEST	49362	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.625443935 CEST	49362	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:18.625458002 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:18.657104969 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.657560110 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.657588959 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.657906055 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.658298016 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.658353090 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:18.658488035 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.658519983 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:18.658525944 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:19.025103092 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:19.025217056 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:19.025270939 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:19.025300980 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:19.025614977 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:19.025671005 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:19.026376009 CEST	49357	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:19.026396036 CEST	443	49357	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:19.027014971 CEST	49356	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:19.027030945 CEST	443	49356	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:19.139836073 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:19.139902115 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:19.139966965 CEST	49294	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:04:19.220047951 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.220721006 CEST	49358	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.220765114 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.221313953 CEST	49358	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.221319914 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.223026991 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.223361969 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.223387957 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.223830938 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.223835945 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.227948904 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.228327990 CEST	49360	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.228369951 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.228816986 CEST	49360	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.228827953 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.235941887 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.236428976 CEST	49361	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.236493111 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.236748934 CEST	49361	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.236764908 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.241472006 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.241795063 CEST	49362	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.241810083 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.242305994 CEST	49362	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.242316961 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.315599918 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.315690994 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.315810919 CEST	49358	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.316080093 CEST	49358	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.316107988 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.316123962 CEST	49358	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.316131115 CEST	443	49358	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.317612886 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.317800999 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.317876101 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.317886114 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.317905903 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.317970991 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.318061113 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.318073034 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.318104982 CEST	49359	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.318109989 CEST	443	49359	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.320952892 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.321012020 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.321070910 CEST	49364	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.321115971 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.321130037 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.321204901 CEST	49364	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.321290970 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.321321011 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.321451902 CEST	49364	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.321479082 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.323498964 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.323616982 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.323688984 CEST	49360	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.323790073 CEST	49360	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.323811054 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.323860884 CEST	49360	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.323873997 CEST	443	49360	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.326569080 CEST	49365	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.326612949 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.326706886 CEST	49365	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.326886892 CEST	49365	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.326904058 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.332320929 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.332540035 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.332623005 CEST	49361	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.332699060 CEST	49361	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.332740068 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.332766056 CEST	49361	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.332781076 CEST	443	49361	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.335270882 CEST	49366	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.335306883 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.335407019 CEST	49366	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.335573912 CEST	49366	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.335588932 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.335690022 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.335971117 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.336033106 CEST	49362	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.336328030 CEST	49362	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.336344957 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.336370945 CEST	49362	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.336380005 CEST	443	49362	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.338814020 CEST	49367	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.338845015 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.338938951 CEST	49367	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.339098930 CEST	49367	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.339121103 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.932652950 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.933218956 CEST	49365	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.933248043 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.933856964 CEST	49365	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.933867931 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.944298029 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.944665909 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.944714069 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.945161104 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.945173979 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.973751068 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.974244118 CEST	49364	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.974323034 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.974806070 CEST	49364	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.974818945 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.975706100 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.976033926 CEST	49366	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.976095915 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.976527929 CEST	49366	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.976548910 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.989355087 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.989917040 CEST	49367	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.989932060 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:19.990473986 CEST	49367	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:19.990483046 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.028496981 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.028573036 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.028603077 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.028697014 CEST	49365	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.029438972 CEST	49365	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.029459953 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.029491901 CEST	49365	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.029496908 CEST	443	49365	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.046147108 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.046219110 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.046365976 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.046365023 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.046437025 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.073554993 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.073585987 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.073620081 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.073652983 CEST	49363	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.073668003 CEST	443	49363	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.073945045 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.074047089 CEST	49364	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.074337959 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.074757099 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.074822903 CEST	49366	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.075202942 CEST	49366	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.075220108 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.075305939 CEST	49366	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.075313091 CEST	443	49366	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.076574087 CEST	49364	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.076606989 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.076633930 CEST	49364	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.076647997 CEST	443	49364	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.077052116 CEST	49368	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.077099085 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.077173948 CEST	49368	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.077569008 CEST	49368	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.077593088 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.079013109 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.079047918 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.079128981 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.079319000 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.079334974 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.079510927 CEST	49370	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.079520941 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.079605103 CEST	49370	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.079747915 CEST	49370	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.079755068 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.080773115 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.080812931 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.080890894 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.081183910 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.081206083 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.087878942 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.088123083 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.088210106 CEST	49367	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.088608980 CEST	49367	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.088620901 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.088653088 CEST	49367	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.088664055 CEST	443	49367	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.091208935 CEST	49372	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.091239929 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.091305017 CEST	49372	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.091490984 CEST	49372	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.091506004 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.701184034 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.701865911 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.701903105 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.702513933 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.702519894 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.702826023 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.703299046 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.703401089 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.703850985 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.703866005 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.705415010 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.705818892 CEST	49372	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.705864906 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.706362009 CEST	49372	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.706367970 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.710730076 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.711105108 CEST	49370	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.711121082 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.711848974 CEST	49370	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.711853981 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.727509022 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.728589058 CEST	49368	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.728643894 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.729127884 CEST	49368	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.729139090 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.799870968 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.799967051 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.800086021 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.800147057 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.800167084 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.800219059 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.800378084 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.800409079 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.800424099 CEST	49371	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.800431967 CEST	443	49371	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.800571918 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.800611973 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.800625086 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.800678968 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.800718069 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.800741911 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.800755024 CEST	49369	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.800762892 CEST	443	49369	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.803054094 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.803214073 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.803286076 CEST	49372	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804040909 CEST	49373	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804079056 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.804131031 CEST	49374	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804138899 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.804176092 CEST	49373	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804214954 CEST	49374	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804280043 CEST	49372	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804301977 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.804332018 CEST	49372	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804337025 CEST	443	49372	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.804502010 CEST	49374	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804516077 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.804775953 CEST	49373	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.804790020 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.807811975 CEST	49375	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.807864904 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.807945967 CEST	49375	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.808130980 CEST	49375	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.808151007 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.813285112 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.813673973 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.813751936 CEST	49370	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.813801050 CEST	49370	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.813807964 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.813846111 CEST	49370	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.813851118 CEST	443	49370	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.816230059 CEST	49376	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.816245079 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.816325903 CEST	49376	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.816464901 CEST	49376	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.816481113 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.825325012 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.825623035 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.825694084 CEST	49368	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.825757027 CEST	49368	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.825778961 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.825793028 CEST	49368	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.825800896 CEST	443	49368	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.829658031 CEST	49377	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.829684019 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:20.829777002 CEST	49377	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.829927921 CEST	49377	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:20.829941988 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.425774097 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.426476002 CEST	49373	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.426521063 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.427032948 CEST	49373	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.427040100 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.427634954 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.428076982 CEST	49374	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.428091049 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.428889036 CEST	49374	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.428894997 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.429389954 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.429805040 CEST	49376	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.429850101 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.430433989 CEST	49376	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.430440903 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.455676079 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.456185102 CEST	49375	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.456207991 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.456376076 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.456773996 CEST	49375	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.456785917 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.456816912 CEST	49377	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.456862926 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.457339048 CEST	49377	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.457346916 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.523214102 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.523632050 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.523703098 CEST	49373	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.523798943 CEST	49373	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.523823977 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.523839951 CEST	49373	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.523848057 CEST	443	49373	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.527116060 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.527276993 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.527369022 CEST	49376	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.531527042 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.531707048 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.531769037 CEST	49374	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.543560028 CEST	49374	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.543567896 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.543581963 CEST	49374	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.543586969 CEST	443	49374	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.548708916 CEST	49376	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.548775911 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.548804045 CEST	49376	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.548820019 CEST	443	49376	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.552148104 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.552211046 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.552261114 CEST	49377	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.554017067 CEST	49377	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.554023027 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.554066896 CEST	49377	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.554071903 CEST	443	49377	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.556324959 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.557285070 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.557359934 CEST	49375	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.566201925 CEST	49378	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.566230059 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.566313028 CEST	49378	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.566885948 CEST	49375	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.566910982 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.566925049 CEST	49375	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.566932917 CEST	443	49375	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.576466084 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.576498032 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.576575041 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.576678991 CEST	49378	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.576695919 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.580044031 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.580061913 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.582144022 CEST	49380	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.582202911 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.582298994 CEST	49380	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.582434893 CEST	49380	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.582451105 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.586021900 CEST	49381	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.586051941 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.586147070 CEST	49381	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.587945938 CEST	49382	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.587953091 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.588032007 CEST	49382	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.588213921 CEST	49381	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.588224888 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:21.588778019 CEST	49382	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:21.588785887 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.186081886 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.194885969 CEST	49378	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.194909096 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.196182966 CEST	49378	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.196187973 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.228166103 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.228926897 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.230171919 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.231182098 CEST	49381	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.231205940 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.232307911 CEST	49381	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.232316971 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.233326912 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.233376980 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.234466076 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.234474897 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.235217094 CEST	49382	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.235234976 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.236216068 CEST	49382	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.236226082 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.272963047 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.273381948 CEST	49380	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.273462057 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.273857117 CEST	49380	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.273871899 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.287442923 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.287504911 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.287549019 CEST	49378	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.287748098 CEST	49378	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.287764072 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.287776947 CEST	49378	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.287782907 CEST	443	49378	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.293333054 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.293435097 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.293514013 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.293932915 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.293962002 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.328972101 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.329097033 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.329145908 CEST	49382	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.329206944 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.329343081 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.329770088 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.329792023 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.329870939 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.329895973 CEST	49381	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.329905987 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.329926014 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.330251932 CEST	49381	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.330271959 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.330286980 CEST	49381	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.330293894 CEST	443	49381	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.330357075 CEST	49382	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.330363035 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.330380917 CEST	49382	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.330387115 CEST	443	49382	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.340543985 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.340562105 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.340595961 CEST	49379	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.340603113 CEST	443	49379	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.345362902 CEST	49384	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.345401049 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.345463037 CEST	49384	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.352015018 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.352060080 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.352154970 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.380625010 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.380692005 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.380806923 CEST	49380	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.385889053 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.385910034 CEST	443	49386	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.385972977 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.386218071 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.386234999 CEST	443	49386	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.386305094 CEST	49384	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.386327982 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.386379004 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.386389017 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.387691975 CEST	49380	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.387744904 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.387773991 CEST	49380	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.387790918 CEST	443	49380	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.395256042 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.395289898 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.395368099 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.395472050 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.395488024 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.912012100 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.913033962 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.913093090 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:22.913335085 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:22.913342953 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.002142906 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.004339933 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.004400015 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.004736900 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.004751921 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.005234003 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.005666018 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.005753040 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.006025076 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.006040096 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.007823944 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.008610964 CEST	49384	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.008641958 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.008929968 CEST	49384	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.008939981 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.009671926 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.009691954 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.009751081 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.009785891 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.009905100 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.009905100 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.009917974 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.010068893 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.010094881 CEST	443	49383	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.010193110 CEST	49383	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.012727976 CEST	49388	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.012818098 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.012900114 CEST	49388	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.013072968 CEST	49388	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.013108969 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.024828911 CEST	443	49386	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.025310993 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.025352001 CEST	443	49386	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.025666952 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.025677919 CEST	443	49386	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.096759081 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.097074032 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.097130060 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.097359896 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.097359896 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.097359896 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.097359896 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.100083113 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.100193024 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.100286007 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.100409985 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.100446939 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.103215933 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.103487968 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.103576899 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.103593111 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.103653908 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.103698969 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.103698969 CEST	49385	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.103743076 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.103770018 CEST	443	49385	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.105443954 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.105472088 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.105542898 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.105642080 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.105655909 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.106143951 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.106177092 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.106205940 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.106264114 CEST	49384	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.106311083 CEST	49384	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.106311083 CEST	49384	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.106353045 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.106384039 CEST	443	49384	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.107923985 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.108010054 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.108091116 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.108185053 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.108211994 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.138164997 CEST	443	49386	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.138824940 CEST	443	49386	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.139003992 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.139003992 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.139003992 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.140650988 CEST	49392	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.140693903 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.140764952 CEST	49392	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.140866995 CEST	49392	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.140892982 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.321861982 CEST	49387	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.321918011 CEST	443	49387	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.446850061 CEST	49386	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.446909904 CEST	443	49386	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.652587891 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.653184891 CEST	49388	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.653217077 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.653528929 CEST	49388	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.653537035 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.705835104 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.709036112 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.709109068 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.709238052 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.709255934 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.725742102 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.727943897 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.727974892 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.728501081 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.728511095 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.730305910 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.731852055 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.731911898 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.732191086 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.732206106 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.751610041 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.753051996 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.753228903 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.753420115 CEST	49392	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.753438950 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.753438950 CEST	49388	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.753839016 CEST	49392	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.753844976 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.753997087 CEST	49388	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.754021883 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.754038095 CEST	49388	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.754045963 CEST	443	49388	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.756551981 CEST	49393	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.756655931 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.756853104 CEST	49393	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.757042885 CEST	49393	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.757081985 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.801711082 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.801738024 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.801798105 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.801929951 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.801929951 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.802026033 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.802073002 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.802107096 CEST	49389	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.802123070 CEST	443	49389	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.805135965 CEST	49394	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.805232048 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.805331945 CEST	49394	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.805461884 CEST	49394	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.805490971 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.822580099 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.822737932 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.822770119 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.822805882 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.822870016 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.822870970 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.822912931 CEST	49391	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.822948933 CEST	443	49391	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.825221062 CEST	49395	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.825265884 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.825344086 CEST	49395	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.825460911 CEST	49395	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.825474024 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.826355934 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.826426983 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.826519012 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.826525927 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.826587915 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.826587915 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.826587915 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.826638937 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.831240892 CEST	49396	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.831267118 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.831326962 CEST	49396	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.831435919 CEST	49396	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.831444025 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.846199989 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.846352100 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.846411943 CEST	49392	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.846438885 CEST	49392	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.846451044 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.846466064 CEST	49392	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.846471071 CEST	443	49392	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.848778963 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.848841906 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:23.848915100 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.849020958 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:23.849037886 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.134459972 CEST	49390	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.134546041 CEST	443	49390	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.390499115 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.391124964 CEST	49393	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.391190052 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.391599894 CEST	49393	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.391614914 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.411315918 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.412020922 CEST	49394	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.412110090 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.412478924 CEST	49394	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.412493944 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.442049980 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.442918062 CEST	49396	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.442934036 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.443191051 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.443516016 CEST	49396	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.443523884 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.443635941 CEST	49395	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.443662882 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.444134951 CEST	49395	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.444140911 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.490627050 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.490784883 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.491019964 CEST	49393	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.491108894 CEST	49393	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.491108894 CEST	49393	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.491157055 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.491185904 CEST	443	49393	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.494873047 CEST	49398	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.494966984 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.495043993 CEST	49398	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.495234013 CEST	49398	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.495254993 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.505186081 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.508907080 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.508928061 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.510052919 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.510107994 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.510416031 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.510493994 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.510674000 CEST	49394	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.510761976 CEST	49394	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.510761976 CEST	49394	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.510807991 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.510840893 CEST	443	49394	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.513138056 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.513173103 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.513298035 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.513434887 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.513448000 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.540230036 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.540291071 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.540435076 CEST	49396	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.540858030 CEST	49396	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.540858030 CEST	49396	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.540868998 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.540877104 CEST	443	49396	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.543694019 CEST	49400	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.543798923 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.543901920 CEST	49400	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.544059992 CEST	49400	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.544094086 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.547077894 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.547182083 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.547224045 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.547280073 CEST	49395	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.547343969 CEST	49395	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.547343969 CEST	49395	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.547359943 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.547370911 CEST	443	49395	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.549633980 CEST	49401	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.549716949 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.549906015 CEST	49401	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.549985886 CEST	49401	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.550007105 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.608577013 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.608769894 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.608885050 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.609102964 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.609103918 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.609103918 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.609103918 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.611582041 CEST	49402	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.611624956 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.611704111 CEST	49402	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.611866951 CEST	49402	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.611882925 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:24.820470095 CEST	49397	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:24.820553064 CEST	443	49397	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.109802008 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.136054039 CEST	49398	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.136153936 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.136380911 CEST	49398	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.136395931 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.148590088 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.150660992 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.165153027 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.165646076 CEST	49400	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.165747881 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.179578066 CEST	49400	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.179595947 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.181265116 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.181329012 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.200643063 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.200658083 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.201050997 CEST	49401	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.201080084 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.201493025 CEST	49401	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.201502085 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.226608992 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.227124929 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.227288008 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.227344990 CEST	49398	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.227876902 CEST	49402	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.227896929 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.228566885 CEST	49402	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.228571892 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.228723049 CEST	49398	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.228779078 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.228809118 CEST	49398	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.228825092 CEST	443	49398	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.246944904 CEST	49404	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.247019053 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.247181892 CEST	49404	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.250843048 CEST	49404	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.250874043 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.270545006 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.270751953 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.270828962 CEST	49400	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.271754026 CEST	49400	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.271754026 CEST	49400	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.271801949 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.271828890 CEST	443	49400	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.295600891 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.295859098 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.295975924 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.296053886 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.296222925 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.308270931 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.308526039 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.308578968 CEST	49401	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.313286066 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.313286066 CEST	49399	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.313317060 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.313329935 CEST	443	49399	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.320807934 CEST	49401	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.320826054 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.320844889 CEST	49401	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.320852041 CEST	443	49401	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.321096897 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.321266890 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.321310043 CEST	49402	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.411586046 CEST	49402	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.411624908 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.411642075 CEST	49402	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.411650896 CEST	443	49402	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.411818027 CEST	49405	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.411907911 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.411983967 CEST	49405	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.413428068 CEST	49405	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.413460016 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.414568901 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.414592028 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.414654016 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.414856911 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.414870977 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.416178942 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.416227102 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.416276932 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.416512012 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.416523933 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.417376995 CEST	49408	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.417399883 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.417450905 CEST	49408	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.417620897 CEST	49408	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.417637110 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.874766111 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.875627041 CEST	49404	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.875654936 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.876105070 CEST	49404	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.876111984 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.971417904 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.971498013 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.971687078 CEST	49404	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.971738100 CEST	49404	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.971751928 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.971760988 CEST	49404	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.971765995 CEST	443	49404	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.974394083 CEST	49409	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.974443913 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:25.974545002 CEST	49409	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.974697113 CEST	49409	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:25.974714041 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.054707050 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.055365086 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.055392027 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.055553913 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.055792093 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.055799007 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.056011915 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.056030989 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.056318045 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.056324959 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.058300972 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.058528900 CEST	49408	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.058564901 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.058815956 CEST	49408	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.058823109 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.073976994 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.074362993 CEST	49405	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.074441910 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.074729919 CEST	49405	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.074743986 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.153496027 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.154201984 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.154263020 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.154285908 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.154381990 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.154401064 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.154423952 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.154467106 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.154490948 CEST	49406	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.154506922 CEST	443	49406	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.156999111 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.157145977 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.157248020 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.157321930 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.157458067 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.157486916 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.157927036 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.157995939 CEST	49408	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.158075094 CEST	49408	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.158075094 CEST	49408	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.158117056 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.158143044 CEST	443	49408	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.159960032 CEST	49411	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.160007000 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.160085917 CEST	49411	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.160219908 CEST	49411	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.160248995 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.160440922 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.160512924 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.160603046 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.160635948 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.160693884 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.160717010 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.160717964 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.160744905 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.160782099 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.162408113 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.162455082 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.162538052 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.162636042 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.162652969 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.176840067 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.176899910 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.177031994 CEST	49405	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.177198887 CEST	49405	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.177198887 CEST	49405	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.177222013 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.177244902 CEST	443	49405	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.178971052 CEST	49413	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.179020882 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.179105043 CEST	49413	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.179214954 CEST	49413	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.179246902 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.462579966 CEST	49407	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.462661028 CEST	443	49407	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.639743090 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.640171051 CEST	49409	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.640208960 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.640620947 CEST	49409	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.640629053 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.742434978 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.742702961 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.742774963 CEST	49409	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.743283987 CEST	49409	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.743283987 CEST	49409	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.743307114 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.743315935 CEST	443	49409	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.745860100 CEST	49414	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.745955944 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.746057034 CEST	49414	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.746187925 CEST	49414	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.746211052 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.767846107 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.768774033 CEST	49411	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.768812895 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.769174099 CEST	49411	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.769186974 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.770524025 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.772617102 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.772638083 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.772918940 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.772924900 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.778438091 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.778774977 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.778816938 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.779103041 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.779118061 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.779640913 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.779885054 CEST	49413	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.779936075 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.780421972 CEST	49413	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.780436039 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.862818956 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.862917900 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.863046885 CEST	49411	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.863260984 CEST	49411	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.863301992 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.863328934 CEST	49411	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.863343954 CEST	443	49411	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.864975929 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.865036964 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.865125895 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.865144014 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.865245104 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.865300894 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.865346909 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.865346909 CEST	49410	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.865367889 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.865389109 CEST	443	49410	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.865890980 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.865953922 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.867223978 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.867271900 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.867284060 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.867429018 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.867460012 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.867477894 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.867537022 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.867554903 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.874269962 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.874890089 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.874982119 CEST	49413	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.875101089 CEST	49413	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.875101089 CEST	49413	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.875144958 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.875171900 CEST	443	49413	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.876919985 CEST	49417	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.876954079 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.877046108 CEST	49417	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.877147913 CEST	49417	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.877156973 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.906725883 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.906797886 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.906914949 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.906996012 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.907098055 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.907125950 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.907146931 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.907146931 CEST	49412	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.907157898 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.907169104 CEST	443	49412	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.909049988 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.909089088 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:26.909166098 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.909276009 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:26.909286976 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.397691011 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.398418903 CEST	49414	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.398498058 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.398885965 CEST	49414	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.398899078 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.482038021 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.483441114 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.483532906 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.483859062 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.483875036 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.499892950 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.499939919 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.500073910 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.500149965 CEST	49414	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.500348091 CEST	49414	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.500396967 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.500427008 CEST	49414	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.500443935 CEST	443	49414	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.503899097 CEST	49419	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.503983021 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.504117012 CEST	49419	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.504260063 CEST	49419	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.504286051 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.523596048 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.525585890 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.525614977 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.526032925 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.526051044 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.552380085 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.556041002 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.556072950 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.556436062 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.556442976 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.572748899 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.577379942 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.577513933 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.577568054 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.577708006 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.577708006 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.596250057 CEST	49417	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.596277952 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.596662045 CEST	49417	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.596668005 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.597023010 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.597023010 CEST	49416	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.597103119 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.597140074 CEST	443	49416	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.601676941 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.601743937 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.601819992 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.605459929 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.605500937 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.632862091 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.632908106 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.633028984 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.633052111 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.633083105 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.633152008 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.634004116 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.634004116 CEST	49415	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.634035110 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.634057999 CEST	443	49415	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.637248993 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.637278080 CEST	443	49421	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.637347937 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.637495995 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.637509108 CEST	443	49421	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.669226885 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.670042992 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.670154095 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.670156956 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.670728922 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.682348013 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.682363987 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.682374954 CEST	49418	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.682379007 CEST	443	49418	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.684886932 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.684900045 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.684966087 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.685086012 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.685091972 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.694042921 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.694098949 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.694176912 CEST	49417	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.694576979 CEST	49417	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.694583893 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.694593906 CEST	49417	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.694597006 CEST	443	49417	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.786652088 CEST	49423	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.786748886 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:27.786855936 CEST	49423	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.810513973 CEST	49423	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:27.810555935 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.172549963 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.173175097 CEST	49419	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.173245907 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.173491955 CEST	49419	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.173508883 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.251071930 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.251564980 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.251626015 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.252141953 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.252152920 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.266316891 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.266499996 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.266644001 CEST	49419	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.266701937 CEST	49419	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.266701937 CEST	49419	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.266735077 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.266756058 CEST	443	49419	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.269203901 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.269288063 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.269366980 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.269490004 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.269511938 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.276320934 CEST	443	49421	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.276691914 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.276715994 CEST	443	49421	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.277056932 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.277070045 CEST	443	49421	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.312611103 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.313004971 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.313028097 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.313364029 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.313369989 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.351564884 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.351619959 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.351703882 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.351732969 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.351771116 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.352605104 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.352632046 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.352647066 CEST	49420	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.352654934 CEST	443	49420	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.355915070 CEST	49425	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.355967045 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.356067896 CEST	49425	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.356236935 CEST	49425	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.356254101 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.373770952 CEST	443	49421	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.374253035 CEST	443	49421	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.374366999 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.374366999 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.374366999 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.376126051 CEST	49426	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.376154900 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.376229048 CEST	49426	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.376333952 CEST	49426	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.376343966 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.408025980 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.408092022 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.408204079 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.408212900 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.408276081 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.408363104 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.408379078 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.408410072 CEST	49422	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.408416033 CEST	443	49422	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.410368919 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.410458088 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.410545111 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.410665035 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.410687923 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.433410883 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.433769941 CEST	49423	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.433815002 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.434123039 CEST	49423	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.434129953 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.529324055 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.529473066 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.529546022 CEST	49423	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.529627085 CEST	49423	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.529652119 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.529668093 CEST	49423	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.529675961 CEST	443	49423	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.531857967 CEST	49428	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.531905890 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.531985044 CEST	49428	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.532232046 CEST	49428	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.532253027 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.680015087 CEST	49421	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.680039883 CEST	443	49421	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.889502048 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.890126944 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.890162945 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.890567064 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.890574932 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.969031096 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.969635963 CEST	49425	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.969712019 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.970061064 CEST	49425	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.970073938 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.985064030 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.985615015 CEST	49426	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.985657930 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.985937119 CEST	49426	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.985951900 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.987741947 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.987833023 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.987899065 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.987932920 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.987956047 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.988001108 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.988048077 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.988065958 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.988079071 CEST	49424	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.988085985 CEST	443	49424	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.990598917 CEST	49429	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.990684986 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:28.990768909 CEST	49429	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.990875006 CEST	49429	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:28.990894079 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.022615910 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.022958994 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.022999048 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.023353100 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.023360014 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.064511061 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.065526009 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.065602064 CEST	49425	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.065664053 CEST	49425	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.065694094 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.065746069 CEST	49425	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.065762043 CEST	443	49425	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.068593025 CEST	49430	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.068617105 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.068696976 CEST	49430	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.068862915 CEST	49430	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.068890095 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.090231895 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.090365887 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.090421915 CEST	49426	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.090462923 CEST	49426	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.090487003 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.090511084 CEST	49426	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.090523958 CEST	443	49426	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.092660904 CEST	49431	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.092756987 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.092998981 CEST	49431	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.092998981 CEST	49431	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.093089104 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.130608082 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.130669117 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.130774975 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.130800009 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.130867004 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.130943060 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.130987883 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.131021976 CEST	49427	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.131038904 CEST	443	49427	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.133239985 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.133264065 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.133330107 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.133486032 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.133498907 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.164803982 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.165236950 CEST	49428	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.165266037 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.165654898 CEST	49428	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.165669918 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.265258074 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.265636921 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.265697002 CEST	49428	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.265753031 CEST	49428	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.265753031 CEST	49428	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.265783072 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.265796900 CEST	443	49428	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.268482924 CEST	49433	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.268536091 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.268610001 CEST	49433	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.268729925 CEST	49433	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.268749952 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.596954107 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.603696108 CEST	49429	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.603729010 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.606908083 CEST	49429	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.606920958 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.697499037 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.697805882 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.697865963 CEST	49429	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.697932005 CEST	49429	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.697946072 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.697962046 CEST	49429	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.697968960 CEST	443	49429	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.700598001 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.700757980 CEST	49434	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.700810909 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.700886965 CEST	49434	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.701037884 CEST	49434	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.701040030 CEST	49430	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.701046944 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.701050043 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.701519966 CEST	49430	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.701524973 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.712707996 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.713040113 CEST	49431	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.713063002 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.713455915 CEST	49431	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.713460922 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.752815008 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.753150940 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.753174067 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.753520966 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.753525972 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.799418926 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.799588919 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.799628019 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.799871922 CEST	49430	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.799953938 CEST	49430	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.799953938 CEST	49430	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.799988985 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.800018072 CEST	443	49430	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.801851988 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.801877022 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.801949978 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.802069902 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.802076101 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.810383081 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.810743093 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.810811996 CEST	49431	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.810889959 CEST	49431	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.810889959 CEST	49431	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.810933113 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.810960054 CEST	443	49431	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.812654972 CEST	49436	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.812700033 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.812782049 CEST	49436	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.812902927 CEST	49436	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.812922001 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.847970963 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.848037958 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.848148108 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.848150969 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.848309994 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.848328114 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.848342896 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.848347902 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.848375082 CEST	49432	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.848378897 CEST	443	49432	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.850239992 CEST	49437	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.850285053 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.850356102 CEST	49437	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.850466967 CEST	49437	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.850478888 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.877506971 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.878007889 CEST	49433	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.878041983 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.878264904 CEST	49433	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.878273010 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.978115082 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.978503942 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.978705883 CEST	49433	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.978837013 CEST	49433	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.978863955 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.978879929 CEST	49433	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.978888035 CEST	443	49433	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.983247042 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.983344078 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:29.983442068 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.983592987 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:29.983628988 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.332700014 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.333311081 CEST	49434	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.333348989 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.333882093 CEST	49434	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.333889961 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.423686981 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.424839020 CEST	49436	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.424868107 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.425240040 CEST	49436	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.425246000 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.431649923 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.431847095 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.431932926 CEST	49434	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.432214022 CEST	49434	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.432240963 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.432256937 CEST	49434	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.432265043 CEST	443	49434	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.436793089 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.455135107 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.455163956 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.455559969 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.455564022 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.457525969 CEST	49439	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.457560062 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.457644939 CEST	49439	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.457765102 CEST	49439	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.457771063 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.468003035 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.468851089 CEST	49437	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.468915939 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.469254017 CEST	49437	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.469269037 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.520854950 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.521025896 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.522439957 CEST	49436	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.522473097 CEST	49436	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.522473097 CEST	49436	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.522490978 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.522501945 CEST	443	49436	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.525110960 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.525130987 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.528445005 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.528601885 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.528608084 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.550585032 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.550725937 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.550765038 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.550822973 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.550849915 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.551009893 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.551009893 CEST	49435	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.551028013 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.551038027 CEST	443	49435	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.553078890 CEST	49441	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.553174973 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.553272009 CEST	49441	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.553385019 CEST	49441	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.553405046 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.563437939 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.563602924 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.563673973 CEST	49437	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.563785076 CEST	49437	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.563785076 CEST	49437	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.563807964 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.563828945 CEST	443	49437	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.565510988 CEST	49442	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.565534115 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.565610886 CEST	49442	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.565685987 CEST	49442	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.565700054 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.587940931 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.591449022 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.591507912 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.591689110 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.591705084 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.685801983 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.685828924 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.685862064 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.686018944 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.686019897 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.686125994 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.686126947 CEST	49438	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.686170101 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.686201096 CEST	443	49438	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.688589096 CEST	49443	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.688622952 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:30.688705921 CEST	49443	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.688832045 CEST	49443	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:30.688842058 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.099157095 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.099761963 CEST	49439	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.099806070 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.100069046 CEST	49439	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.100078106 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.139199018 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.139527082 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.139554024 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.139847994 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.139854908 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.171849966 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.172281027 CEST	49441	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.172368050 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.172560930 CEST	49441	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.172574997 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.200033903 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.200104952 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.200176001 CEST	49439	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.200320959 CEST	49439	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.200340033 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.200381041 CEST	49439	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.200387955 CEST	443	49439	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.202912092 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.202946901 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.203030109 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.203175068 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.203181028 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.207964897 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.208359957 CEST	49442	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.208446026 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.208561897 CEST	49442	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.208576918 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.233948946 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.234234095 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.234287024 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.234302998 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.234339952 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.234385967 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.234405994 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.234419107 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.234431028 CEST	49440	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.234436989 CEST	443	49440	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.236701965 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.236794949 CEST	443	49445	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.236874104 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.237003088 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.237025976 CEST	443	49445	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.272039890 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.272272110 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.272336960 CEST	49441	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.272408009 CEST	49441	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.272408009 CEST	49441	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.272449970 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.272478104 CEST	443	49441	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.274913073 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.275001049 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.275079966 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.275279999 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.275311947 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.307024002 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.307476997 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.307547092 CEST	49442	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.307585955 CEST	49442	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.307585955 CEST	49442	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.307605028 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.307615995 CEST	443	49442	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.309664011 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.312634945 CEST	49443	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.312669039 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.313081026 CEST	49443	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.313088894 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.314502954 CEST	49447	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.314538002 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.314609051 CEST	49447	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.314702988 CEST	49447	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.314711094 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.403451920 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.403953075 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.404028893 CEST	49443	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.404068947 CEST	49443	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.404068947 CEST	49443	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.404088974 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.404099941 CEST	443	49443	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.406516075 CEST	49448	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.406613111 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.406724930 CEST	49448	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.406867981 CEST	49448	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.406887054 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.810065031 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.810642004 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.810676098 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.811060905 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.811079025 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.889648914 CEST	443	49445	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.890145063 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.890208006 CEST	443	49445	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.890373945 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.890389919 CEST	443	49445	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.907922983 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.908252954 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.908293009 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.908395052 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.908395052 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.908395052 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.908428907 CEST	49444	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.908442020 CEST	443	49444	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.910901070 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.910988092 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.911076069 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.911180973 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.911200047 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.914427042 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.914830923 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.914918900 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.915052891 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.915069103 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.928025007 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.928272009 CEST	49447	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.928294897 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.928561926 CEST	49447	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.928567886 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.988126040 CEST	443	49445	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.988290071 CEST	443	49445	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.988519907 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.988519907 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.988519907 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.990506887 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.990588903 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:31.990689993 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.990823030 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:31.990840912 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.014847040 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.014880896 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.014923096 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.015088081 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.015089035 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.015192986 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.015192986 CEST	49446	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.015239954 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.015276909 CEST	443	49446	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.017504930 CEST	49451	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.017581940 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.017682076 CEST	49451	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.017853022 CEST	49451	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.017889023 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.022146940 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.022499084 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.022625923 CEST	49447	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.024184942 CEST	49447	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.024184942 CEST	49447	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.024195910 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.024200916 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.024213076 CEST	443	49447	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.024285078 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.024359941 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.024499893 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.024533033 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.046998978 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.047435999 CEST	49448	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.047460079 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.047827959 CEST	49448	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.047833920 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.145654917 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.145675898 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.145698071 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.145823956 CEST	49448	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.145965099 CEST	49448	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.145965099 CEST	49448	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.145994902 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.146017075 CEST	443	49448	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.147789955 CEST	49453	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.147872925 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.148017883 CEST	49453	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.148123980 CEST	49453	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.148142099 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.290442944 CEST	49445	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.290507078 CEST	443	49445	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.532037020 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.579356909 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.646639109 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.667062044 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.683343887 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.688714027 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.706356049 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.706377983 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.706712008 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.706716061 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.706967115 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.706999063 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.707319021 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.707330942 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.708420992 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.708430052 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.708723068 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.708731890 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.708909988 CEST	49451	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.708942890 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.709230900 CEST	49451	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.709237099 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.800856113 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.801089048 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.801146984 CEST	49451	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.801177979 CEST	49451	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.801196098 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.801208019 CEST	49451	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.801214933 CEST	443	49451	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.803508043 CEST	49454	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.803575039 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.803661108 CEST	49454	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.803760052 CEST	49454	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.803777933 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.805542946 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.806050062 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.806116104 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.806818962 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.806818962 CEST	49450	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.806854010 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.806878090 CEST	443	49450	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.807224989 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.807284117 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.807336092 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.807344913 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.807403088 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.807444096 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.807471991 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.807482958 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.807502985 CEST	49452	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.807507038 CEST	443	49452	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.807816982 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.808078051 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.808135986 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.808166981 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.808166981 CEST	49449	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.808181047 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.808199883 CEST	443	49449	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.809159994 CEST	49455	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.809176922 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.809231043 CEST	49455	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.809479952 CEST	49455	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.809490919 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.810617924 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.810633898 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.810662985 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.810669899 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.810702085 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.810723066 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.810796976 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.810805082 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.810832977 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.810847998 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.855926991 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.856268883 CEST	49453	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.856347084 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.856635094 CEST	49453	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.856648922 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.956713915 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.956864119 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.956927061 CEST	49453	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.956981897 CEST	49453	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.956981897 CEST	49453	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.957014084 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.957036018 CEST	443	49453	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.958918095 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.958969116 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:32.959037066 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.959136963 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:32.959146023 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.420296907 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.420775890 CEST	49455	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.420821905 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.421196938 CEST	49455	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.421209097 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.422122955 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.422467947 CEST	49454	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.422549963 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.422645092 CEST	49454	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.422661066 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.448688984 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.449120045 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.449151993 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.449484110 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.449502945 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.462070942 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.462408066 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.462434053 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.462711096 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.462728977 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.516006947 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.516139030 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.516235113 CEST	49455	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.516304970 CEST	49455	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.516329050 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.516377926 CEST	49455	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.516391993 CEST	443	49455	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.518878937 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.518919945 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.518995047 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.519135952 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.519156933 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.520687103 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.521322966 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.521395922 CEST	49454	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.521471024 CEST	49454	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.521471024 CEST	49454	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.521512032 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.521539927 CEST	443	49454	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.523247004 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.523319960 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.523462057 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.523570061 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.523591995 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.546911001 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.547121048 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.547190905 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.547233105 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.547245979 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.547256947 CEST	49458	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.547260046 CEST	443	49458	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.549086094 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.549169064 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.549253941 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.549390078 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.549408913 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.561724901 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.562056065 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.562112093 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.562139034 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.562143087 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.562150002 CEST	49457	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.562153101 CEST	443	49457	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.563705921 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.563739061 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.563819885 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.563949108 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.563977003 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.591665983 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.591958046 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.591989994 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.592287064 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.592293024 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.689510107 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.690099955 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.690171957 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.690207005 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.690221071 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.690233946 CEST	49459	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.690239906 CEST	443	49459	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.692153931 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.692188978 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:33.692262888 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.692368031 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:33.692380905 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.137356043 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.137824059 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.137852907 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.138268948 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.138277054 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.178431034 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.178774118 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.178833961 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.179110050 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.179124117 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.179661989 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.180272102 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.180324078 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.180581093 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.180593967 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.194174051 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.194493055 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.194552898 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.194820881 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.194835901 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.232244015 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.232641935 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.232709885 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.232752085 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.232752085 CEST	49462	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.232770920 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.232784033 CEST	443	49462	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.236576080 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.236659050 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.236747026 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.236850977 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.236870050 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.275325060 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.275770903 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.275804996 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.275829077 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.275891066 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.275937080 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.275937080 CEST	49465	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.275979042 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.276002884 CEST	443	49465	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.277987957 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.278038979 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.278125048 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.278232098 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.278248072 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.281008959 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.281080961 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.281178951 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.281255960 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.281255960 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.281344891 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.281344891 CEST	49463	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.281387091 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.281419039 CEST	443	49463	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.283031940 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.283119917 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.283194065 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.283320904 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.283355951 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.292800903 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.292970896 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.293032885 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.293083906 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.293083906 CEST	49464	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.293109894 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.293132067 CEST	443	49464	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.294739008 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.294770956 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.294837952 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.294959068 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.294985056 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.331511974 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.331820011 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.331845999 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.332148075 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.332159996 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.430572987 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.430721998 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.430794001 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.431492090 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.431515932 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.431540012 CEST	49466	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.431555033 CEST	443	49466	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.434061050 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.434140921 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.434247017 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.434407949 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.434425116 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.855809927 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.856365919 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.856460094 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.856662989 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.856678009 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.907047987 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.907531977 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.907546043 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.907999039 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.908003092 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.908611059 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.908894062 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.908983946 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.911175013 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.911187887 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.918370008 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.954659939 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.954859018 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.954910994 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.955064058 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.955064058 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.964940071 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.972989082 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.973021030 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:34.973423004 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:34.973434925 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.005558968 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.007862091 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.008064985 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.023283005 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.023531914 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.023602009 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.058947086 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.069803953 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.069936991 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.070013046 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.083834887 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.083910942 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.084217072 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.084230900 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.084657907 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.084659100 CEST	49467	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.084722996 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.084732056 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.084732056 CEST	49470	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.084755898 CEST	443	49467	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.084783077 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.084810019 CEST	443	49470	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.122895956 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.122916937 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.122916937 CEST	49469	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.122931957 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.122975111 CEST	49468	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.122991085 CEST	443	49468	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.123007059 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.123044968 CEST	443	49469	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.126585960 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.126637936 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.126719952 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.126971960 CEST	49473	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127059937 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.127099037 CEST	49474	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127124071 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.127146006 CEST	49473	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127206087 CEST	49474	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127377987 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127424002 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.127470016 CEST	49473	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127502918 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.127563953 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127587080 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.127639055 CEST	49474	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127657890 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127661943 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.127768993 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.127780914 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.177983999 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.178021908 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.178060055 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.178162098 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.178277969 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.178277969 CEST	49471	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.178303957 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.178327084 CEST	443	49471	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.180054903 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.180093050 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.180171967 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.180268049 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.180294991 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.734041929 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.734437943 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.734512091 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.734838963 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.734853983 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.735703945 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.736104012 CEST	49473	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.736183882 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.736411095 CEST	49473	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.736423969 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.741643906 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.741977930 CEST	49474	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.742002964 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.742700100 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.742734909 CEST	49474	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.742743969 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.743004084 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.743019104 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.743315935 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.743324995 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.815319061 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.815906048 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.815939903 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.816293955 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.816306114 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.832997084 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.833132982 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.833239079 CEST	49473	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.833288908 CEST	49473	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.833290100 CEST	49473	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.833324909 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.833348036 CEST	443	49473	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.835721016 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.835818052 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.835905075 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.836011887 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.836031914 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.836651087 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.836853027 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.836915016 CEST	49474	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.836941004 CEST	49474	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.836956024 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.836978912 CEST	49474	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.836992025 CEST	443	49474	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.837367058 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.837419033 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.837496042 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.837553024 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.837587118 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.837645054 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.837691069 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.837724924 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.837726116 CEST	49475	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.837744951 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.837763071 CEST	443	49475	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.839272976 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.839296103 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.839430094 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.839483976 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.839502096 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.839544058 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.839565039 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.839570045 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.839694977 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.839705944 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.880055904 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.880124092 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.880261898 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.880417109 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.880417109 CEST	49472	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.880459070 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.880485058 CEST	443	49472	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.881915092 CEST	49480	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.881946087 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.882014036 CEST	49480	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.882127047 CEST	49480	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.882142067 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.915081024 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.915107012 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.915164948 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.915375948 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.915375948 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.915375948 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.915375948 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.917093992 CEST	49481	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.917121887 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:35.917249918 CEST	49481	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.917344093 CEST	49481	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:35.917351007 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.135888100 CEST	49476	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.135946989 CEST	443	49476	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.446571112 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.447256088 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.447319031 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.447773933 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.447788954 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.456120014 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.456449986 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.456479073 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.456783056 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.456793070 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.460092068 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.460304976 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.460330009 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.460575104 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.460580111 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.499912024 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.504537106 CEST	49480	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.504556894 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.505036116 CEST	49480	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.505044937 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.522196054 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.522524118 CEST	49481	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.522536993 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.522927046 CEST	49481	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.522932053 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.544147968 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.544168949 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.544447899 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.544512033 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.544616938 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.544616938 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.544662952 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.544773102 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.544799089 CEST	443	49477	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.544851065 CEST	49477	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.547046900 CEST	49482	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.547064066 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.547132015 CEST	49482	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.547230959 CEST	49482	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.547235966 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.549623966 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.549669027 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.549809933 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.549825907 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.549916029 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.549916029 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.549943924 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.550245047 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.550327063 CEST	443	49478	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.551446915 CEST	49478	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.551862955 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.551898003 CEST	443	49483	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.551955938 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.552089930 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.552103996 CEST	443	49483	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.555754900 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.555813074 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.555932045 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.555936098 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.555984020 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.556029081 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.556039095 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.556049109 CEST	49479	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.556054115 CEST	443	49479	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.557959080 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.558041096 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.558120012 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.558243036 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.558279991 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.598371983 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.598428965 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.598530054 CEST	49480	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.598552942 CEST	49480	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.598562956 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.598573923 CEST	49480	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.598577976 CEST	443	49480	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.600291967 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.600318909 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.600408077 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.600522041 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.600547075 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.623272896 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.623347044 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.623402119 CEST	49481	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.623704910 CEST	49481	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.623718023 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.623727083 CEST	49481	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.623730898 CEST	443	49481	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.625758886 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.625785112 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:36.625859976 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.625962973 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:36.625972986 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.156254053 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.156969070 CEST	49482	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.156991959 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.157363892 CEST	49482	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.157367945 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.162897110 CEST	443	49483	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.163158894 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.163182020 CEST	443	49483	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.163471937 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.163480997 CEST	443	49483	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.198755026 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.199278116 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.199352980 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.199754000 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.199769974 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.224076033 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.224522114 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.224543095 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.225058079 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.225063086 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.235572100 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.235920906 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.235934019 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.236275911 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.236279964 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.252645969 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.252688885 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.252743006 CEST	49482	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.253091097 CEST	49482	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.253091097 CEST	49482	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.253101110 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.253108025 CEST	443	49482	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.255362034 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.255449057 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.255532980 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.255650043 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.255670071 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.257642984 CEST	443	49483	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.257807970 CEST	443	49483	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.257949114 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.257949114 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.257949114 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.259627104 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.259716988 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.259788990 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.259874105 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.259892941 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.302958012 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.303008080 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.303078890 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.303102970 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.303159952 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.303177118 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.303201914 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.303253889 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.303392887 CEST	49484	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.303415060 CEST	443	49484	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.306921005 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.306942940 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.307003975 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.307286024 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.307291985 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.318862915 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.318933010 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.318994045 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.319004059 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.319063902 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.319108963 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.319284916 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.319295883 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.319307089 CEST	49485	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.319309950 CEST	443	49485	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.322568893 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.322577953 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.322635889 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.322767019 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.322777033 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.335166931 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.335220098 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.335261106 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.335287094 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.335293055 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.335320950 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.335342884 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.413309097 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.413400888 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.413418055 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.413507938 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.413559914 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.414361954 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.414369106 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.414377928 CEST	49486	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.414381981 CEST	443	49486	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.417470932 CEST	49491	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.417577028 CEST	443	49491	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.417669058 CEST	49491	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.417823076 CEST	49491	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.417845011 CEST	443	49491	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.563733101 CEST	49483	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.563812017 CEST	443	49483	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.875873089 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.876629114 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.876692057 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.876821041 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.876837969 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.885225058 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.885500908 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.885561943 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.885885954 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.885900974 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.918872118 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.919584036 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.919676065 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.920001984 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.920017004 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.962348938 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.962862968 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.962893009 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.963126898 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.963131905 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.975189924 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.975203037 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.975497007 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.975560904 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.975653887 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.975676060 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.975676060 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.975728035 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.975764990 CEST	49487	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.975780964 CEST	443	49487	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.978162050 CEST	49492	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.978252888 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.978358984 CEST	49492	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.978486061 CEST	49492	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.978502989 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.988707066 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.988766909 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.988809109 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.988908052 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:37.988969088 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:37.989125967 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.017849922 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.017908096 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.018090010 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.018124104 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.018194914 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.018244028 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.018255949 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.018277884 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.018292904 CEST	49489	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.018383026 CEST	443	49489	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.020163059 CEST	49493	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.020236015 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.020306110 CEST	49493	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.020414114 CEST	49493	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.020430088 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.058518887 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.058574915 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.058809042 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.058832884 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.058923960 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.058938980 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.058945894 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.059287071 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.059370995 CEST	443	49490	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.059411049 CEST	49490	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.060843945 CEST	49494	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.060925961 CEST	443	49494	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.061012030 CEST	49494	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.061135054 CEST	49494	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.061153889 CEST	443	49494	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.064632893 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.064693928 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.064721107 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.064791918 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.064825058 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.064834118 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.064860106 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.064879894 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.064919949 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.064919949 CEST	49488	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.064951897 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.064975023 CEST	443	49488	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.066627026 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.066699028 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.066777945 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.066873074 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.066900015 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.075767994 CEST	443	49491	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.076077938 CEST	49491	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.076102972 CEST	443	49491	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.076447964 CEST	49491	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.076461077 CEST	443	49491	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.177206039 CEST	443	49491	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.177635908 CEST	443	49491	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.177707911 CEST	49491	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.177707911 CEST	49491	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.177784920 CEST	49491	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.177824974 CEST	443	49491	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.179624081 CEST	49496	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.179644108 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.179713964 CEST	49496	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.179863930 CEST	49496	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.179867983 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.607537031 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.608016014 CEST	49492	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.608062029 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.608428955 CEST	49492	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.608443975 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.662228107 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.662542105 CEST	49493	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.662568092 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.662916899 CEST	49493	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.662923098 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.677820921 CEST	443	49494	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.678143978 CEST	49494	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.678188086 CEST	443	49494	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.678466082 CEST	49494	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.678479910 CEST	443	49494	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.707427979 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.707623959 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.707703114 CEST	49492	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.707751989 CEST	49492	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.707751989 CEST	49492	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.707784891 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.707807064 CEST	443	49492	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.708663940 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.708949089 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.708964109 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.709285975 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.709295988 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.710139990 CEST	49497	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.710230112 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.710338116 CEST	49497	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.710444927 CEST	49497	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.710464001 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.758512974 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.758718014 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.758795977 CEST	49493	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.759965897 CEST	49493	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.760010958 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.760041952 CEST	49493	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.760057926 CEST	443	49493	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.762870073 CEST	49498	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.762959003 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.763051033 CEST	49498	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.763180017 CEST	49498	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.763199091 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.779856920 CEST	443	49494	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.780045033 CEST	443	49494	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.780108929 CEST	49494	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.780108929 CEST	49494	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.780147076 CEST	49494	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.780162096 CEST	443	49494	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.781929970 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.781950951 CEST	443	49499	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.782005072 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.782119989 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.782126904 CEST	443	49499	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.803428888 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.803975105 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.804064989 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.804075956 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.804135084 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.804219961 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.804219961 CEST	49495	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.804239988 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.804266930 CEST	443	49495	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.805483103 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.806435108 CEST	49496	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.806441069 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.806771994 CEST	49496	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.806775093 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.901093006 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.901159048 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.901238918 CEST	49496	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.901422024 CEST	49496	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.901436090 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:38.901446104 CEST	49496	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:38.901448965 CEST	443	49496	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.317384958 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.317997932 CEST	49497	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.318088055 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.318325043 CEST	49497	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.318341017 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.402048111 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.402484894 CEST	49498	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.402570963 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.402892113 CEST	49498	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.402908087 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.410918951 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.411092997 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.411159992 CEST	49497	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.411216974 CEST	49497	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.411216974 CEST	49497	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.411250114 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.411272049 CEST	443	49497	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.436186075 CEST	443	49499	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.436522961 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.436544895 CEST	443	49499	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.436855078 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.436860085 CEST	443	49499	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.500427008 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.500648022 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.500893116 CEST	49498	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.501568079 CEST	49498	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.501568079 CEST	49498	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.501612902 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.501641035 CEST	443	49498	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.540337086 CEST	443	49499	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.540493965 CEST	443	49499	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:39.540674925 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.540674925 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.540674925 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.852924109 CEST	49499	443	192.168.2.4	13.107.246.60
Oct 8, 2024 00:04:39.852947950 CEST	443	49499	13.107.246.60	192.168.2.4
Oct 8, 2024 00:04:48.011809111 CEST	49294	443	192.168.2.4	142.250.186.68
Oct 8, 2024 00:04:48.011843920 CEST	443	49294	142.250.186.68	192.168.2.4
Oct 8, 2024 00:04:48.011949062 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.012006044 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.012064934 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.012356043 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.012368917 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.089611053 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.089695930 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.089787006 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.089967966 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.089988947 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.636297941 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.636668921 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.636751890 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.637126923 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.639666080 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.639802933 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.639823914 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.639847040 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.639918089 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.682125092 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.695218086 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.695669889 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.695708036 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.696235895 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.698668957 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.698760986 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.698806047 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.698854923 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.698870897 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.928462029 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.929027081 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.929101944 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.929182053 CEST	49500	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.929224014 CEST	443	49500	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.983238935 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.983841896 CEST	443	49501	142.250.186.142	192.168.2.4
Oct 8, 2024 00:04:48.984055042 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.990022898 CEST	49501	443	192.168.2.4	142.250.186.142
Oct 8, 2024 00:04:48.990065098 CEST	443	49501	142.250.186.142	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 00:03:03.966645002 CEST	53	62638	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:04.013151884 CEST	52945	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:04.013277054 CEST	58227	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:04.254033089 CEST	53	58227	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:04.254081964 CEST	53	52945	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:04.254142046 CEST	53	52059	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:05.192670107 CEST	54559	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:05.192807913 CEST	52144	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:05.199713945 CEST	53	54559	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:05.199752092 CEST	53	52144	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:05.235490084 CEST	53	54974	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:08.353955984 CEST	60115	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:08.354172945 CEST	61531	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:08.361329079 CEST	53	60115	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:08.361453056 CEST	53	61531	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:11.529148102 CEST	53	63739	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:13.971548080 CEST	60252	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:13.971820116 CEST	60727	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:13.978590965 CEST	53	60252	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:13.979491949 CEST	53	60727	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:14.984900951 CEST	63304	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:14.985033989 CEST	61813	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:03:14.994370937 CEST	53	63304	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:14.994384050 CEST	53	61813	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:16.282480001 CEST	53	60397	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:21.125551939 CEST	138	138	192.168.2.4	192.168.2.255
Oct 8, 2024 00:03:23.112035990 CEST	53	56631	1.1.1.1	192.168.2.4
Oct 8, 2024 00:03:41.082545996 CEST	53	64410	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:03.696535110 CEST	53	62248	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:03.954040051 CEST	53	59181	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:05.718698025 CEST	53	51963	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:08.000699997 CEST	53	54671	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:16.145951033 CEST	53	52993	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:17.965440035 CEST	60489	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:17.965554953 CEST	57399	53	192.168.2.4	1.1.1.1
Oct 8, 2024 00:04:17.972366095 CEST	53	60489	1.1.1.1	192.168.2.4
Oct 8, 2024 00:04:17.972407103 CEST	53	57399	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 00:03:04.013151884 CEST	192.168.2.4	1.1.1.1	0xb999	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:04.013277054 CEST	192.168.2.4	1.1.1.1	0x12cd	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 8, 2024 00:03:05.192670107 CEST	192.168.2.4	1.1.1.1	0xfb65	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.192807913 CEST	192.168.2.4	1.1.1.1	0xbb5a	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 8, 2024 00:03:08.353955984 CEST	192.168.2.4	1.1.1.1	0x42a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:08.354172945 CEST	192.168.2.4	1.1.1.1	0x1025	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 8, 2024 00:03:13.971548080 CEST	192.168.2.4	1.1.1.1	0x468	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:13.971820116 CEST	192.168.2.4	1.1.1.1	0xb723	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 8, 2024 00:03:14.984900951 CEST	192.168.2.4	1.1.1.1	0x91ec	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:14.985033989 CEST	192.168.2.4	1.1.1.1	0xad63	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 8, 2024 00:04:17.965440035 CEST	192.168.2.4	1.1.1.1	0x7b73	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:04:17.965554953 CEST	192.168.2.4	1.1.1.1	0xfbb9	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 00:03:04.254033089 CEST	1.1.1.1	192.168.2.4	0x12cd	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 8, 2024 00:03:04.254081964 CEST	1.1.1.1	192.168.2.4	0xb999	No error (0)	youtube.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199713945 CEST	1.1.1.1	192.168.2.4	0xfb65	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199752092 CEST	1.1.1.1	192.168.2.4	0xbb5a	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 00:03:05.199752092 CEST	1.1.1.1	192.168.2.4	0xbb5a	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 8, 2024 00:03:08.361329079 CEST	1.1.1.1	192.168.2.4	0x42a	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:08.361453056 CEST	1.1.1.1	192.168.2.4	0x1025	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 8, 2024 00:03:13.978590965 CEST	1.1.1.1	192.168.2.4	0x468	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 00:03:13.978590965 CEST	1.1.1.1	192.168.2.4	0x468	No error (0)	www3.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:03:13.979491949 CEST	1.1.1.1	192.168.2.4	0xb723	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 00:03:14.994370937 CEST	1.1.1.1	192.168.2.4	0x91ec	No error (0)	play.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:04:17.972366095 CEST	1.1.1.1	192.168.2.4	0x7b73	No error (0)	play.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

accounts.youtube.com

play.google.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	142.250.186.174	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:04 UTC	859	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:03:05 UTC	1726	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 22:03:05 GMT Date: Mon, 07 Oct 2024 22:03:05 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Server: ESF Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:05 UTC	877	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:03:06 UTC	2634	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 22:03:06 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Content-Security-Policy: require-trusted-types-for 'script' Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 22:33:06 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=mhB-4xn8HaE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=mE2TIwXr1gg; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 22:03:06 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgEA%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 22:03:06 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 22:03:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=153751 Date: Mon, 07 Oct 2024 22:03:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49750	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 22:03:12 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=153686 Date: Mon, 07 Oct 2024 22:03:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 22:03:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49757	142.250.186.110	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:14 UTC	1224	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2098705485&timestamp=1728338593573 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:03:14 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: script-src 'report-sample' 'nonce-sSxIjmegCyARf9iReSVlPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 22:03:14 GMT Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw15BikPj6kkkLiJ3SZ7CGAHHSv_OsJUB8ufsS63UgVu25xGoOxEUSV1hbgFiIh2PR1ok72AQWNBz4zKSkl5RfGJ-ZkppXkllSmZKfm5iZl5yfn52ZWlycWlSWWhRvZGBkYmBpZKlnYBFfYAAA0GQtPA" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 73 53 78 49 6a 6d 65 67 43 79 41 52 66 39 69 52 65 53 56 6c 50 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 761c<html><head><script nonce="sSxIjmegCyARf9iReSVlPg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
2024-10-07 22:03:14 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49763	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:15 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:03:16 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:03:15 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49761	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:15 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:03:15 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:03:15 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49766	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:16 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 505 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:03:16 UTC	505	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 33 38 35 39 34 36 37 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728338594675",null,null,null
2024-10-07 22:03:16 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=0zBULNP9eu6x81IRAnb4Gkr-mw_jZXZJBvhz3LfZMSwSiWprz0cy6Zb-JZU4w24IDcBBJV3Gp7xqgLkKtfxxydWylhrOoPvK8qZ7VscFbKzrCE6s4IF2jlu_kDzYHhjjv5SwW7SG38osr-S8GueZTihlBmm1SYmgs7fbIt_LbhnZudiYdw; expires=Tue, 08-Apr-2025 22:03:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:03:16 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 22:03:16 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 22:03:16 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 22:03:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49741	142.250.186.68	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:16 UTC	1025	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:03:17 UTC	703	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 22:02:42 GMT Expires: Tue, 15 Oct 2024 22:02:42 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 35 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 22:03:17 UTC	687	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 22:03:17 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb ff Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 22:03:17 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc d8 Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 22:03:17 UTC	1390	IN	Data Raw: 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 22:03:17 UTC	573	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49769	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:17 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 518 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:03:17 UTC	518	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 33 38 35 39 34 35 39 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728338594592",null,null,null
2024-10-07 22:03:17 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=q6G_LXmV6CqW5_cW-3srJJY_VnJmS34ePikSRyc8h_4p-Q9ILjXichExk_TFndjHc8J19MbCdHn1VKyPrK_KRqMYSBeav8764HJbPN6yra0AfJ4Xc3c5pVbEpT8KVVejLRi5H1VpuJf5L17xNI5R1oWFGwCi4PlkszCRv1XwhZqe1Gpy4Q; expires=Tue, 08-Apr-2025 22:03:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:03:17 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 22:03:17 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 22:03:17 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 22:03:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49770	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:18 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DtSNpxMAKVMAY8k&MD=DzO+wVMw HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 22:03:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4b7f1b38-184f-4c87-83d3-9dc2d43da0c2 MS-RequestId: 84e8c09c-0c50-4fbf-bd5a-caf4c650f235 MS-CV: D8k9PDzl30qzXaWI.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 22:03:17 GMT Connection: close Content-Length: 24490
2024-10-07 22:03:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 22:03:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49782	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:23 UTC	1306	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1221 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=q6G_LXmV6CqW5_cW-3srJJY_VnJmS34ePikSRyc8h_4p-Q9ILjXichExk_TFndjHc8J19MbCdHn1VKyPrK_KRqMYSBeav8764HJbPN6yra0AfJ4Xc3c5pVbEpT8KVVejLRi5H1VpuJf5L17xNI5R1oWFGwCi4PlkszCRv1XwhZqe1Gpy4Q
2024-10-07 22:03:23 UTC	1221	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 33 33 38 35 39 32 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728338592000",null,null,null,
2024-10-07 22:03:24 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=ZRFUUCwJXWFqOUV53SY5NH0JdrzRxoNyS_7O9KUM6-W7BYATw052_wcyvxp1wMu71VnrW_IFsssk-MX7oXpVUJzj8Le8n1TvAnlYZt17jKXpsTsviYSyL1gZe-GoW6wonyB4wXmPCicZcmmKfNrUFLZpt26N5skBI1656KYzMk0YhhnJAoZTB96FOw; expires=Tue, 08-Apr-2025 22:03:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:03:23 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 22:03:23 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 22:03:24 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 22:03:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49783	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:46 UTC	1297	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1069 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=ZRFUUCwJXWFqOUV53SY5NH0JdrzRxoNyS_7O9KUM6-W7BYATw052_wcyvxp1wMu71VnrW_IFsssk-MX7oXpVUJzj8Le8n1TvAnlYZt17jKXpsTsviYSyL1gZe-GoW6wonyB4wXmPCicZcmmKfNrUFLZpt26N5skBI1656KYzMk0YhhnJAoZTB96FOw
2024-10-07 22:03:46 UTC	1069	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-10-07 22:03:46 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:03:46 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 22:03:46 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 22:03:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49784	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:47 UTC	1337	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1331 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=ZRFUUCwJXWFqOUV53SY5NH0JdrzRxoNyS_7O9KUM6-W7BYATw052_wcyvxp1wMu71VnrW_IFsssk-MX7oXpVUJzj8Le8n1TvAnlYZt17jKXpsTsviYSyL1gZe-GoW6wonyB4wXmPCicZcmmKfNrUFLZpt26N5skBI1656KYzMk0YhhnJAoZTB96FOw
2024-10-07 22:03:47 UTC	1331	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 33 38 36 32 36 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728338626887",null,null,null
2024-10-07 22:03:48 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:03:48 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 22:03:48 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 22:03:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49785	142.250.186.78	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:48 UTC	1337	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1279 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=ZRFUUCwJXWFqOUV53SY5NH0JdrzRxoNyS_7O9KUM6-W7BYATw052_wcyvxp1wMu71VnrW_IFsssk-MX7oXpVUJzj8Le8n1TvAnlYZt17jKXpsTsviYSyL1gZe-GoW6wonyB4wXmPCicZcmmKfNrUFLZpt26N5skBI1656KYzMk0YhhnJAoZTB96FOw
2024-10-07 22:03:48 UTC	1279	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 33 38 36 32 36 39 39 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728338626996",null,null,null
2024-10-07 22:03:48 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:03:48 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 22:03:48 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 22:03:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49786	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:56 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DtSNpxMAKVMAY8k&MD=DzO+wVMw HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 22:03:57 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 7cbe3867-7c19-4391-8f59-873b6e596c12 MS-RequestId: 5b0804c3-6b09-42fd-b771-b142780b9514 MS-CV: UU2stBxcL0erULVj.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 22:03:55 GMT Connection: close Content-Length: 30005
2024-10-07 22:03:57 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-07 22:03:57 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49787	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:57 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:57 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:57 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Sun, 06 Oct 2024 16:59:23 GMT ETag: "0x8DCE6283A3FA58B" x-ms-request-id: 86eceaf5-401e-00a3-6fa2-188b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220357Z-1657d5bbd48brl8we3nu8cxwgn00000004b000000000nyvx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:57 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 22:03:57 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49788	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd48dfrdj7px744zp8s00000003xg000000002179 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49790	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd4824mj9d6vp65b6n400000004500000000103a3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49791	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule120100v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	492	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 1000 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB097AFC9" x-ms-request-id: e852d697-101e-007a-4f88-18047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd48sqtlf1huhzuwq7000000003rg00000000rqkn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	1000	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 31 30 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 52 65 73 75 6d 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 33 22 20 49 3d 22 33 30 73 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 35 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120100" V="3" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <A T="2" E="TelemetryResume" /> <TI T="3" I="30s" /> <R T="4" R="120100" /> <TH T="5">

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49789	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd48lknvp09v995n79000000003qg00000000e97w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49792	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c62b5fc1-401e-0067-3a60-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd487nf59mzf5b3gk8n00000003p000000000mb3t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49796	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd48jwrqbupe3ktsx9w000000049000000000ct7v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49794	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 1be53f37-001e-00a2-0266-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd482krtfgrg72dfbtn00000003u000000000eaq1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49795	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd48vhs7r2p1ky7cs5w00000004g00000000004qk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49793	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 28f6fc08-301e-0020-466a-176299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd48sqtlf1huhzuwq7000000003ug00000000bp1d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49797	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:58 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:58 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220358Z-1657d5bbd48xlwdx82gahegw40000000044g000000010qxz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:58 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49798	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:59 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:59 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220359Z-1657d5bbd48dfrdj7px744zp8s00000003xg00000000219k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:59 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49799	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:59 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:59 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220359Z-1657d5bbd48sdh4cyzadbb37480000000400000000003y2c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:59 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49801	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:59 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:59 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220359Z-1657d5bbd482tlqpvyz9e93p54000000044g00000000eqfw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:59 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49802	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:59 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:59 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220359Z-1657d5bbd48q6t9vvmrkd293mg0000000430000000007sqn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:59 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49800	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:03:59 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:03:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:03:59 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220359Z-1657d5bbd48t66tjar5xuq22r8000000040000000000neg4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:03:59 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49803	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:00 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:00 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:00 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 98328d39-101e-0028-56f9-188f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220400Z-1657d5bbd482tlqpvyz9e93p54000000047g0000000046gu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-07 22:04:00 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49806	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:00 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:00 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220400Z-1657d5bbd48cpbzgkvtewk0wu0000000047g000000004gp5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:00 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49804	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:00 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:00 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220400Z-1657d5bbd48wd55zet5pcra0cg000000044g00000000246h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:00 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49805	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:00 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:00 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220400Z-1657d5bbd48tnj6wmberkg2xy8000000047g000000003yzy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49807	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:00 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:00 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: ca51ad8b-f01e-0085-6ef2-1888ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220400Z-1657d5bbd48q6t9vvmrkd293mg00000003y000000000vv3w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:00 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49809	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:00 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:00 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220400Z-1657d5bbd48q6t9vvmrkd293mg000000043g000000006c67 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:01 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49810	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:00 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:01 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220401Z-1657d5bbd48xlwdx82gahegw4000000004bg000000002gu0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:01 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49811	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:01 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:01 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: ffaa0582-b01e-0097-229f-184f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220401Z-1657d5bbd48hzllksrq1r6zsvs000000019000000000ez14 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:01 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49812	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:01 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:01 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220401Z-1657d5bbd48cpbzgkvtewk0wu0000000042000000000vbw3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:01 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49813	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:01 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:01 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220401Z-1657d5bbd48gqrfwecymhhbfm800000002vg00000000k9t9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:01 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49814	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:01 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:01 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220401Z-1657d5bbd48sdh4cyzadbb374800000003w000000000mk11 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:01 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49815	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:01 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:01 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220401Z-1657d5bbd482lxwq1dp2t1zwkc00000003u000000000ff06 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:01 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49816	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:01 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:01 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220401Z-1657d5bbd482lxwq1dp2t1zwkc00000003sg00000000pmem x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:01 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49817	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:02 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:02 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: ad400b52-801e-008f-58ac-182c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220402Z-1657d5bbd48hzllksrq1r6zsvs00000001cg000000002htn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:02 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49818	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:02 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:02 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 7c825ef0-601e-0001-5f02-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220402Z-1657d5bbd48xdq5dkwwugdpzr000000004a000000000udv8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:02 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49819	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:02 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:02 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 10df1352-f01e-00aa-105a-178521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220402Z-1657d5bbd487nf59mzf5b3gk8n00000003rg00000000a2b8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:02 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49820	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:02 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:02 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220402Z-1657d5bbd48762wn1qw4s5sd3000000003ug00000000y3aq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:02 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49822	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:03 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:03 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:03 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 2e74c407-101e-0065-7404-194088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220403Z-1657d5bbd482krtfgrg72dfbtn00000003xg000000001t9h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-07 22:04:03 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49821	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:03 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:03 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220403Z-1657d5bbd48vlsxxpe15ac3q7n0000000440000000005d57 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:03 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49823	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:03 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:03 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220403Z-1657d5bbd482tlqpvyz9e93p54000000047g0000000046rb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:03 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49824	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:03 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:03 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220403Z-1657d5bbd48xlwdx82gahegw4000000004b0000000004dp2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:03 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49808	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:03 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:03 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220403Z-1657d5bbd48sqtlf1huhzuwq7000000003x0000000001uma x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:03 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49828	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:04 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:04 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 11b227e2-601e-0002-7f6b-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220404Z-1657d5bbd48tqvfc1ysmtbdrg000000003vg00000000s483 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:04 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49829	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:04 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:04 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 7709e3c3-b01e-0097-5e02-174f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220404Z-1657d5bbd4824mj9d6vp65b6n4000000049g00000000b5yq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:04 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49827	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:04 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:04 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220404Z-1657d5bbd48qjg85buwfdynm5w000000042000000000x5ts x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:04 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49830	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:04 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:04 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: b2c548d6-d01e-0082-4f03-17e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220404Z-1657d5bbd48jwrqbupe3ktsx9w00000004a000000000932a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:04 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49826	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:04 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:04 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220404Z-1657d5bbd48sdh4cyzadbb374800000003xg00000000cfpe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:04 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49831	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:05 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220405Z-1657d5bbd48sdh4cyzadbb374800000003z0000000006x6n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:05 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49832	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:05 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5e879109-c01e-00a2-3e73-172327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220405Z-1657d5bbd48lknvp09v995n79000000003ng00000000rss5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:05 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49834	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:05 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220405Z-1657d5bbd48cpbzgkvtewk0wu0000000043000000000r4as x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:05 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49833	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:05 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220405Z-1657d5bbd48sqtlf1huhzuwq7000000003x0000000001uqb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:05 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49835	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:05 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220405Z-1657d5bbd48tqvfc1ysmtbdrg0000000040g0000000046d9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:05 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49838	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:05 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220405Z-1657d5bbd48t66tjar5xuq22r8000000043000000000893d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:06 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49836	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:05 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 04801829-801e-00ac-6301-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220405Z-1657d5bbd48brl8we3nu8cxwgn000000049g00000000u0xu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:06 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49837	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:06 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220406Z-1657d5bbd482krtfgrg72dfbtn00000003v0000000009ywf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:06 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49839	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220406Z-1657d5bbd48gqrfwecymhhbfm800000002v000000000p8tp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:06 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49840	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:05 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220406Z-1657d5bbd48xlwdx82gahegw40000000049000000000c3w5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:06 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49457	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:06 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:06 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: c367bd92-c01e-002b-14e8-186e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220406Z-1657d5bbd48f7nlxc7n5fnfzh000000003u0000000001v02 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:06 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-10-07 22:04:33 UTC	192	OUT	GET /rules/rule700250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:33 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE88A8C4E" x-ms-request-id: fdf6df08-901e-002a-30f1-167a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220433Z-1657d5bbd482tlqpvyz9e93p54000000045g00000000c5yx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:33 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 70 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 70 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Apple" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenApple" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49458	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:06 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 46a5aa72-701e-0032-6004-17a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220406Z-1657d5bbd48vlsxxpe15ac3q7n00000003zg00000000q64m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:06 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=
2024-10-07 22:04:33 UTC	192	OUT	GET /rules/rule700251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:33 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT ETag: "0x8DC582BED1F47B5" x-ms-request-id: 73114440-901e-0016-10f4-18efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220433Z-1657d5bbd48vhs7r2p1ky7cs5w00000004a000000000rzam x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:33 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 70 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 70 70 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Apple.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAppl

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49462	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:06 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:06 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220406Z-1657d5bbd48lknvp09v995n79000000003s000000000801k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:06 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule700650v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF204895" x-ms-request-id: 789e944f-601e-0032-1d06-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd482tlqpvyz9e93p54000000045000000000cgw6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:34 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 36 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 6e 64 72 6f 69 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 6e 64 72 6f 69 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700650" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Android" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAndroid" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49461	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:06 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:06 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220406Z-1657d5bbd482tlqpvyz9e93p540000000480000000002h26 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:07 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49459	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:06 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:06 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220406Z-1657d5bbd48vlsxxpe15ac3q7n00000003zg00000000q64v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:07 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-10-07 22:04:33 UTC	192	OUT	GET /rules/rule700651v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:33 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE63F9252" x-ms-request-id: a37f85d0-801e-0015-17ed-18f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220433Z-1657d5bbd48vlsxxpe15ac3q7n0000000440000000005eq9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:33 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 36 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 6e 64 72 6f 69 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700651" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Android.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAn

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49463	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:07 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:07 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: a5c33fd0-601e-003d-6fff-186f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220407Z-1657d5bbd48xsz2nuzq4vfrzg800000003zg000000007x9b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:07 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule703301v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1419 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB88DB43" x-ms-request-id: 3b1d3227-101e-008e-4502-17cf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd48vlsxxpe15ac3q7n0000000450000000002btf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:34 UTC	1419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 69 72 54 72 61 66 66 69 63 43 6f 6e 74 72 6f 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703301" V="0" DC="SM" EN="Office.Telemetry.Event.Office.AirTrafficControl.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTen

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49464	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:07 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:07 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220407Z-1657d5bbd48vhs7r2p1ky7cs5w00000004b000000000kdxf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:07 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule703300v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1382 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBF2D844" x-ms-request-id: 686ad917-401e-0048-2674-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd48f7nlxc7n5fnfzh000000003m000000000zqfe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:34 UTC	1382	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 69 72 54 72 61 66 66 69 63 43 6f 6e 74 72 6f 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 69 72 54 72 61 66 66 69 63 43 6f 6e 74 72 6f 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703300" V="0" DC="SM" EN="Office.Telemetry.Event.Office.AirTrafficControl" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAirTrafficControl" S="Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49465	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:07 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:07 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220407Z-1657d5bbd48tnj6wmberkg2xy8000000043000000000qpy3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:07 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule701751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:04 GMT ETag: "0x8DC582BEBFFA9D9" x-ms-request-id: 700f64f0-201e-005d-24a2-18afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd48hzllksrq1r6zsvs00000001cg000000002mhk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:34 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 69 72 53 70 61 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.AirSpace.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenA

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49466	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:07 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:07 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220407Z-1657d5bbd48vlsxxpe15ac3q7n00000003y000000000x9fs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:07 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule701750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC40C5B7" x-ms-request-id: 3a263803-d01e-0066-48f5-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd48qjg85buwfdynm5w000000045000000000ezsb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:34 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 69 72 53 70 61 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 69 72 73 70 61 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.AirSpace" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAirspace" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49467	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:07 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:07 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220407Z-1657d5bbd48vhs7r2p1ky7cs5w000000048g00000000x1xe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:07 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule701651v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF17222B" x-ms-request-id: ce208688-601e-0084-64fe-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd482krtfgrg72dfbtn00000003tg00000000h8xe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:34 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 36 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 63 74 69 76 69 74 79 46 65 65 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701651" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ActivityFeed.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49468	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:08 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:08 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220408Z-1657d5bbd48q6t9vvmrkd293mg00000003z000000000s74b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:08 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule701650v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6D6DA46" x-ms-request-id: f54c3507-701e-006f-1813-17afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd48xdq5dkwwugdpzr000000004b000000000p33s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:35 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 36 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 63 74 69 76 69 74 79 46 65 65 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 63 74 69 76 69 74 79 46 65 65 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701650" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ActivityFeed" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenActivityFeed" S="Medium" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49469	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:08 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:08 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220408Z-1657d5bbd48f7nlxc7n5fnfzh000000003t0000000005dcs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:08 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule702451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:52 GMT ETag: "0x8DC582BE4D75D62" x-ms-request-id: 7cc8d0fa-701e-0098-66dc-16395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd48t66tjar5xuq22r8000000044g000000002t0g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:35 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 63 63 65 73 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 63 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Access.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAcc

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49470	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:08 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:08 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220408Z-1657d5bbd48gqrfwecymhhbfm800000002v000000000p8xc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:08 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-10-07 22:04:34 UTC	192	OUT	GET /rules/rule702450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:34 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32CD4D2" x-ms-request-id: 9e1e7bbe-201e-00aa-0ddb-183928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220434Z-1657d5bbd48xdq5dkwwugdpzr000000004c000000000fp29 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:35 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 63 63 65 73 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 63 63 65 73 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Access" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAccess" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49472	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:08 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220408Z-1657d5bbd48sdh4cyzadbb374800000003vg00000000nasa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />
2024-10-07 22:04:35 UTC	192	OUT	GET /rules/rule120128v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:35 GMT Content-Type: text/xml Content-Length: 658 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:40 GMT ETag: "0x8DC582B95FA6908" x-ms-request-id: 93828b73-001e-0046-3860-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220435Z-1657d5bbd487nf59mzf5b3gk8n00000003qg00000000eve0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:35 UTC	658	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 31 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 55 73 65 72 43 68 61 6e 67 65 64 44 69 61 67 6e 6f 73 74 69 63 4c 65 76 65 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120128" V="0" DC="SM" EN="Office.System.UserChangedDiagnosticLevel" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="PSU" xmlns="">

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49471	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:08 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:08 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220408Z-1657d5bbd48wd55zet5pcra0cg000000042000000000bv0q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:08 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr
2024-10-07 22:04:35 UTC	192	OUT	GET /rules/rule701101v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:35 GMT Content-Type: text/xml Content-Length: 1411 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC12C03" x-ms-request-id: 047ca75b-801e-00ac-5200-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220435Z-1657d5bbd48t66tjar5xuq22r800000003zg00000000r0pn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:35 UTC	1411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 63 63 65 73 73 69 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701101" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Accessibility.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantT

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49292	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:09 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 897bc565-f01e-0096-5e60-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220409Z-1657d5bbd48sdh4cyzadbb374800000003vg00000000nat3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:09 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49293	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:09 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220409Z-1657d5bbd48xlwdx82gahegw40000000044g000000010rn9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:09 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49296	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:09 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220409Z-1657d5bbd48jwrqbupe3ktsx9w00000004cg0000000000d1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:09 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49297	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:09 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220409Z-1657d5bbd48lknvp09v995n79000000003q000000000gsvn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:09 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49298	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:09 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 3c7823fd-401e-0015-0c60-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220409Z-1657d5bbd48dfrdj7px744zp8s00000003wg000000005b5g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:09 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49299	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:09 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220409Z-1657d5bbd48xdq5dkwwugdpzr000000004eg000000005u8g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:09 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49300	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:09 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220409Z-1657d5bbd48sdh4cyzadbb374800000003tg00000000whm5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:10 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49301	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:09 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220409Z-1657d5bbd48vhs7r2p1ky7cs5w000000049000000000w1nc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:10 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49302	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:09 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd48tqvfc1ysmtbdrg000000003vg00000000s4ns x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:12 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49303	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:10 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:10 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220410Z-1657d5bbd48tnj6wmberkg2xy8000000046g0000000080g0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:10 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49304	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:10 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:10 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220410Z-1657d5bbd48qjg85buwfdynm5w000000045000000000eyac x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:10 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49305	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:10 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:10 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220410Z-1657d5bbd48vlsxxpe15ac3q7n000000044g000000003hry x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:10 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49306	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:10 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:10 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220410Z-1657d5bbd48jwrqbupe3ktsx9w00000004cg0000000000eb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:10 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49307	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:10 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:10 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220410Z-1657d5bbd48brl8we3nu8cxwgn000000049000000000wtr9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:10 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49308	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:11 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:11 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220411Z-1657d5bbd48tqvfc1ysmtbdrg000000003yg00000000bsr0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:11 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49309	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:11 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:11 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: 6418a561-001e-0082-7453-185880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220411Z-1657d5bbd48dfrdj7px744zp8s00000003qg00000000zbr8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:11 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49310	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:11 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:11 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220411Z-1657d5bbd48qjg85buwfdynm5w000000045g00000000dk6m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:11 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49311	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:11 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:11 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220411Z-1657d5bbd4824mj9d6vp65b6n400000004ag0000000072u4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:11 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49312	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:12 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd48q6t9vvmrkd293mg0000000430000000007t9h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:12 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49313	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:12 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd48qjg85buwfdynm5w000000045g00000000dk79 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:12 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49315	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:12 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 568d9e7f-301e-0096-35a2-18e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd48hzllksrq1r6zsvs000000017000000000rp2b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:12 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49314	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:12 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 7fec7b7f-701e-005c-12a5-18bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd48hzllksrq1r6zsvs00000001a000000000ce5k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:12 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49316	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:12 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: b6c21a8e-c01e-008e-115a-177381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd48sqtlf1huhzuwq7000000003qg00000000wyup x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:12 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49317	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:12 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 76165599-601e-000d-1a02-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd482tlqpvyz9e93p540000000460000000009rcw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:12 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49318	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:12 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd48vhs7r2p1ky7cs5w00000004d000000000b3cy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:12 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49319	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:12 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:12 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220412Z-1657d5bbd48762wn1qw4s5sd300000000400000000005z4n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:13 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49320	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:13 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:13 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 6f1c5b1d-901e-0048-485a-17b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220413Z-1657d5bbd487nf59mzf5b3gk8n00000003rg00000000a2re x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:13 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49321	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:13 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:13 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220413Z-1657d5bbd48q6t9vvmrkd293mg00000003yg00000000v77x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:13 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49323	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:13 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:13 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220413Z-1657d5bbd48vhs7r2p1ky7cs5w00000004bg00000000gntz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:13 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49322	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:13 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:13 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: e8c58a57-d01e-0065-7e78-18b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220413Z-1657d5bbd48hzllksrq1r6zsvs00000001bg000000006nrq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:13 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49324	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:13 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:13 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220413Z-1657d5bbd48qjg85buwfdynm5w000000044000000000kgts x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:14 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49326	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:14 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:14 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220414Z-1657d5bbd48jwrqbupe3ktsx9w00000004b00000000055np x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:14 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49325	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:14 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:14 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220414Z-1657d5bbd482lxwq1dp2t1zwkc00000003xg000000001rb9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:14 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49328	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:14 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:14 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 740c05bf-801e-008c-4478-187130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220414Z-1657d5bbd48hzllksrq1r6zsvs000000016g00000000uzuc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:14 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49327	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:14 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:14 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 52963dc7-601e-0084-0e74-176b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220414Z-1657d5bbd48lknvp09v995n79000000003mg00000000vw60 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:14 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49329	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:14 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:14 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: f076ebb2-f01e-001f-3766-175dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220414Z-1657d5bbd48sdh4cyzadbb37480000000400000000003yf7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:14 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49331	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:15 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:15 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220415Z-1657d5bbd48brl8we3nu8cxwgn00000004fg000000001tcf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:15 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49330	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:15 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:15 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220415Z-1657d5bbd48f7nlxc7n5fnfzh000000003u0000000001veb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:15 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49332	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:15 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:15 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220415Z-1657d5bbd4824mj9d6vp65b6n400000004b0000000005b2z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:15 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49333	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:15 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:15 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 6dc6331d-801e-0047-0866-177265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220415Z-1657d5bbd482lxwq1dp2t1zwkc00000003ug00000000eacu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:15 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49334	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:15 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:15 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220415Z-1657d5bbd48brl8we3nu8cxwgn00000004g00000000006ve x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:15 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49335	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:15 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd48tqvfc1ysmtbdrg000000003ug00000000vrh6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:16 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49336	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 1eaf42aa-001e-0014-79db-185151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd48xlwdx82gahegw4000000004c0000000000wbc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49338	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 635e2ff4-801e-0035-1973-17752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd482krtfgrg72dfbtn00000003qg00000000x8dn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:16 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49337	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd48xlwdx82gahegw40000000048000000000gcz6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49339	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd48tnj6wmberkg2xy8000000043000000000qqqd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:16 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49343	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd48vlsxxpe15ac3q7n000000045g000000000ahs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:16 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49340	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd48lknvp09v995n79000000003t00000000049sk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49341	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd48vhs7r2p1ky7cs5w00000004eg000000005v81 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49344	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd48tqvfc1ysmtbdrg000000003v000000000ubkf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49345	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:16 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220416Z-1657d5bbd482tlqpvyz9e93p540000000470000000005mwk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49346	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:17 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:17 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 4833e4a9-401e-0047-05a5-188597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220417Z-1657d5bbd48hzllksrq1r6zsvs00000001ag000000009nrc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:17 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49349	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:17 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:17 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220417Z-1657d5bbd48qjg85buwfdynm5w000000045g00000000dks0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:17 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49348	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:17 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220417Z-1657d5bbd48qjg85buwfdynm5w000000042g00000000tp34 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49350	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:17 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:17 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220417Z-1657d5bbd48brl8we3nu8cxwgn000000049g00000000u1np x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:17 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49347	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:17 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220417Z-1657d5bbd48762wn1qw4s5sd3000000003u0000000012h3u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49351	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:18 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:18 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220418Z-1657d5bbd48dfrdj7px744zp8s00000003vg0000000098zz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:18 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49354	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:18 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:18 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220418Z-1657d5bbd48762wn1qw4s5sd30000000041g000000000khm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:18 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49352	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:18 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220418Z-1657d5bbd48gqrfwecymhhbfm800000002y0000000008ubh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49353	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:18 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:18 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 47beafb5-201e-006e-16a0-18bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220418Z-1657d5bbd48hzllksrq1r6zsvs00000001ag000000009nsk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:18 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49355	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:18 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:18 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220418Z-1657d5bbd482krtfgrg72dfbtn00000003ug00000000cppp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:18 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.4	49356	142.250.186.142	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:18 UTC	1337	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1322 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=ZRFUUCwJXWFqOUV53SY5NH0JdrzRxoNyS_7O9KUM6-W7BYATw052_wcyvxp1wMu71VnrW_IFsssk-MX7oXpVUJzj8Le8n1TvAnlYZt17jKXpsTsviYSyL1gZe-GoW6wonyB4wXmPCicZcmmKfNrUFLZpt26N5skBI1656KYzMk0YhhnJAoZTB96FOw
2024-10-07 22:04:18 UTC	1322	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 33 38 36 35 37 35 37 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728338657577",null,null,null
2024-10-07 22:04:19 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:04:18 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 22:04:19 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 22:04:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	49357	142.250.186.142	443	7900	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:18 UTC	1337	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1329 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=ZRFUUCwJXWFqOUV53SY5NH0JdrzRxoNyS_7O9KUM6-W7BYATw052_wcyvxp1wMu71VnrW_IFsssk-MX7oXpVUJzj8Le8n1TvAnlYZt17jKXpsTsviYSyL1gZe-GoW6wonyB4wXmPCicZcmmKfNrUFLZpt26N5skBI1656KYzMk0YhhnJAoZTB96FOw
2024-10-07 22:04:18 UTC	1329	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 33 38 36 35 37 36 37 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728338657670",null,null,null
2024-10-07 22:04:19 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 22:04:18 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 22:04:19 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 22:04:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49358	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:19 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:19 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220419Z-1657d5bbd48tqvfc1ysmtbdrg0000000041g000000000y8f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:19 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49359	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:19 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:19 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220419Z-1657d5bbd482tlqpvyz9e93p54000000047g0000000047qp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:19 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49360	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:04:19 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 22:04:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 22:04:19 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T220419Z-1657d5bbd48t66tjar5xuq22r8000000043g000000006cxh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 22:04:19 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Target ID:	0
Start time:	18:03:00
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xf80000
File size:	919'040 bytes
MD5 hash:	9FC1B0376A8ABA2FF9FB5872400AE57F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	18:03:00
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xf10000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	18:03:00
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	18:03:00
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xf10000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	18:03:00
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	18:03:00
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xf10000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	18:03:00
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	18:03:01
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xf10000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	18:03:01
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	18:03:01
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xf10000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	18:03:01
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	18:03:02
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	18:03:03
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	18:03:14
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	18:03:14
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1948,i,14485814418157009044,6924245098132563507,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.7%
Total number of Nodes:	1606
Total number of Limit Nodes:	67

Executed Functions

Function 00F842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00F8430D

Part of subcall function 00F86B57: _wcslen.LIBCMT ref: 00F86B6A

GetCurrentProcess.KERNEL32(?,0101CB64,00000000,?,?), ref: 00F84422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00F84429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00F84454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00F84466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00F84474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00F8447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00F844A0

Strings

|O, xrefs: 00FC36F8
GetNativeSystemInfo, xrefs: 00F84460
kernel32.dll, xrefs: 00F8444F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 12904b7b921fa18c46b70564d4cacccebe415c38c98ce5cbbd542a5e58239ede
Instruction ID: 38a90a8da0db863c5b5c66729cc340e8fd22759d200e2ca1c94b4b24e50ae988
Opcode Fuzzy Hash: 12904b7b921fa18c46b70564d4cacccebe415c38c98ce5cbbd542a5e58239ede
Instruction Fuzzy Hash: 39A18E7290E3C1CBC731D769B5A17D67FA46F26394B08C89DD4C1A3A0BD23E4908EB61

Function 00F842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00F850AA,?,?,00000000,00000000), ref: 00F842B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00F850AA,?,?,00000000,00000000), ref: 00F842C9
LoadResource.KERNEL32(?,00000000,?,?,00F850AA,?,?,00000000,00000000,?,?,?,?,?,?,00F84F20), ref: 00FC35BE
SizeofResource.KERNEL32(?,00000000,?,?,00F850AA,?,?,00000000,00000000,?,?,?,?,?,?,00F84F20), ref: 00FC35D3
LockResource.KERNEL32(00F850AA,?,?,00F850AA,?,?,00000000,00000000,?,?,?,?,?,?,00F84F20,?), ref: 00FC35E6

Strings

SCRIPT, xrefs: 00F842BF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 64ff2fe03eca32255dc718a5aaf7c79347ba8a4a186fab701f60b3f483871615
Instruction ID: aa5f985ea2aacc98d4b6bd2f0046a72358c3c2509525fcb4112f95d0598032d5
Opcode Fuzzy Hash: 64ff2fe03eca32255dc718a5aaf7c79347ba8a4a186fab701f60b3f483871615
Instruction Fuzzy Hash: F3119A70240306AFE7219B65DD48FA77BB9FBC9B65F108169F44686240DB76E8009730

Function 00FC2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00F82B6B

Part of subcall function 00F83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01051418,?,00F82E7F,?,?,?,00000000), ref: 00F83A78

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,01042224), ref: 00FC2C10
ShellExecuteW.SHELL32(00000000,?,?,01042224), ref: 00FC2C17

Strings

runas, xrefs: 00FC2C0B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 7ae2079857211e4e5ab2f747f3ca6fcf51d88c698a54cbe17ff0882512f4e2e4
Instruction ID: d653f8904d9101a01b3b58a7474318c9a0b23d34bb54c2ecbb97cf27ac58e471
Opcode Fuzzy Hash: 7ae2079857211e4e5ab2f747f3ca6fcf51d88c698a54cbe17ff0882512f4e2e4
Instruction Fuzzy Hash: 8611B1316083026BC754FF60DD82AFEBBA4ABD5750F48142DF1C2560A2CF7D9A4AA712

Function 0100A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0100A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 0100A6BA

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Process32NextW.KERNEL32(00000000,?), ref: 0100A79C
CloseHandle.KERNELBASE(00000000), ref: 0100A7AB

Part of subcall function 00F9CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00FC3303,?), ref: 00F9CE8A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 01e0cb086e9b905a885f19204aca17932169501976c1fb726f6c2e9098000a9b
Instruction ID: 089d29b7b33a654ec9bfc0a18cb0a42654afb88d688ced576df912479044f959
Opcode Fuzzy Hash: 01e0cb086e9b905a885f19204aca17932169501976c1fb726f6c2e9098000a9b
Instruction Fuzzy Hash: BA515C71608301AFE710EF24CC86A6BBBE8FF89754F40891DF58597291EB35D904DB92

Function 00FEDBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00FC5222), ref: 00FEDBCE
GetFileAttributesW.KERNELBASE(?), ref: 00FEDBDD
FindFirstFileW.KERNEL32(?,?), ref: 00FEDBEE
FindClose.KERNEL32(00000000), ref: 00FEDBFA

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 34c07ac64949e2b52a771a5dba4ce06bab3b74b11692f63f2df17a5b2cdff3b3
Instruction ID: 0d599580e69a3607fb9ba0fa4c236a88c76b9eafd9ac61a814a80bed5c711517
Opcode Fuzzy Hash: 34c07ac64949e2b52a771a5dba4ce06bab3b74b11692f63f2df17a5b2cdff3b3
Instruction Fuzzy Hash: 30F0E5318509105792306B7CAE0D8AA376D9E02374B204702F8BAC24E0EBBD9D64D7D6

Function 00FA4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00FB28E9,?,00FA4CBE,00FB28E9,010488B8,0000000C,00FA4E15,00FB28E9,00000002,00000000,?,00FB28E9), ref: 00FA4D09
TerminateProcess.KERNEL32(00000000,?,00FA4CBE,00FB28E9,010488B8,0000000C,00FA4E15,00FB28E9,00000002,00000000,?,00FB28E9), ref: 00FA4D10
ExitProcess.KERNEL32 ref: 00FA4D22

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 23aa5bdedc2df9aca0ee86ef9a7ba309ef1844e712de94e405ae2548e23cd135
Instruction ID: 4b82b29100830642e263bf54a92c55ce078b7543d66783ee61cfa2f0987fcd05
Opcode Fuzzy Hash: 23aa5bdedc2df9aca0ee86ef9a7ba309ef1844e712de94e405ae2548e23cd135
Instruction Fuzzy Hash: 02E0B671480148ABDF21AF54DE09A587B69EF82795B104014FD458A126DB7EEE42EF80

Function 0100AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 0100B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0100B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0100B1D4
_wcslen.LIBCMT ref: 0100B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0100B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0100B236
_wcslen.LIBCMT ref: 0100B332

Part of subcall function 00FF05A7: GetStdHandle.KERNEL32(000000F6), ref: 00FF05C6

_wcslen.LIBCMT ref: 0100B34B
_wcslen.LIBCMT ref: 0100B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0100B3B6
GetLastError.KERNEL32(00000000), ref: 0100B407
CloseHandle.KERNEL32(?), ref: 0100B439
CloseHandle.KERNEL32(00000000), ref: 0100B44A
CloseHandle.KERNEL32(00000000), ref: 0100B45C
CloseHandle.KERNEL32(00000000), ref: 0100B46E
CloseHandle.KERNEL32(?), ref: 0100B4E3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 11326f11a4e03024a569fd20f44d11332250f619c1a2e0e4f270680ff7187210
Instruction ID: 3c31b7b2aae2543fcc980e417ec5c27220b2fe0b126ec3d3f9505b5b93180a19
Opcode Fuzzy Hash: 11326f11a4e03024a569fd20f44d11332250f619c1a2e0e4f270680ff7187210
Instruction Fuzzy Hash: 3AF1BE356083409FE725EF28C881B6EBBE5BF85310F18845DF9958B2A2DB35EC04CB52

Function 00F8D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00F8D807
timeGetTime.WINMM ref: 00F8DA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F8DB28
TranslateMessage.USER32(?), ref: 00F8DB7B
DispatchMessageW.USER32(?), ref: 00F8DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F8DB9F
Sleep.KERNELBASE(0000000A), ref: 00F8DBB1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 2dbd33123350ef6a419d87db15834312a774ec8c94d6b066c9f32d1ccf7ab168
Instruction ID: 300424a6768a53c548dc8abc6ffcf5257ab186694ff02c930c0d0f5ae9b8971f
Opcode Fuzzy Hash: 2dbd33123350ef6a419d87db15834312a774ec8c94d6b066c9f32d1ccf7ab168
Instruction Fuzzy Hash: 1442D131A08341EFD738EF24C844BAAB7E1BF95324F18451AE495873D1D779E844EB92

Function 00F82CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00F82D07
RegisterClassExW.USER32(00000030), ref: 00F82D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F82D42
InitCommonControlsEx.COMCTL32(?), ref: 00F82D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F82D6F
LoadIconW.USER32(000000A9), ref: 00F82D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F82D94

Strings

AutoIt v3 GUI, xrefs: 00F82D23
TaskbarCreated, xrefs: 00F82D37
+, xrefs: 00F82CF0
0, xrefs: 00F82CE9

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 73dc3910db5bf4346e68b3c50d593ea9bd54293e77e3bb9fbd2ba8a552da9a86
Instruction ID: d5d83942dc3b9b88de9ac7ea59ca9590b40f6b78a13d5cf1a17a6140ef4b752c
Opcode Fuzzy Hash: 73dc3910db5bf4346e68b3c50d593ea9bd54293e77e3bb9fbd2ba8a552da9a86
Instruction Fuzzy Hash: 3D212CB5D41308AFEB21DFA4E949BDEBBB4FB08700F00811AF591A7284D7BA8540CF90

Function 00FC065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00FC039A: CreateFileW.KERNELBASE(00000000,00000000,?,00FC0704,?,?,00000000,?,00FC0704,00000000,0000000C), ref: 00FC03B7

GetLastError.KERNEL32 ref: 00FC076F
__dosmaperr.LIBCMT ref: 00FC0776
GetFileType.KERNELBASE(00000000), ref: 00FC0782
GetLastError.KERNEL32 ref: 00FC078C
__dosmaperr.LIBCMT ref: 00FC0795
CloseHandle.KERNEL32(00000000), ref: 00FC07B5
CloseHandle.KERNEL32(?), ref: 00FC08FF
GetLastError.KERNEL32 ref: 00FC0931
__dosmaperr.LIBCMT ref: 00FC0938

Strings

H, xrefs: 00FC08BD

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: c8be5776c70a8296e35fe0da4a73ceea7e06176a5d3f9c2ace97ed0aa97c6f05
Instruction ID: 974dfee0051af0f0cc729134558bbbb466c683801537f04fb124d52b972f9d13
Opcode Fuzzy Hash: c8be5776c70a8296e35fe0da4a73ceea7e06176a5d3f9c2ace97ed0aa97c6f05
Instruction Fuzzy Hash: 61A12432A002058FDF29AF68D952BAE3BE0AB06320F14015DF8159F3D1DB399D13EB91

Function 00F8344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00F83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01051418,?,00F82E7F,?,?,?,00000000), ref: 00F83A78

Part of subcall function 00F83357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F83379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00F8356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00FC318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00FC31CE
RegCloseKey.ADVAPI32(?), ref: 00FC3210
_wcslen.LIBCMT ref: 00FC3277
_wcslen.LIBCMT ref: 00FC3286

Strings

\, xrefs: 00FC328C
\Include\, xrefs: 00F83527
Include, xrefs: 00FC3184, 00FC31C5
Software\AutoIt v3\AutoIt, xrefs: 00F83560

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: ebd76ff8b13d7e80e442c3fa5a0a3d9d15e6dd6f67df74977c5290e419e61a0e
Instruction ID: 79d248f83479306a1e87ce68b6ce7963e370d8a589ea8606cc08ddce7ac32814
Opcode Fuzzy Hash: ebd76ff8b13d7e80e442c3fa5a0a3d9d15e6dd6f67df74977c5290e419e61a0e
Instruction Fuzzy Hash: B571C071408301DEC724EF25DC829ABBBE8FF85740F40842EF48597166EB79DA48DB51

Function 00F82B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00F82B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00F82B9D
LoadIconW.USER32(00000063), ref: 00F82BB3
LoadIconW.USER32(000000A4), ref: 00F82BC5
LoadIconW.USER32(000000A2), ref: 00F82BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00F82BEF
RegisterClassExW.USER32(?), ref: 00F82C40

Part of subcall function 00F82CD4: GetSysColorBrush.USER32(0000000F), ref: 00F82D07
Part of subcall function 00F82CD4: RegisterClassExW.USER32(00000030), ref: 00F82D31
Part of subcall function 00F82CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F82D42
Part of subcall function 00F82CD4: InitCommonControlsEx.COMCTL32(?), ref: 00F82D5F
Part of subcall function 00F82CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F82D6F
Part of subcall function 00F82CD4: LoadIconW.USER32(000000A9), ref: 00F82D85
Part of subcall function 00F82CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F82D94

Strings

0, xrefs: 00F82C0F
#, xrefs: 00F82C16
AutoIt v3, xrefs: 00F82C2F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 48ffe7629b59a491ab79f5381d49dcd3f82e47f80dd4a618efebd869b061ff7d
Instruction ID: 81d070096a9b23d283b9ef94e2d2ca83ad11d51531b0cf14c3c9304978923075
Opcode Fuzzy Hash: 48ffe7629b59a491ab79f5381d49dcd3f82e47f80dd4a618efebd869b061ff7d
Instruction Fuzzy Hash: F1219270E40314AFDB209F95E964B9E7FB9FB08B50F00811AF580A7295D3BE4540DF80

Function 00F83170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00F8316A,?,?), ref: 00F831D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00F8316A,?,?), ref: 00F83204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F83227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00F8316A,?,?), ref: 00F83232
CreatePopupMenu.USER32 ref: 00F83246
PostQuitMessage.USER32(00000000), ref: 00F83267

Strings

TaskbarCreated, xrefs: 00F8322D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: d0deb9ec162f0d84a22ee488a435d36800365c0336c10557809f9ce13bf0b6c5
Instruction ID: 0646e79368db413226137bb0dbf7b9c662a4924c69bd17e086cfcdcf5b2caa11
Opcode Fuzzy Hash: d0deb9ec162f0d84a22ee488a435d36800365c0336c10557809f9ce13bf0b6c5
Instruction Fuzzy Hash: 81411936A40204A6DB243B78DE0EBFE3A29F705F14F044119F982C51A5CBBEDA40B361

Function 00F81410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00F81459
CoUninitialize.COMBASE ref: 00F814F8
UnregisterHotKey.USER32(?), ref: 00F816DD
DestroyWindow.USER32(?), ref: 00FC24B9
FreeLibrary.KERNEL32(?), ref: 00FC251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00FC254B

Strings

close all, xrefs: 00F81454

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 9de5903c20e1a8ab5d3677384bbc05ddd91fcf434db3a6c93a6848eed1bf52cb
Instruction ID: 53c933ea7dec699227fe6ccd032d916c142055779caebb42fc1f7ec93c0258c2
Opcode Fuzzy Hash: 9de5903c20e1a8ab5d3677384bbc05ddd91fcf434db3a6c93a6848eed1bf52cb
Instruction Fuzzy Hash: 00D15931B012128FDB29EF14CA9AF69F7A4BF05710F1442ADE44AAB251DB35EC12EF50

Function 00F82C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00F82C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00F82CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00F81CAD,?), ref: 00F82CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00F81CAD,?), ref: 00F82CCF

Strings

AutoIt v3, xrefs: 00F82C89, 00F82C8E, 00F82C8F
edit, xrefs: 00F82CAC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: b1f4a8b02b3e179d19495a59990fac64b14e7f44895faa11db9aeba05a41c3ca
Instruction ID: feea55b2eac88d150bc4f8808101f2d526289e7af2ce5f0d1fcd3f1e2affe7d6
Opcode Fuzzy Hash: b1f4a8b02b3e179d19495a59990fac64b14e7f44895faa11db9aeba05a41c3ca
Instruction Fuzzy Hash: 64F017755803907AEB300713AC18F772EBEE7C6F60B01801AF940A6159C27A4840DBB0

Function 00F83B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00F83B0F,SwapMouseButtons,00000004,?), ref: 00F83B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00F83B0F,SwapMouseButtons,00000004,?), ref: 00F83B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00F83B0F,SwapMouseButtons,00000004,?), ref: 00F83B83

Strings

Control Panel\Mouse, xrefs: 00F83B3E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: efdd7aed2ab2f2353f7c80e13119218cbe92b0a3e698429888548ffa43d6a6b9
Instruction ID: a65f6e7493c2edf8a1ddc8f34cb98b9c8e545508924eac055b1e961bf2be41f9
Opcode Fuzzy Hash: efdd7aed2ab2f2353f7c80e13119218cbe92b0a3e698429888548ffa43d6a6b9
Instruction Fuzzy Hash: 02112AB5610208FFDB21DFA5DC48AEEB7B8EF45B94B104459B805D7124E231DF40A760

Function 00F83923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00FC33A2

Part of subcall function 00F86B57: _wcslen.LIBCMT ref: 00F86B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F83A04

Strings

Line: , xrefs: 00FC33EB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 551e892766fbf7965971624e98a6f56961d2dd11cd777cb57bdd46ef7639dde8
Instruction ID: 042d8cd796de7ce947bb403b92dd6f7712e4beaba245ab1f5b7608463343dae6
Opcode Fuzzy Hash: 551e892766fbf7965971624e98a6f56961d2dd11cd777cb57bdd46ef7639dde8
Instruction Fuzzy Hash: 5F31C371908300AAD725FB20DC45BEBB7D8AF44B20F00492EF5D992191EB789649D7C2

Function 00F9FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00FA0668

Part of subcall function 00FA32A4: RaiseException.KERNEL32(?,?,?,00FA068A,?,01051444,?,?,?,?,?,?,00FA068A,00F81129,01048738,00F81129), ref: 00FA3304

__CxxThrowException@8.LIBVCRUNTIME ref: 00FA0685

Strings

Unknown exception, xrefs: 00FA0692

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: d3533b829549eda71292dc40870ac2ef0ab4fcbe81bef9e7650e0b82a4c1f83b
Instruction ID: e187c20728909cf0b6f53f86edd3310ebf0e2aa8bf379a7b66ff9bc9dc911c2c
Opcode Fuzzy Hash: d3533b829549eda71292dc40870ac2ef0ab4fcbe81bef9e7650e0b82a4c1f83b
Instruction Fuzzy Hash: D3F0F6B4D0020D77CF00F6A5EC86D9E776C6E42364B604536B824D6591EF75EA29F9C0

Function 00F810F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00F81BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F81BF4
Part of subcall function 00F81BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00F81BFC
Part of subcall function 00F81BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F81C07
Part of subcall function 00F81BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F81C12
Part of subcall function 00F81BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00F81C1A
Part of subcall function 00F81BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00F81C22

Part of subcall function 00F81B4A: RegisterWindowMessageW.USER32(00000004,?,00F812C4), ref: 00F81BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00F8136A
OleInitialize.OLE32 ref: 00F81388
CloseHandle.KERNEL32(00000000,00000000), ref: 00FC24AB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 0ad5d13f6918746004e3f103a835aa9909eb4e865502efd2c44f59e6538867b4
Instruction ID: 1c8cbd04f0e32886a463bc67ecab12275ddd30dfc910f8f0fd4eb3b32c1d0e18
Opcode Fuzzy Hash: 0ad5d13f6918746004e3f103a835aa9909eb4e865502efd2c44f59e6538867b4
Instruction Fuzzy Hash: 4771AAB4901300CFD7A8EF79E5497A73AE5FB48348758962AD4DAC7249EB3E8841CF50

Function 00FEC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F83923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F83A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00FEC259
KillTimer.USER32(?,00000001,?,?), ref: 00FEC261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00FEC270

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 2e84f80e1043cfcc157528b431a628544588261a669b708d58f461bd84f3d535
Instruction ID: 1e3179f413186355dff7fc4fc2935bbd7e24cf249f486d164783062a80720a8a
Opcode Fuzzy Hash: 2e84f80e1043cfcc157528b431a628544588261a669b708d58f461bd84f3d535
Instruction Fuzzy Hash: 4331D571904384AFEB329F758855BEBBBECAF07304F00049EE2DA97241C7785A85DB91

Function 00FB86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00FB85CC,?,01048CC8,0000000C), ref: 00FB8704
GetLastError.KERNEL32(?,00FB85CC,?,01048CC8,0000000C), ref: 00FB870E
__dosmaperr.LIBCMT ref: 00FB8739

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 7406001946910b85cd1500d421445c73eaa954fd74579f18a225b8c3c044f13f
Instruction ID: 4a69cb91a14eba7a01a2609fa54900f270d7a3bc67d49ac1d9befad79eec76a7
Opcode Fuzzy Hash: 7406001946910b85cd1500d421445c73eaa954fd74579f18a225b8c3c044f13f
Instruction Fuzzy Hash: 92010832E0566026D6647236E8457EE778F4BC2BB8F3D0119F8148B5D2DEADCC82EE50

Function 00F8DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00F8DB7B
DispatchMessageW.USER32(?), ref: 00F8DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F8DB9F
Sleep.KERNELBASE(0000000A), ref: 00F8DBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00FD1CC9

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: a40d4ed4d0da7a01a62a92b8e2cc7ac49ab9a3fdb848097ab04c45db6555b67e
Instruction ID: 9ebaf98049fc15466bd2818e21d88f306ebeccf8ab20eb5ac78ede709d657625
Opcode Fuzzy Hash: a40d4ed4d0da7a01a62a92b8e2cc7ac49ab9a3fdb848097ab04c45db6555b67e
Instruction Fuzzy Hash: 28F05E30A443409BFB30DB60DC49FEA73ADFF84320F104A19E68A830C0DB799488EB15

Function 00F91310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00F917F6

Strings

CALL, xrefs: 00F917C6

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 612a9957378529f436083014cad63e0b31147dfd1f6b0275c872fa1194b0fb7f
Instruction ID: 6ff0ec912a20b1ec4a0a611c0d82a466d6e0ee68dd1f101e3d21e024fd68ad53
Opcode Fuzzy Hash: 612a9957378529f436083014cad63e0b31147dfd1f6b0275c872fa1194b0fb7f
Instruction Fuzzy Hash: EE227F71A083029FEB14DF14C880B2ABBF2BF85314F19896DF4968B361D775E845EB52

Function 00F82DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00FC2C8C

Part of subcall function 00F83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F83A97,?,?,00F82E7F,?,?,?,00000000), ref: 00F83AC2

Part of subcall function 00F82DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00F82DC4

Strings

X, xrefs: 00FC2C5A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 1e4f358f4a5a4e0dfc05959a12b24ca3d36f6f67e30c82da178738dcbe6dc411
Instruction ID: 44dce908f7651b755a205c4bd2b024d2269c44a154509403cbe7f26f1eafac40
Opcode Fuzzy Hash: 1e4f358f4a5a4e0dfc05959a12b24ca3d36f6f67e30c82da178738dcbe6dc411
Instruction Fuzzy Hash: 4321D571E002589FCF45EF94CC4ABEE7BF8AF49714F008059E445E7241DBB89A499FA1

Function 00F83837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F83908

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 1b10ec98058f83378dfcb12d96a82348a2ffe2d77618f3bf86c99778b981bed2
Instruction ID: c4a3d7be83bf65efd7e48939f1e31e0bb3f689317554144d2fa5bd25c52cd5df
Opcode Fuzzy Hash: 1b10ec98058f83378dfcb12d96a82348a2ffe2d77618f3bf86c99778b981bed2
Instruction Fuzzy Hash: 8B31D271A043019FD720EF24D4857D7BBE8FB49718F00092EF9DA83251E77AAA44DB52

Function 00F9F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00F9F661

Part of subcall function 00F8D730: GetInputState.USER32 ref: 00F8D807

Sleep.KERNEL32(00000000), ref: 00FDF2DE

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 3a114efe83f9f16e7c5905d400ea6d24da12e8b96b433f93028dfbbc2be9dab9
Instruction ID: 604528e6224176f2aad9112b914c0366cd6d92d261295194de6486d285d8a562
Opcode Fuzzy Hash: 3a114efe83f9f16e7c5905d400ea6d24da12e8b96b433f93028dfbbc2be9dab9
Instruction Fuzzy Hash: 1DF082712802059FD310FF65D945F9ABBE4FF46761F000029E859C7350DB74A800DB90

Function 00F8B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00F8BB4E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 1b6ae65f0853e1897360d318c86ed92ef3ecce3e2e88c87ba2a57b2919b21a9c
Instruction ID: 148e19e53c7eafc4ca68dfa6ca9b22aedfed22085e2cf32c811af8f5d71ce8e0
Opcode Fuzzy Hash: 1b6ae65f0853e1897360d318c86ed92ef3ecce3e2e88c87ba2a57b2919b21a9c
Instruction Fuzzy Hash: 1532AB31E00209DFDB24EF54C894BBEB7B6EF44324F18805AE945AB351CB79AD41EB91

Function 00F84ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F84E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F84EDD,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84E9C
Part of subcall function 00F84E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F84EAE
Part of subcall function 00F84E90: FreeLibrary.KERNEL32(00000000,?,?,00F84EDD,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84EFD

Part of subcall function 00F84E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FC3CDE,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84E62
Part of subcall function 00F84E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F84E74
Part of subcall function 00F84E59: FreeLibrary.KERNEL32(00000000,?,?,00FC3CDE,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84E87

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: f692009b25afedaa8af9f0ed7197468ead5d07804e0d85d9cc6f837512375950
Instruction ID: 8041f484ee927a836d98af157fbc8c124fada8c01d57164e2991c13ccf4a656a
Opcode Fuzzy Hash: f692009b25afedaa8af9f0ed7197468ead5d07804e0d85d9cc6f837512375950
Instruction Fuzzy Hash: 9F11E732600206ABDB14FF60DD16FED77A5AF40B14F10842EF582AB1C1EE78EA05B750

Function 00FB8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00FB8440

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: ed5ebf76d8a9af90b40b1dec258d2e075462c471cbd29937c4324f66bac17f9d
Instruction ID: 0212e7d5e6f81c16f339a61135be978fd8eb80603cdf3a5481475bd8cef94823
Opcode Fuzzy Hash: ed5ebf76d8a9af90b40b1dec258d2e075462c471cbd29937c4324f66bac17f9d
Instruction Fuzzy Hash: 3711367590420AEFCB05DF59E941ADA7BF8EF48310F104059F808AB302DA31DA12DBA5

Function 010129BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,010114B5,?), ref: 01012A01

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 72ea57feee5923af596837de44ff12f4cfc06dc34e8acc431121ee823b45994a
Instruction ID: 24207ddfce896a591e0f2ed92b5779a9665d64cf7c1f64212a4637763994cea0
Opcode Fuzzy Hash: 72ea57feee5923af596837de44ff12f4cfc06dc34e8acc431121ee823b45994a
Instruction Fuzzy Hash: 760192363406429FE365CA2CC454B263BD3FB85254FB984A8C1C78B259D73AEC42C790

Function 00FAE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 97bb5ff7ecee07cc22faea9c46d7343a86e6a023f46961d3d18bcd8887521d4c
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: FAF0F972920A1496D6313A6A8C05B96339C9F53370F100B15F425926D2DB78D806BDA5

Function 00FB3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,01051444,?,00F9FDF5,?,?,00F8A976,00000010,01051440,00F813FC,?,00F813C6,?,00F81129), ref: 00FB3852

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 74627743b728c0f963cd8448a97da7e6ecb3fb7fbce3b8dc8d1978dc8c244030
Instruction ID: a04801fc7220bf998e1c736739ad691228c9ca51de54e52b18ff6e001965532c
Opcode Fuzzy Hash: 74627743b728c0f963cd8448a97da7e6ecb3fb7fbce3b8dc8d1978dc8c244030
Instruction Fuzzy Hash: A3E065339C122456E73126AB9C05BDB3649AB837B0F160131BC5596581DB65ED01BAE2

Function 00F84F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84F6D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: b90d21600e4e769dbff1b083d5b8fc4e99aa20bef79d27e04741b0804063a439
Instruction ID: 8607a2851e6903b5d48d6e0481b800493de3a34b762cac89ee2bab788df3cfa4
Opcode Fuzzy Hash: b90d21600e4e769dbff1b083d5b8fc4e99aa20bef79d27e04741b0804063a439
Instruction Fuzzy Hash: 94F03071505752CFDB34AF64D890952B7F4BF15329315897EE2EA83610C735A844EF10

Function 01012A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 01012A66

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 179d769de4daa17c2c78e15b70b376adc6ae50b8c8ac780f49bf02fbe14339c2
Instruction ID: a45347216b9a849245e1bc8ea5e552681326b0c1e34e4577f55399f82f66554e
Opcode Fuzzy Hash: 179d769de4daa17c2c78e15b70b376adc6ae50b8c8ac780f49bf02fbe14339c2
Instruction Fuzzy Hash: 72E0DF3238011AABDB20EA30DC848FE735CEF10294710043AAC56C2100DB3CA98182A0

Function 00F830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00F8314E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 2d333135e1f89b59c6e397ce18ef0bfb1169db904d0ce586de9872ba570a5851
Instruction ID: d9ac66f3e98750b3029a6b88d8f4daca50ca46a2316e9c74a6bfa818508704ca
Opcode Fuzzy Hash: 2d333135e1f89b59c6e397ce18ef0bfb1169db904d0ce586de9872ba570a5851
Instruction Fuzzy Hash: D9F03770914314AFEB629B64DC497D67BBCA701708F0040E5A58996186DB795788CF51

Function 00F82DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00F82DC4

Part of subcall function 00F86B57: _wcslen.LIBCMT ref: 00F86B6A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: c6c25453d3abbee3853cfc316ff2562e3cd00def56df69a9ba1daa73e78ec1f1
Instruction ID: 7012801d61863544b43c13b2e1e16cd4abb7a24864fe8e040baa06d54fdaf51d
Opcode Fuzzy Hash: c6c25453d3abbee3853cfc316ff2562e3cd00def56df69a9ba1daa73e78ec1f1
Instruction Fuzzy Hash: 3EE0CD72A002245BC720A2589C06FDA77DDDFC8790F040075FD09D7249D968ED80C650

Function 00F82B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00F83837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F83908

Part of subcall function 00F8D730: GetInputState.USER32 ref: 00F8D807

SetCurrentDirectoryW.KERNEL32(?), ref: 00F82B6B

Part of subcall function 00F830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00F8314E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 5f69aae12fc4f87ba69313645939c81bbd22a4a07912ef11d1b139ecd9226653
Instruction ID: 3724066fc4bcae389635eb117a008e55edc9856b8c18d2860cb8138042e41019
Opcode Fuzzy Hash: 5f69aae12fc4f87ba69313645939c81bbd22a4a07912ef11d1b139ecd9226653
Instruction Fuzzy Hash: 33E0263270420402CB04BA30AC125FEB7499BD1715F40153EF182431A3CF3D8A455312

Function 00FC039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00FC0704,?,?,00000000,?,00FC0704,00000000,0000000C), ref: 00FC03B7

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 88d31a7e5d9ca6577482e50b9f89efbfbc7c37d1cf7eb5a13d16653cb3a1cb4c
Instruction ID: 9c99fbf8e01f57a00665e180f82f7a82d333e44b74690c49b1ea22e0fb3bb293
Opcode Fuzzy Hash: 88d31a7e5d9ca6577482e50b9f89efbfbc7c37d1cf7eb5a13d16653cb3a1cb4c
Instruction Fuzzy Hash: D6D06C3208010DBBDF128E84DD06EDA3BAAFB48714F014000BE5856020C736E821AB90

Function 00F81CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00F81CBC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: ddc327cbbf62277b35462813116ef2a01625780a707a15467ea4bd39fc5a74bc
Instruction ID: 0fc413930a67bb63f0c712521115a991b35dc58422fb401ab07faff080373e37
Opcode Fuzzy Hash: ddc327cbbf62277b35462813116ef2a01625780a707a15467ea4bd39fc5a74bc
Instruction Fuzzy Hash: 7AC092362C0304EFF3358A80BD5AF127765A748B04F048401F68AA95DBC3BB58A0EB50

Non-executed Functions

Function 01019576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00F99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F99BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0101961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0101965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0101969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 010196C9
SendMessageW.USER32 ref: 010196F2
GetKeyState.USER32(00000011), ref: 0101978B
GetKeyState.USER32(00000009), ref: 01019798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 010197AE
GetKeyState.USER32(00000010), ref: 010197B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 010197E9
SendMessageW.USER32 ref: 01019810
SendMessageW.USER32(?,00001030,?,01017E95), ref: 01019918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0101992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 01019941
SetCapture.USER32(?), ref: 0101994A
ClientToScreen.USER32(?,?), ref: 010199AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 010199BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 010199D6
ReleaseCapture.USER32 ref: 010199E1
GetCursorPos.USER32(?), ref: 01019A19
ScreenToClient.USER32(?,?), ref: 01019A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 01019A80
SendMessageW.USER32 ref: 01019AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 01019AEB
SendMessageW.USER32 ref: 01019B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 01019B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 01019B4A
GetCursorPos.USER32(?), ref: 01019B68
ScreenToClient.USER32(?,?), ref: 01019B75
GetParent.USER32(?), ref: 01019B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 01019BFA
SendMessageW.USER32 ref: 01019C2B
ClientToScreen.USER32(?,?), ref: 01019C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 01019CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 01019CDE
SendMessageW.USER32 ref: 01019D01
ClientToScreen.USER32(?,?), ref: 01019D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 01019D82

Part of subcall function 00F99944: GetWindowLongW.USER32(?,000000EB), ref: 00F99952

GetWindowLongW.USER32(?,000000F0), ref: 01019E05

Strings

@GUI_DRAGID, xrefs: 0101997D
F, xrefs: 01019D07

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 79789d8b52c73b9d20af4f5ca74c82b59099b35047876a0d8a8972f4ac4bcea0
Instruction ID: f1f004d9c3f4dede7e08de20b2a6df452b2b9001c541dd746c8e1ee9929d84cf
Opcode Fuzzy Hash: 79789d8b52c73b9d20af4f5ca74c82b59099b35047876a0d8a8972f4ac4bcea0
Instruction Fuzzy Hash: 67429E74204201EFE725CF28C954BAABBE5FF8D318F040A59F6D9872A9D739E850CB51

Function 01014873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 010148F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 01014908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 01014927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0101494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0101495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0101497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 010149AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 010149D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 01014A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 01014A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 01014A7E
IsMenu.USER32(?), ref: 01014A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 01014AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 01014B20
GetWindowLongW.USER32(?,000000F0), ref: 01014B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 01014BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 01014C82
wsprintfW.USER32 ref: 01014CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 01014CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 01014CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 01014D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 01014D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 01014D5A

Strings

%d/%02d/%02d, xrefs: 01014CA8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: d1f89bc636aad86f96d01c57e9d3f15ebb15d6cf54d0d44b19cf372f053b5685
Instruction ID: 2141afe8a7c5a7c9884f9266afdf2c5f798eb87d177e64b4c345c466460d498f
Opcode Fuzzy Hash: d1f89bc636aad86f96d01c57e9d3f15ebb15d6cf54d0d44b19cf372f053b5685
Instruction Fuzzy Hash: 9212FE71600214ABFB259F28CC49FAE7BF8EF49310F044169F596EB2A9DB7C9940CB50

Function 00F9F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00F9F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00FDF474
IsIconic.USER32(00000000), ref: 00FDF47D
ShowWindow.USER32(00000000,00000009), ref: 00FDF48A
SetForegroundWindow.USER32(00000000), ref: 00FDF494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00FDF4AA
GetCurrentThreadId.KERNEL32 ref: 00FDF4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00FDF4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00FDF4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00FDF4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00FDF4DE
SetForegroundWindow.USER32(00000000), ref: 00FDF4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00FDF4F6
keybd_event.USER32(00000012,00000000), ref: 00FDF501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00FDF50B
keybd_event.USER32(00000012,00000000), ref: 00FDF510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00FDF519
keybd_event.USER32(00000012,00000000), ref: 00FDF51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00FDF528
keybd_event.USER32(00000012,00000000), ref: 00FDF52D
SetForegroundWindow.USER32(00000000), ref: 00FDF530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00FDF557

Strings

Shell_TrayWnd, xrefs: 00FDF46F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 80a6a2413b1192965df89e4d55fe0b57a36f6b4f241db460f8dcb5d1228664b0
Instruction ID: c0f38487ef9cfa0e8ed56893209b0680c08c56b3d943799413d69386ddf89f3d
Opcode Fuzzy Hash: 80a6a2413b1192965df89e4d55fe0b57a36f6b4f241db460f8dcb5d1228664b0
Instruction Fuzzy Hash: F9316371A80318BBFB316BB55D4AFBF7E6DEB44B50F140426FA01E61C1C6B99D00AB60

Function 00FE1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00FE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00FE170D
Part of subcall function 00FE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00FE173A
Part of subcall function 00FE16C3: GetLastError.KERNEL32 ref: 00FE174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00FE1286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00FE12A8
CloseHandle.KERNEL32(?), ref: 00FE12B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00FE12D1
GetProcessWindowStation.USER32 ref: 00FE12EA
SetProcessWindowStation.USER32(00000000), ref: 00FE12F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00FE1310

Part of subcall function 00FE10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00FE11FC), ref: 00FE10D4
Part of subcall function 00FE10BF: CloseHandle.KERNEL32(?,?,00FE11FC), ref: 00FE10E9

Strings

default, xrefs: 00FE130B
, xrefs: 00FE125A
winsta0, xrefs: 00FE12CC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 77cdf03789e76139b82bb434a2d7ed6625c84198f9343e33129753883ea18cd1
Instruction ID: 7822606a9a59c617cf62c8e8993360185e70a375b05e706ef008e61dd2f23fb3
Opcode Fuzzy Hash: 77cdf03789e76139b82bb434a2d7ed6625c84198f9343e33129753883ea18cd1
Instruction Fuzzy Hash: 76819B71900288AFEF21DFA6DD49FEE7BB9FF09710F144029F910A6290C7799954DB20

Function 00FE0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00FE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00FE1114
Part of subcall function 00FE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE1120
Part of subcall function 00FE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE112F
Part of subcall function 00FE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE1136
Part of subcall function 00FE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00FE114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00FE0BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00FE0C00
GetLengthSid.ADVAPI32(?), ref: 00FE0C17
GetAce.ADVAPI32(?,00000000,?), ref: 00FE0C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00FE0C6D
GetLengthSid.ADVAPI32(?), ref: 00FE0C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00FE0C8C
HeapAlloc.KERNEL32(00000000), ref: 00FE0C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00FE0CB4
CopySid.ADVAPI32(00000000), ref: 00FE0CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00FE0CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00FE0D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00FE0D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FE0D45
HeapFree.KERNEL32(00000000), ref: 00FE0D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FE0D55
HeapFree.KERNEL32(00000000), ref: 00FE0D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FE0D65
HeapFree.KERNEL32(00000000), ref: 00FE0D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00FE0D78
HeapFree.KERNEL32(00000000), ref: 00FE0D7F

Part of subcall function 00FE1193: GetProcessHeap.KERNEL32(00000008,00FE0BB1,?,00000000,?,00FE0BB1,?), ref: 00FE11A1
Part of subcall function 00FE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00FE0BB1,?), ref: 00FE11A8
Part of subcall function 00FE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00FE0BB1,?), ref: 00FE11B7

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: c114183ee01a1fc84ab71b7c8e915e946de487a93ce797539c9b27fdee4c588f
Instruction ID: 095ef7bd2f74d6a35f453689c1e72660a49af774a58b3e2375d69a5049692bc2
Opcode Fuzzy Hash: c114183ee01a1fc84ab71b7c8e915e946de487a93ce797539c9b27fdee4c588f
Instruction Fuzzy Hash: 3871AA72D0024AABEF20DFA6DD44FAEBBB8BF05310F144115F944A6180DBB9EA41DB60

Function 00FFEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(0101CC08), ref: 00FFEB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00FFEB37
GetClipboardData.USER32(0000000D), ref: 00FFEB43
CloseClipboard.USER32 ref: 00FFEB4F
GlobalLock.KERNEL32(00000000), ref: 00FFEB87
CloseClipboard.USER32 ref: 00FFEB91
GlobalUnlock.KERNEL32(00000000), ref: 00FFEBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00FFEBC9
GetClipboardData.USER32(00000001), ref: 00FFEBD1
GlobalLock.KERNEL32(00000000), ref: 00FFEBE2
GlobalUnlock.KERNEL32(00000000), ref: 00FFEC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00FFEC38
GetClipboardData.USER32(0000000F), ref: 00FFEC44
GlobalLock.KERNEL32(00000000), ref: 00FFEC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00FFEC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00FFEC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00FFECD2
GlobalUnlock.KERNEL32(00000000), ref: 00FFECF3
CountClipboardFormats.USER32 ref: 00FFED14
CloseClipboard.USER32 ref: 00FFED59

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 8217df78b6c5c626e2281e3c1767ac2f54e4e38afaefd106410684651fd41b72
Instruction ID: b80b59059cfab0a9cb5accf5ab1790fd48a32f72e0c0b410639402a8ebf297c8
Opcode Fuzzy Hash: 8217df78b6c5c626e2281e3c1767ac2f54e4e38afaefd106410684651fd41b72
Instruction Fuzzy Hash: 3A6112342443069FE310EF64C884F7A77A4AF84714F04441DF686972B2CB3AED05EB62

Function 00FF698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00FF69BE
FindClose.KERNEL32(00000000), ref: 00FF6A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00FF6A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00FF6A75

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00FF6AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00FF6ADF

Strings

%02d, xrefs: 00FF6C00, 00FF6C0A, 00FF6C5A, 00FF6CAA, 00FF6CFA, 00FF6D4A
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00FF6B32
%4d, xrefs: 00FF6BB1
%4d%02d%02d%02d%02d%02d, xrefs: 00FF6B6A
%03d, xrefs: 00FF6DA2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: f04bf2753f9bd1a2f20253e43240214df209550da420017663f2dd86bb192642
Instruction ID: 9d8de147c66decd8a27181df1db58bfa53b5919109a5076cf5e25dc3a1215d75
Opcode Fuzzy Hash: f04bf2753f9bd1a2f20253e43240214df209550da420017663f2dd86bb192642
Instruction Fuzzy Hash: 69D15EB2508304ABC710EBA0CC81EBBB7E8AF99704F44491DF685D7151EB79DA48DB62

Function 00FF9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00FF9663
GetFileAttributesW.KERNEL32(?), ref: 00FF96A1
SetFileAttributesW.KERNEL32(?,?), ref: 00FF96BB
FindNextFileW.KERNEL32(00000000,?), ref: 00FF96D3
FindClose.KERNEL32(00000000), ref: 00FF96DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00FF96FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00FF974A
SetCurrentDirectoryW.KERNEL32(01046B7C), ref: 00FF9768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00FF9772
FindClose.KERNEL32(00000000), ref: 00FF977F
FindClose.KERNEL32(00000000), ref: 00FF978F

Strings

*.*, xrefs: 00FF96F5

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 108790fb4c47d913bc974738a01d276cab6f6f8d462324881c361b277d59955e
Instruction ID: 33b076069e0410ff33f18de72369e8e2e0d140a3c340f0d0621ef3a503d5f2f1
Opcode Fuzzy Hash: 108790fb4c47d913bc974738a01d276cab6f6f8d462324881c361b277d59955e
Instruction Fuzzy Hash: 8531F57294421D6BDF24AEB4DD48BEE37AC9F49331F104065FA54E20A0EBB9DE409B54

Function 00FF979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00FF97BE
FindNextFileW.KERNEL32(00000000,?), ref: 00FF9819
FindClose.KERNEL32(00000000), ref: 00FF9824
FindFirstFileW.KERNEL32(*.*,?), ref: 00FF9840
SetCurrentDirectoryW.KERNEL32(?), ref: 00FF9890
SetCurrentDirectoryW.KERNEL32(01046B7C), ref: 00FF98AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00FF98B8
FindClose.KERNEL32(00000000), ref: 00FF98C5
FindClose.KERNEL32(00000000), ref: 00FF98D5

Part of subcall function 00FEDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00FEDB00

Strings

*.*, xrefs: 00FF983B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: b1bdd2bebdbbb6c727659bc1943ae2df7556d17cf48eb993e6542923ee25d67a
Instruction ID: 5ddc3185a55a1a01d492db5e3837e69969710523f48a2edb20f1bdfe29790969
Opcode Fuzzy Hash: b1bdd2bebdbbb6c727659bc1943ae2df7556d17cf48eb993e6542923ee25d67a
Instruction Fuzzy Hash: C331F87294421D6BEB20EEB5DC48BEE37AC9F46370F104165F954A20A0DBB9DE84DB50

Function 0100BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0100C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0100B6AE,?,?), ref: 0100C9B5
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100C9F1
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100CA68
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0100BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0100BFA9
RegCloseKey.ADVAPI32(00000000), ref: 0100BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0100C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0100C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0100C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0100C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0100C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0100C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0100C382
RegCloseKey.ADVAPI32(00000000), ref: 0100C38F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: ebd96372b901382e1c442e49aeae9cc3b5a9b85893baddf8108137ceba995aba
Instruction ID: 712fe86e239b14a436435566a8158458732b1f617467dd96596a611a70e33df1
Opcode Fuzzy Hash: ebd96372b901382e1c442e49aeae9cc3b5a9b85893baddf8108137ceba995aba
Instruction Fuzzy Hash: 2F027F706042009FE715DF28C995E2ABBE5EF49308F18C59DF88ACB2A2DB35ED45CB51

Function 00FF8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00FF8257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00FF8267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00FF8273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00FF8310
SetCurrentDirectoryW.KERNEL32(?), ref: 00FF8324
SetCurrentDirectoryW.KERNEL32(?), ref: 00FF8356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00FF838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00FF8395

Strings

*.*, xrefs: 00FF839B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 39a4939ce043b01b4f047a017ec6c6599fdf109d9d907c338f6c18fb87a377b4
Instruction ID: 331dc158cfbd4b369ba4dded3fb780fd62264b92c7c17a5e3abd7ec47685a432
Opcode Fuzzy Hash: 39a4939ce043b01b4f047a017ec6c6599fdf109d9d907c338f6c18fb87a377b4
Instruction Fuzzy Hash: 73618CB25083099FD710EF60C8409AFB3E8FF89754F04491DFA8987261DB39E946DB92

Function 00FED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00F83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F83A97,?,?,00F82E7F,?,?,?,00000000), ref: 00F83AC2

Part of subcall function 00FEE199: GetFileAttributesW.KERNEL32(?,00FECF95), ref: 00FEE19A

FindFirstFileW.KERNEL32(?,?), ref: 00FED122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00FED1DD
MoveFileW.KERNEL32(?,?), ref: 00FED1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00FED20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00FED237

Part of subcall function 00FED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00FED21C,?,?), ref: 00FED2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00FED253
FindClose.KERNEL32(00000000), ref: 00FED264

Strings

\*.*, xrefs: 00FED0CD, 00FED0D6, 00FED0EB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: df3fbbbb8ee9a36aa71bb7e93a07a860189006870a5bb399a09bcf99a77b5ded
Instruction ID: f6b0a9522b046c44d20818828841207fa439455288b95eab0cb131f7df752341
Opcode Fuzzy Hash: df3fbbbb8ee9a36aa71bb7e93a07a860189006870a5bb399a09bcf99a77b5ded
Instruction Fuzzy Hash: EA615631C05149ABDF05EBE1CE929FDB7B9AF15300F244165E40277191EB39AF09EB61

Function 00FFED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00FFED91
EmptyClipboard.USER32 ref: 00FFED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00FFEDAC
CloseClipboard.USER32 ref: 00FFEEA3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 36db50d4ce16a2daa6abccec85616ade9448784e54b508ea8f0e43e77a1932c8
Instruction ID: 0bea8ada9971136d488faaae341e181fe3f3f9122cf06b632932f4645b856971
Opcode Fuzzy Hash: 36db50d4ce16a2daa6abccec85616ade9448784e54b508ea8f0e43e77a1932c8
Instruction Fuzzy Hash: 7D41C135604211AFE320DF15E448B69BBE1FF44328F15C499E5998B672C73AFC41DB90

Function 00FEE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00FE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00FE170D
Part of subcall function 00FE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00FE173A
Part of subcall function 00FE16C3: GetLastError.KERNEL32 ref: 00FE174A

ExitWindowsEx.USER32(?,00000000), ref: 00FEE932

Strings

, xrefs: 00FEE95C
@, xrefs: 00FEE925
SeShutdownPrivilege, xrefs: 00FEE902
, xrefs: 00FEE920

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 6a7e9f8ae7cb9e5b75593a871e48feba9cc8ec401e5d1cd529d1efa307ad9b63
Instruction ID: 8fd5c4e51abb982f0b489b816c1602998146c71bdd324d409f63a50a3a38bd20
Opcode Fuzzy Hash: 6a7e9f8ae7cb9e5b75593a871e48feba9cc8ec401e5d1cd529d1efa307ad9b63
Instruction Fuzzy Hash: 20012673A10251ABFB2466B7BC86FBF729CA714750F140421F803E71C3E6A99C44A2A0

Function 01001204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 01001276
WSAGetLastError.WSOCK32 ref: 01001283
bind.WSOCK32(00000000,?,00000010), ref: 010012BA
WSAGetLastError.WSOCK32 ref: 010012C5
closesocket.WSOCK32(00000000), ref: 010012F4
listen.WSOCK32(00000000,00000005), ref: 01001303
WSAGetLastError.WSOCK32 ref: 0100130D
closesocket.WSOCK32(00000000), ref: 0100133C

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: 29dfcb2c66ab28ba7f356da492fec83c4bf3d00c165141c311ea17c46a9f87c0
Instruction ID: be08931626b3d6221c4973d68b248d083a5d4976e61c0d56e600f1a92eceade6
Opcode Fuzzy Hash: 29dfcb2c66ab28ba7f356da492fec83c4bf3d00c165141c311ea17c46a9f87c0
Instruction Fuzzy Hash: AB4193716001009FE721DF68C5C4B69BBE6BF46328F188198E9968F2D6C775EC81CBE1

Function 00FED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00F83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F83A97,?,?,00F82E7F,?,?,?,00000000), ref: 00F83AC2

Part of subcall function 00FEE199: GetFileAttributesW.KERNEL32(?,00FECF95), ref: 00FEE19A

FindFirstFileW.KERNEL32(?,?), ref: 00FED420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00FED470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00FED481
FindClose.KERNEL32(00000000), ref: 00FED498
FindClose.KERNEL32(00000000), ref: 00FED4A1

Strings

\*.*, xrefs: 00FED3F2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 4a3295960f439e27241fc4a3ef4dc7a482698b1f296fe96ee1490196ceb8b50f
Instruction ID: a2e6e954b4c15d7ba0c7005597947ae1563753be8789da84c3025dcda4b0b044
Opcode Fuzzy Hash: 4a3295960f439e27241fc4a3ef4dc7a482698b1f296fe96ee1490196ceb8b50f
Instruction Fuzzy Hash: 8F319C7140C3819BD315FF60CC918EFB7A8AEA1314F444A1EF4D592191EB29EA09EB63

Function 00FBE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00FBE645

Strings

1#SNAN, xrefs: 00FBF844
1#INF, xrefs: 00FBF852
1#QNAN, xrefs: 00FBF84B
1#IND, xrefs: 00FBF83D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: e7f23c3e1a17e2384c0b954b7f8098cae8f5ac4f1f7dd1887de0f86c6e063253
Instruction ID: 56c1d86500d01dc25ba68757f0f06af223031b88e0c9c353394ff418435dad7b
Opcode Fuzzy Hash: e7f23c3e1a17e2384c0b954b7f8098cae8f5ac4f1f7dd1887de0f86c6e063253
Instruction Fuzzy Hash: 47C26D72E046288FDB25CF29DD407EAB7B5EB49314F1441EAD84DE7240E778AE85AF40

Function 00FF648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00FF64DC
CoInitialize.OLE32(00000000), ref: 00FF6639
CoCreateInstance.OLE32(0101FCF8,00000000,00000001,0101FB68,?), ref: 00FF6650
CoUninitialize.OLE32 ref: 00FF68D4

Strings

.lnk, xrefs: 00FF64BA, 00FF6524, 00FF65E0

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 80776119f69e38a5578ab1b180ccb483f94575dab0e592536c587436f633140b
Instruction ID: 9f10a3ed2b95f4f2c6f0a0687d6519a986adf32a04db5fa09e3492ef685a793b
Opcode Fuzzy Hash: 80776119f69e38a5578ab1b180ccb483f94575dab0e592536c587436f633140b
Instruction Fuzzy Hash: ADD16A715083059FD304EF24C881AABB7E8FF94304F14491DF595DB2A1EB75E909CBA2

Function 00FF9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00FF9B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00FF9C8B

Part of subcall function 00FF3874: GetInputState.USER32 ref: 00FF38CB
Part of subcall function 00FF3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FF3966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00FF9BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00FF9C75

Strings

*.*, xrefs: 00FF9B5D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 51e7e13adbc35db87c6b745c553023c3638b528c593b0c6a37e7a3ba7db31aa0
Instruction ID: 5613db3ce1f8a5f54da6bd23340f4c29164c472718e8a05245090a8270ef3371
Opcode Fuzzy Hash: 51e7e13adbc35db87c6b745c553023c3638b528c593b0c6a37e7a3ba7db31aa0
Instruction Fuzzy Hash: DA41BE71D4820E9BDF14EF64C985BEE7BB4EF05310F104055E505A21A0EB759E84DF60

Function 00F9997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00F99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F99BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00F99A4E
GetSysColor.USER32(0000000F), ref: 00F99B23
SetBkColor.GDI32(?,00000000), ref: 00F99B36

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 0b9065a93d1816b62cbeb66104d74e17d682a8742acc8f10180e5a8bcd648abc
Instruction ID: 9103645620ce5b9e871f63adb665c41f67720cecfb10b7eeeeabc43f7af46f98
Opcode Fuzzy Hash: 0b9065a93d1816b62cbeb66104d74e17d682a8742acc8f10180e5a8bcd648abc
Instruction Fuzzy Hash: 3DA1FA7150C604AFFB34AA2C8C58FBB365EDB86360B1A410EF541CA695DA6EDD01F372

Function 01001806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0100304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0100307A
Part of subcall function 0100304E: _wcslen.LIBCMT ref: 0100309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0100185D
WSAGetLastError.WSOCK32 ref: 01001884
bind.WSOCK32(00000000,?,00000010), ref: 010018DB
WSAGetLastError.WSOCK32 ref: 010018E6
closesocket.WSOCK32(00000000), ref: 01001915

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 31b768694c71a35524b1f689e87990d00b49a7fe24946bdf90be81873cc37790
Instruction ID: f203eb763a0288c535512a773453be9bb5327879befd5a257cd6e3e32f733837
Opcode Fuzzy Hash: 31b768694c71a35524b1f689e87990d00b49a7fe24946bdf90be81873cc37790
Instruction Fuzzy Hash: 89519571A00200AFEB11EF28C886F6A77E5AF44718F088098FA559F3C3C779ED4187A1

Function 01011C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 01011CC0
IsWindowEnabled.USER32 ref: 01011CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 01011CDB
IsIconic.USER32 ref: 01011CE9
IsZoomed.USER32 ref: 01011CF7

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: db358b4f841b7982ceaeefece34f1b575419a2dff407f72d7324bddd02964d09
Instruction ID: 95079b010ed8a66e5bf647284397b15586c10667554cce975b28c165d72ce5e7
Opcode Fuzzy Hash: db358b4f841b7982ceaeefece34f1b575419a2dff407f72d7324bddd02964d09
Instruction Fuzzy Hash: 0D21D6317402055FE7249F2AD844B5A7BE5EF85314F188098E9C58B349CB7AD842CB90

Function 00F88060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00F8843C
ERCP, xrefs: 00F8813C
VUUU, xrefs: 00FC5DF0
VUUU, xrefs: 00F883FA
VUUU, xrefs: 00F883E8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 641cac1e1c5ee8a50196abd5a921a55444231b63ab78daf497d90142825a77c6
Instruction ID: d89dc3d1044fa1ca9e301385f14992cdaf946413bbb31922715091d28a106e2e
Opcode Fuzzy Hash: 641cac1e1c5ee8a50196abd5a921a55444231b63ab78daf497d90142825a77c6
Instruction Fuzzy Hash: 25A2A071E0421ACBDF24DF58C941BEDB7B1BF44760F6481A9D815AB284EB309D82EF90

Function 00FEAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00FEAAAC
SetKeyboardState.USER32(00000080), ref: 00FEAAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00FEAB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00FEAB88

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 1d566e63cf73b40f0029a10bab0e43a6959d68520312011f114e6cf8d0c66ead
Instruction ID: d0d75afd907344d5e93e8c032a3c3d9c6f0d45767b6f753e21409622d03281b6
Opcode Fuzzy Hash: 1d566e63cf73b40f0029a10bab0e43a6959d68520312011f114e6cf8d0c66ead
Instruction Fuzzy Hash: 13314C30E40788AEFF31CA66CC05BFA77A7ABD4320F04421AF181961D1D379A985E762

Function 00FBBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00FBBB7F

Part of subcall function 00FB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000), ref: 00FB29DE
Part of subcall function 00FB29C8: GetLastError.KERNEL32(00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000,00000000), ref: 00FB29F0

GetTimeZoneInformation.KERNEL32 ref: 00FBBB91
WideCharToMultiByte.KERNEL32(00000000,?,0105121C,000000FF,?,0000003F,?,?), ref: 00FBBC09
WideCharToMultiByte.KERNEL32(00000000,?,01051270,000000FF,?,0000003F,?,?,?,0105121C,000000FF,?,0000003F,?,?), ref: 00FBBC36

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: c73c30281a5c90acc8441d8f7818141b0e54ab9cd019037ac4c516fd7add5e9c
Instruction ID: 25a1016f63c3ae7fb9be54d03cf12f5043e20b5e77e8ceef1a2c2381a5909dec
Opcode Fuzzy Hash: c73c30281a5c90acc8441d8f7818141b0e54ab9cd019037ac4c516fd7add5e9c
Instruction Fuzzy Hash: 0031D4B1D44205EFCB20DF6ACC806AEBBB8FF45360714465AE090DB2A5D7759E50EF50

Function 00FFCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00FFCE89
GetLastError.KERNEL32(?,00000000), ref: 00FFCEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00FFCEFE

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 4a40dfcff6e69c7d8d59dde08d108ea58c161fd0a999a27e145b9b71eab3afc0
Instruction ID: da63ef188d640900a0872a5926e4d428025bcfb437cf65d8e850305bf6ad5847
Opcode Fuzzy Hash: 4a40dfcff6e69c7d8d59dde08d108ea58c161fd0a999a27e145b9b71eab3afc0
Instruction Fuzzy Hash: EB21B0B194031D9BE730CFA5CA44BB6B7F8EF40364F10441EE646D2161E779EE04ABA0

Function 00FE8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00FE82AA

Strings

|, xrefs: 00FE82DA
(, xrefs: 00FE82F0

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 6224d42ac77967f5481448e1c06a2edaa5f864fc5ac5b7acfdb3ff7d57c46ab7
Instruction ID: b4dc651ff13669e8b634df90736a7390035862c7ea75e6caecfa3ea9120fe890
Opcode Fuzzy Hash: 6224d42ac77967f5481448e1c06a2edaa5f864fc5ac5b7acfdb3ff7d57c46ab7
Instruction Fuzzy Hash: 19324775A007459FCB28DF59C480A6AB7F0FF48760B15C46EE49ADB3A1EB70E942DB40

Function 00FF5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00FF5CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00FF5D17
FindClose.KERNEL32(?), ref: 00FF5D5F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 78dab110f6b76f6b030cb3eecaa218ea8a86f8d7f1604d424ea49d3055218ac4
Instruction ID: 7b895b9643592f75649051f3b2ded59260384c0cccc8e6140959963dca4ae3ee
Opcode Fuzzy Hash: 78dab110f6b76f6b030cb3eecaa218ea8a86f8d7f1604d424ea49d3055218ac4
Instruction Fuzzy Hash: FD51CC74A046059FD714DF28C884EAAB7E4FF49324F14855DEA9A8B3A1CB34EC04DBA1

Function 00FB2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00FB271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00FB2724
UnhandledExceptionFilter.KERNEL32(?), ref: 00FB2731

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 13e8f4d17cb920f90993846203afdcbe2895cedbf231cdb36cf668357aa2b04e
Instruction ID: e09a0f15edf20fd56f8c19a61f9dcc2fbc8196898090778de3d7713b5064a1e3
Opcode Fuzzy Hash: 13e8f4d17cb920f90993846203afdcbe2895cedbf231cdb36cf668357aa2b04e
Instruction Fuzzy Hash: AA31D5749412189BCB61DF68DD887DCB7B8AF08310F5041EAE41CA7260EB389F819F44

Function 00FF51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00FF51DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00FF5238
SetErrorMode.KERNEL32(00000000), ref: 00FF52A1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 6db8e17a659eaeb628c962cd7a604aeb53e51643bf2f83b1adcb3e90e2af94f6
Instruction ID: f6dcbdc0b686f2825e760c6f69607ada916084d856cbb2991b2f616ecbd55ca1
Opcode Fuzzy Hash: 6db8e17a659eaeb628c962cd7a604aeb53e51643bf2f83b1adcb3e90e2af94f6
Instruction Fuzzy Hash: 21317C75A00508DFDB00EF54D884EADBBB4FF09318F088099E945AB366CB36E845DBA0

Function 00FE16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00F9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00FA0668
Part of subcall function 00F9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00FA0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00FE170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00FE173A
GetLastError.KERNEL32 ref: 00FE174A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 8145b995d80b8a0554ee2b380296b27e918fcfa1979fd05f61d73bf338ec6a79
Instruction ID: 0de1eca9048ca2dd535cd65c08c03f22a326566040876521247e31f9f3c46d65
Opcode Fuzzy Hash: 8145b995d80b8a0554ee2b380296b27e918fcfa1979fd05f61d73bf338ec6a79
Instruction Fuzzy Hash: 9711C1B2410304AFE7289F55DC86D6AB7B9FB44714B20852EF05697241EB74FC45CB20

Function 00FED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00FED608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00FED645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00FED650

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 8f892b139236003c66182384ccd061bb829d80c472532a7573832a8bfe0c848c
Instruction ID: 3fb616359afde7194fdba0a1b1ef60d9541c1d1137ad704aeba2127fe2f05073
Opcode Fuzzy Hash: 8f892b139236003c66182384ccd061bb829d80c472532a7573832a8bfe0c848c
Instruction Fuzzy Hash: 4E118E71E41228BFEB208F95DC44FAFBBBCEB45B60F108111F914E7280C2744A018BA1

Function 00FE1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00FE168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00FE16A1
FreeSid.ADVAPI32(?), ref: 00FE16B1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: b002b257f0940228bd0430cf250c0cf0b9c2bbc94ab7d9e2c9b3b916bbcf7274
Instruction ID: 72a167002108dd58ef546c54b4a8d5ed403749ffe4ed4a1cb9886f5bd2aeadc0
Opcode Fuzzy Hash: b002b257f0940228bd0430cf250c0cf0b9c2bbc94ab7d9e2c9b3b916bbcf7274
Instruction Fuzzy Hash: CFF0F471990309BBEB10DFE49989EAEBBBCFB08604F504565E501E2181E779EA449B50

Function 00FEE3B9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 00FEE3ED

Strings

DOWN, xrefs: 00FEE3D2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: mouse_event
String ID: DOWN
API String ID: 2434400541-711622031
Opcode ID: 614b21e141481e3681356a749ec7a46f787dbe2fec23898701cbad001974ea7e
Instruction ID: 47245b5fdb0449533cb0dd222d2b0f75744e851cf64f0c5242f682fecc63457f
Opcode Fuzzy Hash: 614b21e141481e3681356a749ec7a46f787dbe2fec23898701cbad001974ea7e
Instruction Fuzzy Hash: 5DE086A2ADC7213DB92414167C06DF6174CCB12235B11121AF8409A0C0DE985C81B168

Function 00FDD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00FDD28C

Strings

X64, xrefs: 00FDD2A8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: d1f17499b4ce001367d8f3606767d13579e97ac17f8cc11d50981b8df7c19178
Instruction ID: 9b78ce9e738f26aba207ca0170177be806af13cbcd57b0b88bf1411293544aee
Opcode Fuzzy Hash: d1f17499b4ce001367d8f3606767d13579e97ac17f8cc11d50981b8df7c19178
Instruction Fuzzy Hash: 89D0C9B580111DEADF94CA90D888ED9B37CBB04345F100152F146A2100D73495489F10

Function 00FACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 7a60ae0b20a1f8a43d8d1f57a2acb9f4993804403e14513e7dce5f1c7fc49723
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: 11021CB2E002199FDF14CFA9C9806ADFBF1EF49324F254169D919E7380D731A9419BD4

Function 00FF68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00FF6918
FindClose.KERNEL32(00000000), ref: 00FF6961

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 7c07a526c52888b8c67124f56c5a9b000985fa968578ddff8c82727136a12bce
Instruction ID: 2a2a29c89dadf045f18d1bb1b6962fd72db6d10b194d883923da96e2acbbaf4d
Opcode Fuzzy Hash: 7c07a526c52888b8c67124f56c5a9b000985fa968578ddff8c82727136a12bce
Instruction Fuzzy Hash: 9911D0316042009FD720DF29D885A26BBE0FF84328F14C699F5698F2A2CB74EC05CBA0

Function 00FF37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,01004891,?,?,00000035,?), ref: 00FF37E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,01004891,?,?,00000035,?), ref: 00FF37F4

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 6d0328797abfcd395174a652e1254fa2f386b4166fa5bd54d8b4d63121c44525
Instruction ID: 254d594ef1ab17731f98d7b98d1146db81ee6937b535566103b569819a4ca6d4
Opcode Fuzzy Hash: 6d0328797abfcd395174a652e1254fa2f386b4166fa5bd54d8b4d63121c44525
Instruction Fuzzy Hash: 45F0E5B1A082292AE72026669D4DFEB3AAEEFC5761F000165F609D2285D9A89944D7B0

Function 00FEB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00FEB25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00FEB270

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: e459d9e0c9ce4bb276d7bb7d1caf165877304c247ae059cdd50835f2fcb146a8
Instruction ID: cd0bce7a0c9bd1f69ef8da148716c7774603da7f3e6e2b3efab38527ae99ba19
Opcode Fuzzy Hash: e459d9e0c9ce4bb276d7bb7d1caf165877304c247ae059cdd50835f2fcb146a8
Instruction Fuzzy Hash: 09F01D7184428DABEB169FA1C805BAE7BB4FF04315F008009F955A5195C37DC6119F94

Function 00FE10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00FE11FC), ref: 00FE10D4
CloseHandle.KERNEL32(?,?,00FE11FC), ref: 00FE10E9

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 4c6686b4af647e2d6f6b77d443c051ae88b23a6e3457f1f90f59657498b6c72a
Instruction ID: 86ccd352f7a9a5764b14497cd39ef491aa4048153848d1f6d33b5ce52e9564a1
Opcode Fuzzy Hash: 4c6686b4af647e2d6f6b77d443c051ae88b23a6e3457f1f90f59657498b6c72a
Instruction Fuzzy Hash: A0E04F32004610AFFB352B11FC05E7377A9FB04320B20882EF5A5804B5DB66AC90EB10

Function 00F8CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00FD0C40

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: 1c42a8772bdd302da0ecd828956454cf9b75065cbd660a3077581472dbc44423
Instruction ID: 412f2497cd9b662bf61fde28fe38a52ee5652b42844d2a339f4a5f738095e094
Opcode Fuzzy Hash: 1c42a8772bdd302da0ecd828956454cf9b75065cbd660a3077581472dbc44423
Instruction Fuzzy Hash: A0329D31D00218DBDF14EF90D881BEDB7B6FF05318F14805AE906AB292DB75AD45EBA0

Function 00FB676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00FB6766,?,?,00000008,?,?,00FBFEFE,00000000), ref: 00FB6998

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: e2a4e6a4811c37bde8ec7841697a0aa3d42abf74d73757593f7ff4b1242e4ca2
Instruction ID: d576bbe58957bd3a3f4180470d625df3fa9b551514cb15cef0c66948dfbe0922
Opcode Fuzzy Hash: e2a4e6a4811c37bde8ec7841697a0aa3d42abf74d73757593f7ff4b1242e4ca2
Instruction Fuzzy Hash: C2B15E32510608DFDB15CF29C486BA57BE0FF45364F258658E899CF2A1C739D991DF40

Function 00F9B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00FD851F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8c1e9e21c3fad749d90d774351f82a031dd20f29cb1c5e7d1270256d15f1b068
Instruction ID: 1e448f7fe35604c6953696ad406f16d4d7fc6a884f32f570d404c57a74c1254a
Opcode Fuzzy Hash: 8c1e9e21c3fad749d90d774351f82a031dd20f29cb1c5e7d1270256d15f1b068
Instruction Fuzzy Hash: 29125F71D00229DBDF24CF58D980BEEB7B5FF48710F14819AE849EB255DB349A81EB90

Function 00FFEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00FFEABD

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 674b2da9009484c91348af48db0175b50404e69be54b510c90a3c5336eebde63
Instruction ID: a849259927ecbc294154d6052b48320138b84b56d91c8dba8a978de1a83b9baf
Opcode Fuzzy Hash: 674b2da9009484c91348af48db0175b50404e69be54b510c90a3c5336eebde63
Instruction Fuzzy Hash: BCE01A362002049FD710EF59D805E9ABBE9AF98760F008416FD49CB261DA78E8409BA0

Function 00FA09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00FA03EE), ref: 00FA09DA

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 702660381c778d05a6925f4c47be082436245cb033f834f97747699164d38d57
Instruction ID: 31cb92f8c27e24675404162748067ef43fdd5845c7908fc109fb7a44253bd877
Opcode Fuzzy Hash: 702660381c778d05a6925f4c47be082436245cb033f834f97747699164d38d57
Instruction Fuzzy Hash:

Function 00FA781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00FA798B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: c66f7cbdd7fc692f455a6bfac746c8fcb71b60fa72ceea602b0b71353f998568
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: A3516AF2E0C7055BDB3875288C59FBF63999B07360F28051AD886D7292C61DEE06F356

Function 00FB6DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ac993dc1e221aa90a778f8bd1e94950e990fd68d3f867b838c9a101e9b2207e
Instruction ID: 3b98d3087681ad460155f4f6edffe3d1d88771add9858a3411efef33d6e17966
Opcode Fuzzy Hash: 9ac993dc1e221aa90a778f8bd1e94950e990fd68d3f867b838c9a101e9b2207e
Instruction Fuzzy Hash: F7322432D29F014DDB33A935D822335A249AFF73D5F25C737E81AB5999EB29C4835600

Function 00F9CC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36937607f85b60196a24471167e746cae88623c65a676714dc4736f731d098f7
Instruction ID: bc77a09bc449cd9654e520a17f6b1e38d21c0bdc1ccd75b858d91562f8531175
Opcode Fuzzy Hash: 36937607f85b60196a24471167e746cae88623c65a676714dc4736f731d098f7
Instruction Fuzzy Hash: 3732F332E401968BDF28CA68C4A067D7BA3EB45320F2C856BD599CB391D634DD81FBC1

Function 00F87920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5e654c27771f79c5cfe79da9026dc3b06c3e4cdb73775049376a6b0a1d298d
Instruction ID: a4a13bc14213c1ad9e30840d8df09f84face63445d7ff1cc1e416fdd7440641a
Opcode Fuzzy Hash: 2d5e654c27771f79c5cfe79da9026dc3b06c3e4cdb73775049376a6b0a1d298d
Instruction Fuzzy Hash: 7822C371E046069FDF14EF64C982BEEB3B2FF44710F244529E412A7291EB39E954EB50

Function 00F891C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d75d15313e9a98c4cb2e0fdd7345e868865e51c6840078976717c625faa6a00
Instruction ID: b1a4a311908f7fe4f5015867a88634f01f61ca8f5c3678dc452178223022b5ab
Opcode Fuzzy Hash: 3d75d15313e9a98c4cb2e0fdd7345e868865e51c6840078976717c625faa6a00
Instruction Fuzzy Hash: F502B4B1E0020AEFDF04DF54D982BADB7B5FF44310F148169E806DB290EB75AA14EB90

Function 00FB9EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51974facc6f0d4a5ea25844b84f97a525630be8c627f31f6eb1002033747bb00
Instruction ID: d6865742c0e31a6fa3ee4de6cb9109000e776e57e6cc8c997965b99341b8ba30
Opcode Fuzzy Hash: 51974facc6f0d4a5ea25844b84f97a525630be8c627f31f6eb1002033747bb00
Instruction Fuzzy Hash: 60B1C030D2AF414DD23399398831336B65CBFBB6D5B61D71BFC5678E16EB2A86834240

Function 00FA1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: abafc24050dff839ba82b4c992d9d941e4e271ed4cb194cf8f8ea8a224f92bbb
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 709157B3A080A34ADB29463E857417EFFE16A933B1B1B079DD4F2CA1C5FE149954F620

Function 00FA1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 3f49149e82872058a92001ecd13c079826a60d67d8578eda1025abe0979e55c7
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: 289140B3B090E34EDB69423D847413EFEE15A933B171A079EE4F2CA1C5EE249954F620

Function 00FA19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: ce235549ba842d97c2ec1a79c477339449aa64190c5aaad957f4923ecf2ea51e
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: AD9133B36090A34ADB2D467A857407EFFE16A933B2B1B079DD4F2CA1C1FD249564F620

Function 00FA7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 656995fe169c6323ff525deab172c3cc3723d1fb059c0b0aeadb54d41a8f9320
Instruction ID: 4e52876af143589545f4fe2f75fbb5275d5430eb05b231494ef57fe794d75ac4
Opcode Fuzzy Hash: 656995fe169c6323ff525deab172c3cc3723d1fb059c0b0aeadb54d41a8f9320
Instruction Fuzzy Hash: FB617BF2A0870566DA34B9288C95FBF3394DFC37A0F140919E843CB295D6599E43B375

Function 00FA7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97fbe123ac5ffe00c81f1b26ae672df4e33bf97ca9926a2296e5438308d97725
Instruction ID: 4ccea432dd4e350a13c1588ca185da183eb0e050613c9bcf6e103e473a082bf0
Opcode Fuzzy Hash: 97fbe123ac5ffe00c81f1b26ae672df4e33bf97ca9926a2296e5438308d97725
Instruction Fuzzy Hash: 21618AF2E0870956DE387A288C95FBF3394DF43760F140959E843CB281EA56AD43B355

Function 00FA1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 205dd7e31516e186091ed47271694cc52ec3efd0ab19197057909137682c90bd
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 8D8142B3A090A349EB6D463A857443EFFE17A933B1B1B079DD4F2CA1C1EE249554F620

Function 00FF2046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ad8c0025952217aecad313947fbbde9dc1ad2eb8d601f4c0dda9a7ae2ef498e
Instruction ID: 91d0a7c62c3d1bf936cd833e540e78c0ef69274358b90d5868ec2057073c9d87
Opcode Fuzzy Hash: 1ad8c0025952217aecad313947fbbde9dc1ad2eb8d601f4c0dda9a7ae2ef498e
Instruction Fuzzy Hash: AA21BB326206158BDB28CE79C81367E73D5AB54320F158A2EE4A7C37D4DE3AA904D750

Function 01002ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 01002B30
DeleteObject.GDI32(00000000), ref: 01002B43
DestroyWindow.USER32 ref: 01002B52
GetDesktopWindow.USER32 ref: 01002B6D
GetWindowRect.USER32(00000000), ref: 01002B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 01002CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 01002CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01002CF8
GetClientRect.USER32(00000000,?), ref: 01002D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 01002D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01002D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01002D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01002D80
GlobalLock.KERNEL32(00000000), ref: 01002D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01002D98
GlobalUnlock.KERNEL32(00000000), ref: 01002DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01002DA8
GlobalFree.KERNEL32(00000000), ref: 01002DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01002DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,0101FC38,00000000), ref: 01002DDB
GlobalFree.KERNEL32(00000000), ref: 01002DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 01002E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 01002E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01002E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0100303F

Strings

, xrefs: 01002FC5
DISPLAY, xrefs: 01002EA2
AutoIt v3, xrefs: 01002CF2
static, xrefs: 01002D3A, 01002E91

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 7d55f66443aea02a1ada10df3c92ebc842008ca9d29e79bbd6b161d0d9face53
Instruction ID: adf26564899b51625d28e6526a24d60cc0c4acab7ca36921703ed96271b0aba1
Opcode Fuzzy Hash: 7d55f66443aea02a1ada10df3c92ebc842008ca9d29e79bbd6b161d0d9face53
Instruction Fuzzy Hash: A602BD71500208AFEB25DFA4CD88EAE7BB9FF49710F048158F955AB295CB39ED00CB60

Function 010170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 0101712F
GetSysColorBrush.USER32(0000000F), ref: 01017160
GetSysColor.USER32(0000000F), ref: 0101716C
SetBkColor.GDI32(?,000000FF), ref: 01017186
SelectObject.GDI32(?,?), ref: 01017195
InflateRect.USER32(?,000000FF,000000FF), ref: 010171C0
GetSysColor.USER32(00000010), ref: 010171C8
CreateSolidBrush.GDI32(00000000), ref: 010171CF
FrameRect.USER32(?,?,00000000), ref: 010171DE
DeleteObject.GDI32(00000000), ref: 010171E5
InflateRect.USER32(?,000000FE,000000FE), ref: 01017230
FillRect.USER32(?,?,?), ref: 01017262
GetWindowLongW.USER32(?,000000F0), ref: 01017284

Part of subcall function 010173E8: GetSysColor.USER32(00000012), ref: 01017421
Part of subcall function 010173E8: SetTextColor.GDI32(?,?), ref: 01017425
Part of subcall function 010173E8: GetSysColorBrush.USER32(0000000F), ref: 0101743B
Part of subcall function 010173E8: GetSysColor.USER32(0000000F), ref: 01017446
Part of subcall function 010173E8: GetSysColor.USER32(00000011), ref: 01017463
Part of subcall function 010173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 01017471
Part of subcall function 010173E8: SelectObject.GDI32(?,00000000), ref: 01017482
Part of subcall function 010173E8: SetBkColor.GDI32(?,00000000), ref: 0101748B
Part of subcall function 010173E8: SelectObject.GDI32(?,?), ref: 01017498
Part of subcall function 010173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 010174B7
Part of subcall function 010173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 010174CE
Part of subcall function 010173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 010174DB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 8a1ed93b1e20540fb10aae11df3ff3596bee842092e5313b660b8c187cd53a58
Instruction ID: bff69af1a1d5cc5931ba2e95764cc3c4f9d8708b05ced2ffc3320629ca652309
Opcode Fuzzy Hash: 8a1ed93b1e20540fb10aae11df3ff3596bee842092e5313b660b8c187cd53a58
Instruction Fuzzy Hash: 3AA1CF72048301EFEB219F64DD48A6B7BE9FB89320F100A19FAE2961D4D77ED944CB51

Function 00F98D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00F98E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00FD6AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00FD6AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00FD6F43

Part of subcall function 00F98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F98BE8,?,00000000,?,?,?,?,00F98BBA,00000000,?), ref: 00F98FC5

SendMessageW.USER32(?,00001053), ref: 00FD6F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00FD6F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00FD6FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00FD6FB7

Strings

0, xrefs: 00FD6DCF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 461b47fd2a229ade27c8983ddf1ac136e3a04dd564d9703b6f840336e59457c1
Instruction ID: b081fce39fa6789b2eb75a40cac290f67a44843aa67506b1a2b5eec4699e8739
Opcode Fuzzy Hash: 461b47fd2a229ade27c8983ddf1ac136e3a04dd564d9703b6f840336e59457c1
Instruction Fuzzy Hash: 0212BF31A00201AFEB25DF14D954BAABBF6FB45320F18446AF495CB251CB3AEC52EB51

Function 01002711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 0100273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0100286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 010028A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 010028B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 01002900
GetClientRect.USER32(00000000,?), ref: 0100290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 01002955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 01002964
GetStockObject.GDI32(00000011), ref: 01002974
SelectObject.GDI32(00000000,00000000), ref: 01002978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 01002988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 01002991
DeleteDC.GDI32(00000000), ref: 0100299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 010029C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 010029DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 01002A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 01002A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 01002A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 01002A77
GetStockObject.GDI32(00000011), ref: 01002A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 01002A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 01002A97

Strings

msctls_progress32, xrefs: 01002A13
DISPLAY, xrefs: 0100295A
AutoIt v3, xrefs: 010028F8
static, xrefs: 0100294F, 01002A71

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: e2205d60002c250bd1cfb2b04e8b28c4f8f9c4a0c951d0eb957f4e6fb6523a02
Instruction ID: 152541f5941568381e357b0bcd957203593696459d311c2c6e8b0ccabed7013c
Opcode Fuzzy Hash: e2205d60002c250bd1cfb2b04e8b28c4f8f9c4a0c951d0eb957f4e6fb6523a02
Instruction Fuzzy Hash: 84B17DB1A40205AFEB24DF68CD49FAE7BA9FB08710F008154F954EB2D1D778E940CB60

Function 00FF4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00FF4AED
GetDriveTypeW.KERNEL32(?,0101CB68,?,\\.\,0101CC08), ref: 00FF4BCA
SetErrorMode.KERNEL32(00000000,0101CB68,?,\\.\,0101CC08), ref: 00FF4D36

Strings

PhysicalDrive, xrefs: 00FF4B76
ATA, xrefs: 00FF4C98
Removable, xrefs: 00FF4C10, 00FF4C15
Fixed, xrefs: 00FF4C09
SSD, xrefs: 00FF4C4A
CDROM, xrefs: 00FF4BFB
\\.\, xrefs: 00FF4B3F
SAS, xrefs: 00FF4CC9
Virtual, xrefs: 00FF4CE5
iSCSI, xrefs: 00FF4CC2
1394, xrefs: 00FF4C9F
Unknown, xrefs: 00FF4BED, 00FF4C83
ATAPI, xrefs: 00FF4C91
SSA, xrefs: 00FF4CA6
USB, xrefs: 00FF4CB4
RAID, xrefs: 00FF4CBB
MMC, xrefs: 00FF4CDE
SCSI, xrefs: 00FF4C8A
SATA, xrefs: 00FF4CD0
Fibre, xrefs: 00FF4CAD
RAMDisk, xrefs: 00FF4BF4
Network, xrefs: 00FF4C02
FileBackedVirtual, xrefs: 00FF4CEC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: c97351bfa9ccbe5454cce30532c4bf2ef8abb297124802883039a2e9516bb0cc
Instruction ID: ffb1e9ca2f959b379845e17633e4ac0f8420c506c521d2efcafc53553326907d
Opcode Fuzzy Hash: c97351bfa9ccbe5454cce30532c4bf2ef8abb297124802883039a2e9516bb0cc
Instruction Fuzzy Hash: F861F771A0520D9BCB04EF14CAC1ABE77A0AF45710B244029FA46AF671DB76FD81FB51

Function 010173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 01017421
SetTextColor.GDI32(?,?), ref: 01017425
GetSysColorBrush.USER32(0000000F), ref: 0101743B
GetSysColor.USER32(0000000F), ref: 01017446
CreateSolidBrush.GDI32(?), ref: 0101744B
GetSysColor.USER32(00000011), ref: 01017463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 01017471
SelectObject.GDI32(?,00000000), ref: 01017482
SetBkColor.GDI32(?,00000000), ref: 0101748B
SelectObject.GDI32(?,?), ref: 01017498
InflateRect.USER32(?,000000FF,000000FF), ref: 010174B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 010174CE
GetWindowLongW.USER32(00000000,000000F0), ref: 010174DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0101752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 01017554
InflateRect.USER32(?,000000FD,000000FD), ref: 01017572
DrawFocusRect.USER32(?,?), ref: 0101757D
GetSysColor.USER32(00000011), ref: 0101758E
SetTextColor.GDI32(?,00000000), ref: 01017596
DrawTextW.USER32(?,010170F5,000000FF,?,00000000), ref: 010175A8
SelectObject.GDI32(?,?), ref: 010175BF
DeleteObject.GDI32(?), ref: 010175CA
SelectObject.GDI32(?,?), ref: 010175D0
DeleteObject.GDI32(?), ref: 010175D5
SetTextColor.GDI32(?,?), ref: 010175DB
SetBkColor.GDI32(?,?), ref: 010175E5

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: f54152c7594873c5707f3d08656ccb8ceea1e8b741ba5002c6ff70b8d5c10be0
Instruction ID: 3f2bffefdc2f66b45a0b26136f53c0bc2c88f5dd9c2be5b69ac761f63a1b6551
Opcode Fuzzy Hash: f54152c7594873c5707f3d08656ccb8ceea1e8b741ba5002c6ff70b8d5c10be0
Instruction Fuzzy Hash: 74618C72940218AFEF119FA8DD48EEEBFB9EB09320F144111FA51AB295D779D940CF90

Function 01010FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 01011128
GetDesktopWindow.USER32 ref: 0101113D
GetWindowRect.USER32(00000000), ref: 01011144
GetWindowLongW.USER32(?,000000F0), ref: 01011199
DestroyWindow.USER32(?), ref: 010111B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 010111ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0101120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0101121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 01011232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 01011245
IsWindowVisible.USER32(00000000), ref: 010112A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 010112BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 010112D0
GetWindowRect.USER32(00000000,?), ref: 010112E8
MonitorFromPoint.USER32(?,?,00000002), ref: 0101130E
GetMonitorInfoW.USER32(00000000,?), ref: 01011328
CopyRect.USER32(?,?), ref: 0101133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 010113AA

Strings

tooltips_class32, xrefs: 010111E6
0, xrefs: 010110D3
(, xrefs: 0101131B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 987d4b029e613c2c09eac3766ca99bd0d8a56f422bd86c3b45fb8d300af74c13
Instruction ID: 42471d42e4058eb82dd747ac902166f77c163ca0302c754a563b16e5c1fb48a3
Opcode Fuzzy Hash: 987d4b029e613c2c09eac3766ca99bd0d8a56f422bd86c3b45fb8d300af74c13
Instruction Fuzzy Hash: 16B1AE71608341AFD754DF64C984BAEBBE4FF88310F008958FAD99B295C779E844CB91

Function 00F98891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F98968
GetSystemMetrics.USER32(00000007), ref: 00F98970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F9899B
GetSystemMetrics.USER32(00000008), ref: 00F989A3
GetSystemMetrics.USER32(00000004), ref: 00F989C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00F989E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00F989F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00F98A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00F98A3C
GetClientRect.USER32(00000000,000000FF), ref: 00F98A5A
GetStockObject.GDI32(00000011), ref: 00F98A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00F98A81

Part of subcall function 00F9912D: GetCursorPos.USER32(?), ref: 00F99141
Part of subcall function 00F9912D: ScreenToClient.USER32(00000000,?), ref: 00F9915E
Part of subcall function 00F9912D: GetAsyncKeyState.USER32(00000001), ref: 00F99183
Part of subcall function 00F9912D: GetAsyncKeyState.USER32(00000002), ref: 00F9919D

SetTimer.USER32(00000000,00000000,00000028,00F990FC), ref: 00F98AA8

Strings

AutoIt v3 GUI, xrefs: 00F98A20

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 9b5606c90d087dbf4f8dca7c7d49b1e15f536aca2b2a5f15510f3c7b532abd3f
Instruction ID: ab4bd4add2fc8d3296acb2069a38db65278c488dd4736a81bdc3901a94ecc1f4
Opcode Fuzzy Hash: 9b5606c90d087dbf4f8dca7c7d49b1e15f536aca2b2a5f15510f3c7b532abd3f
Instruction Fuzzy Hash: BBB19131A4020AAFEF24DF68C945BAE3BB5FB48314F14421AFA55E7284DB79D841DF50

Function 00FE0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00FE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00FE1114
Part of subcall function 00FE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE1120
Part of subcall function 00FE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE112F
Part of subcall function 00FE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE1136
Part of subcall function 00FE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00FE114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00FE0DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00FE0E29
GetLengthSid.ADVAPI32(?), ref: 00FE0E40
GetAce.ADVAPI32(?,00000000,?), ref: 00FE0E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00FE0E96
GetLengthSid.ADVAPI32(?), ref: 00FE0EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00FE0EB5
HeapAlloc.KERNEL32(00000000), ref: 00FE0EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00FE0EDD
CopySid.ADVAPI32(00000000), ref: 00FE0EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00FE0F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00FE0F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00FE0F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FE0F6E
HeapFree.KERNEL32(00000000), ref: 00FE0F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FE0F7E
HeapFree.KERNEL32(00000000), ref: 00FE0F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FE0F8E
HeapFree.KERNEL32(00000000), ref: 00FE0F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00FE0FA1
HeapFree.KERNEL32(00000000), ref: 00FE0FA8

Part of subcall function 00FE1193: GetProcessHeap.KERNEL32(00000008,00FE0BB1,?,00000000,?,00FE0BB1,?), ref: 00FE11A1
Part of subcall function 00FE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00FE0BB1,?), ref: 00FE11A8
Part of subcall function 00FE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00FE0BB1,?), ref: 00FE11B7

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 4437686c38f13744723ae393aa37d86fc5d7954bcd5239cd28cb3762d5a1c251
Instruction ID: 35bde037181125af3993c6c5a8278aaec54557bb8c1f50b85e703b59cf709dfd
Opcode Fuzzy Hash: 4437686c38f13744723ae393aa37d86fc5d7954bcd5239cd28cb3762d5a1c251
Instruction Fuzzy Hash: F5718C72D0024AABEF209FA6DC44FAEBBB8FF05310F044125F959A6180DB79DE55DB60

Function 0100C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0100C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,0101CC08,00000000,?,00000000,?,?), ref: 0100C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0100C5A4
_wcslen.LIBCMT ref: 0100C5F4
_wcslen.LIBCMT ref: 0100C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0100C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0100C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0100C84D
RegCloseKey.ADVAPI32(?), ref: 0100C881
RegCloseKey.ADVAPI32(00000000), ref: 0100C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0100C960

Strings

REG_MULTI_SZ, xrefs: 0100C6F5
REG_BINARY, xrefs: 0100C913
REG_EXPAND_SZ, xrefs: 0100C5CD
REG_DWORD, xrefs: 0100C804
REG_SZ, xrefs: 0100C644
REG_QWORD, xrefs: 0100C8C3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: fbbd9a18731d81e851210792324caaf3453ab2e6ede2b22af443dadc765d89c0
Instruction ID: 3a1faaf423bb61ae3e113d02d198a5ec10bc7f75be56804a532071d345356599
Opcode Fuzzy Hash: fbbd9a18731d81e851210792324caaf3453ab2e6ede2b22af443dadc765d89c0
Instruction Fuzzy Hash: 9812AD352042009FE715EF14C981B6AB7E5FF88314F18899CF98A9B3A2DB35ED41CB91

Function 0101091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 010109C6
_wcslen.LIBCMT ref: 01010A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01010A54
_wcslen.LIBCMT ref: 01010A8A
_wcslen.LIBCMT ref: 01010B06
_wcslen.LIBCMT ref: 01010B81

Part of subcall function 00F9F9F2: _wcslen.LIBCMT ref: 00F9F9FD

Part of subcall function 00FE2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00FE2BFA

Strings

ISCHECKED, xrefs: 01010CE1
UNCHECK, xrefs: 01010D3E
GETITEMCOUNT, xrefs: 01010C1E
EXPAND, xrefs: 01010BF8
GETTOTALCOUNT, xrefs: 010109F2, 01010A17
GETSELECTED, xrefs: 01010C4E
GETTEXT, xrefs: 01010C97
CHECK, xrefs: 01010A85, 01010AA0
SELECT, xrefs: 01010D11
EXISTS, xrefs: 01010B7C, 01010B97
COLLAPSE, xrefs: 01010B01, 01010B1C

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 648a6c702bdbcd1e35358ba0f45f375625cb00729a33992a0c599a3715323975
Instruction ID: a4b6eeaba1048eab4208853d6a220408ce6146e3a1d493a95de037b3aa2bc5d1
Opcode Fuzzy Hash: 648a6c702bdbcd1e35358ba0f45f375625cb00729a33992a0c599a3715323975
Instruction Fuzzy Hash: 7DE1A0712083018FC714EF29C89096EB7E1BF88314B54899DF8D69B36AD739ED85CB91

Function 0100C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0100B6AE,?,?), ref: 0100C9B5
_wcslen.LIBCMT ref: 0100C9F1
_wcslen.LIBCMT ref: 0100CA68
_wcslen.LIBCMT ref: 0100CA9E
_wcslen.LIBCMT ref: 0100CAF9
_wcslen.LIBCMT ref: 0100CB2F
_wcslen.LIBCMT ref: 0100CB7F

Strings

HKCU, xrefs: 0100CBCE
HKU, xrefs: 0100CBF0
HKCR, xrefs: 0100CB29, 0100CB2E
HKCC, xrefs: 0100CBAC
HKEY_USERS, xrefs: 0100CBDF
HKLM, xrefs: 0100CA98, 0100CA9D
HKEY_CURRENT_CONFIG, xrefs: 0100CB79, 0100CB7E
HKEY_CLASSES_ROOT, xrefs: 0100CAF3, 0100CAF8
HKEY_CURRENT_USER, xrefs: 0100CBBD
HKEY_LOCAL_MACHINE, xrefs: 0100CA62, 0100CA67

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 7b15d1ee54c084c79fb3531bde8d3d505f4f760a2660fec5e9dd5a6c07ee7dfe
Instruction ID: e43897877dfc16ca4b8c5c9a3e76c847ee3cdb41d91c8bef6e10a1223d681639
Opcode Fuzzy Hash: 7b15d1ee54c084c79fb3531bde8d3d505f4f760a2660fec5e9dd5a6c07ee7dfe
Instruction Fuzzy Hash: F67102726005268BFB22DE6CCE409BF33D1AB96654F5407E8FCD2972C6E635DD8493A0

Function 0101833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0101835A
_wcslen.LIBCMT ref: 0101836E
_wcslen.LIBCMT ref: 01018391
_wcslen.LIBCMT ref: 010183B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 010183F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0101361A,?), ref: 0101844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01018487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 010184CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01018501
FreeLibrary.KERNEL32(?), ref: 0101850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0101851D
DestroyIcon.USER32(?), ref: 0101852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 01018549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 01018555

Strings

.exe, xrefs: 01018388
.dll, xrefs: 010183AB
.icl, xrefs: 01018368

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 3a365ab5e37cd0d1ef6d6202843ce91b739679a81a54c373aecbcab33ecdd9b9
Instruction ID: ad25b55ce6e03aa69a5243450293f72033d442a4eb3ba5b8db2f6d014d662fed
Opcode Fuzzy Hash: 3a365ab5e37cd0d1ef6d6202843ce91b739679a81a54c373aecbcab33ecdd9b9
Instruction Fuzzy Hash: 9861E2B1540205BBEB24DF64CC81BBE77A8FB08710F10864AF995D60D5DBBCEA90D7A0

Function 00F87778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#include-once, xrefs: 00F8782F
#comments-end, xrefs: 00F878D9
#OnAutoItStartRegister, xrefs: 00F87817
", xrefs: 00FC5153
#notrayicon, xrefs: 00F877E7
#cs, xrefs: 00F87873, 00F878C5
#include, xrefs: 00F87847
Cannot parse #include, xrefs: 00FC5279
Unterminated group of comments, xrefs: 00FC528C
', xrefs: 00FC5169
#requireadmin, xrefs: 00F877FF
#ce, xrefs: 00F878ED
#comments-start, xrefs: 00F8785F, 00F878B1
#pragma compile, xrefs: 00F877D3
Bad directive syntax error, xrefs: 00FC519A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 5f22eaf04ec51cee6302ced1b35905d5207b508a72c3c2cdbd2e8aa494fcb2ef
Instruction ID: 937ecf3a58849d45b455c8dc637ad060fc7222c8c1e751155b3c457efca056b1
Opcode Fuzzy Hash: 5f22eaf04ec51cee6302ced1b35905d5207b508a72c3c2cdbd2e8aa494fcb2ef
Instruction Fuzzy Hash: DB8129B1A44306BBDB20BF60CD83FEE77A4AF15750F144028F804AA196EB78D945F7A0

Function 00FF3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00FF3EF8
_wcslen.LIBCMT ref: 00FF3F03
_wcslen.LIBCMT ref: 00FF3F5A
_wcslen.LIBCMT ref: 00FF3F98
GetDriveTypeW.KERNEL32(?), ref: 00FF3FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00FF401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00FF4059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00FF4087

Strings

type cdaudio alias cd wait, xrefs: 00FF4001
close, xrefs: 00FF3EFE, 00FF3F18
set cd door , xrefs: 00FF4028
open , xrefs: 00FF3FE5
open, xrefs: 00FF3F54, 00FF3F59
wait, xrefs: 00FF4044
closed, xrefs: 00FF3F08, 00FF3F2D, 00FF3F46, 00FF3F7E, 00FF3F97
close cd wait, xrefs: 00FF4072

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: e3d3252dbec0b552c816db7dbc1879e1b5a5f7fa65a8e4b2cf92acbfeef535aa
Instruction ID: 6c3c3c69e89d11d8dbd781a44b8e05f75d96409a1a1c97fdcdf32e1ced8afc17
Opcode Fuzzy Hash: e3d3252dbec0b552c816db7dbc1879e1b5a5f7fa65a8e4b2cf92acbfeef535aa
Instruction Fuzzy Hash: 2571E072A042069FC310EF24C8809BBB7F4EF95768F00492DF695972A1EB35EE45DB91

Function 00FE5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00FE5A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00FE5A40
SetWindowTextW.USER32(?,?), ref: 00FE5A57
GetDlgItem.USER32(?,000003EA), ref: 00FE5A6C
SetWindowTextW.USER32(00000000,?), ref: 00FE5A72
GetDlgItem.USER32(?,000003E9), ref: 00FE5A82
SetWindowTextW.USER32(00000000,?), ref: 00FE5A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00FE5AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00FE5AC3
GetWindowRect.USER32(?,?), ref: 00FE5ACC
_wcslen.LIBCMT ref: 00FE5B33
SetWindowTextW.USER32(?,?), ref: 00FE5B6F
GetDesktopWindow.USER32 ref: 00FE5B75
GetWindowRect.USER32(00000000), ref: 00FE5B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00FE5BD3
GetClientRect.USER32(?,?), ref: 00FE5BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00FE5C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00FE5C2F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: ac064cd0dbb9736bcfac4e225183deae51af9a034c1e07116a6a00542ec57269
Instruction ID: 35864acb904836a82b2ef6454187239ee7b30a14125f13aa825d3c1c692531e5
Opcode Fuzzy Hash: ac064cd0dbb9736bcfac4e225183deae51af9a034c1e07116a6a00542ec57269
Instruction Fuzzy Hash: 27718031900B45AFDB20DFA9CE85BAEBBF5FF48B18F104918E182A3590D779E900DB50

Function 00FFFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00FFFE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00FFFE32
LoadCursorW.USER32(00000000,00007F00), ref: 00FFFE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00FFFE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00FFFE53
LoadCursorW.USER32(00000000,00007F01), ref: 00FFFE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00FFFE69
LoadCursorW.USER32(00000000,00007F88), ref: 00FFFE74
LoadCursorW.USER32(00000000,00007F80), ref: 00FFFE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00FFFE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00FFFE95
LoadCursorW.USER32(00000000,00007F85), ref: 00FFFEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00FFFEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00FFFEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00FFFEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00FFFECC
GetCursorInfo.USER32(?), ref: 00FFFEDC
GetLastError.KERNEL32 ref: 00FFFF1E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 9ffe22c31c17f3c7abde822825fa95385136e83dc855e704b6e719c7083bad9b
Instruction ID: 0725e69df3a8dfbbd98082de421aabf30da01b5ed288bf9e0b92d86819cdfb70
Opcode Fuzzy Hash: 9ffe22c31c17f3c7abde822825fa95385136e83dc855e704b6e719c7083bad9b
Instruction Fuzzy Hash: 4D4144B0D443196ADB109FBA8C8586EBFE8FF04764B50452AE11DEB291DB78E901CF91

Function 00FA00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00FA00C6

Part of subcall function 00FA00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0105070C,00000FA0,AD9F20C3,?,?,?,?,00FC23B3,000000FF), ref: 00FA011C
Part of subcall function 00FA00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00FC23B3,000000FF), ref: 00FA0127
Part of subcall function 00FA00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00FC23B3,000000FF), ref: 00FA0138
Part of subcall function 00FA00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00FA014E
Part of subcall function 00FA00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00FA015C
Part of subcall function 00FA00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00FA016A
Part of subcall function 00FA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FA0195
Part of subcall function 00FA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FA01A0

___scrt_fastfail.LIBCMT ref: 00FA00E7

Part of subcall function 00FA00A3: __onexit.LIBCMT ref: 00FA00A9

Strings

InitializeConditionVariable, xrefs: 00FA0148
SleepConditionVariableCS, xrefs: 00FA0154
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00FA0122
WakeAllConditionVariable, xrefs: 00FA0162
kernel32.dll, xrefs: 00FA0133

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 16f9b12f83ae28c125845a1305354d0f58bbccaa507183ff7387bea715c7b06f
Instruction ID: 8b605c59af09fa30c1b51d8c52d489d32fea519e07eef3e52641ad9c339b1ac2
Opcode Fuzzy Hash: 16f9b12f83ae28c125845a1305354d0f58bbccaa507183ff7387bea715c7b06f
Instruction Fuzzy Hash: 8521D4B2E857116BF7206B65BD06B6E33A4EB06B61F00012AF881E7248DF6DCC009B90

Function 00FE30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00FE318D
_wcslen.LIBCMT ref: 00FE31F8

Strings

CLASS, xrefs: 00FE3188, 00FE31A5
CLASSNN, xrefs: 00FE31F3, 00FE3204
INSTANCE, xrefs: 00FE3453
REGEXPCLASS, xrefs: 00FE3255, 00FE3266
NAME, xrefs: 00FE3335, 00FE3346
TEXT, xrefs: 00FE347C

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 7267521b100ff8eb55ea66955495ae86bd8a41219df339419ed094d4322a866c
Instruction ID: bae3206c6f72a12b4d45c24d940a617d78268aafc01608b9b1af219ad2a8e2a1
Opcode Fuzzy Hash: 7267521b100ff8eb55ea66955495ae86bd8a41219df339419ed094d4322a866c
Instruction Fuzzy Hash: E9E1D532E00656ABCB14DF66C84DBEEFBB4BF44720F548129E456E7240DB34AE45AB90

Function 00FF44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,0101CC08), ref: 00FF4527
_wcslen.LIBCMT ref: 00FF453B
_wcslen.LIBCMT ref: 00FF4599
_wcslen.LIBCMT ref: 00FF45F4
_wcslen.LIBCMT ref: 00FF463F
_wcslen.LIBCMT ref: 00FF46A7

Part of subcall function 00F9F9F2: _wcslen.LIBCMT ref: 00F9F9FD

GetDriveTypeW.KERNEL32(?,01046BF0,00000061), ref: 00FF4743

Strings

unknown, xrefs: 00FF4708
network, xrefs: 00FF469D, 00FF46A2
all, xrefs: 00FF4531, 00FF4536
fixed, xrefs: 00FF4635, 00FF463A
cdrom, xrefs: 00FF458F, 00FF4594
ramdisk, xrefs: 00FF46F1
removable, xrefs: 00FF45EA, 00FF45EF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 43764760e56fdaa035a162387ee6ae59f37e947037a8c2e7c618489adb8b56ec
Instruction ID: c9a008eb12257a48b14e4087b37c2fe8bd0cc3af76e161761defd7748a64b0b2
Opcode Fuzzy Hash: 43764760e56fdaa035a162387ee6ae59f37e947037a8c2e7c618489adb8b56ec
Instruction Fuzzy Hash: 70B10371A083069BC710EF28C890A7BF7E5BF96720F54491DF696C72A1E734E844DB92

Function 01003FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,0101CC08), ref: 010040BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 010040CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0101CC08), ref: 010040F2
FreeLibrary.KERNEL32(00000000,?,0101CC08), ref: 0100413E
StringFromGUID2.OLE32(?,?,00000028,?,0101CC08), ref: 010041A8
SysFreeString.OLEAUT32(00000009), ref: 01004262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 010042C8
SysFreeString.OLEAUT32(?), ref: 010042F2

Strings

GetModuleHandleExW, xrefs: 010040C7
kernel32.dll, xrefs: 010040B6

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: c27aefad52e15a6c9bbcabe8bb37382c380811ce5d645656c08bc30f74d9b6cd
Instruction ID: 0bcf8e99a4bc962e0579cee8d43ea0f0f10efb92bd7a7efd0c4caf3c9e8e8ce8
Opcode Fuzzy Hash: c27aefad52e15a6c9bbcabe8bb37382c380811ce5d645656c08bc30f74d9b6cd
Instruction Fuzzy Hash: 28125C71A00105EFEB56CF58C884EAEBBB5FF45314F158098EA45EB291CB35ED46CBA0

Function 00F8326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(01051990), ref: 00FC2F8D
GetMenuItemCount.USER32(01051990), ref: 00FC303D
GetCursorPos.USER32(?), ref: 00FC3081
SetForegroundWindow.USER32(00000000), ref: 00FC308A
TrackPopupMenuEx.USER32(01051990,00000000,?,00000000,00000000,00000000), ref: 00FC309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00FC30A9

Strings

0, xrefs: 00F8327D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: f2fb2e5ee1e72d028608c79fd4cb5e33ea312b3858367d735d5b789cd183cc30
Instruction ID: 943a25547ba62fc1c61c08ddc864dbda1eb58f4628b81cfa7cfe72cde62746c9
Opcode Fuzzy Hash: f2fb2e5ee1e72d028608c79fd4cb5e33ea312b3858367d735d5b789cd183cc30
Instruction Fuzzy Hash: 70714A71A4420ABEFB219F28CD4AFAABF64FF05774F20421AF5146A1E0C7B5AD50E750

Function 01016CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 01016DEB

Part of subcall function 00F86B57: _wcslen.LIBCMT ref: 00F86B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 01016E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 01016E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01016E94
DestroyWindow.USER32(?), ref: 01016EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00F80000,00000000), ref: 01016EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01016EFD
GetDesktopWindow.USER32 ref: 01016F16
GetWindowRect.USER32(00000000), ref: 01016F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 01016F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 01016F4D

Part of subcall function 00F99944: GetWindowLongW.USER32(?,000000EB), ref: 00F99952

Strings

tooltips_class32, xrefs: 01016E58, 01016EDD
0, xrefs: 01016D98

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 30a0d395e0319f9fe27bd3b5a3d78fa293a73bb3334bb83dd84f5ec7667c34da
Instruction ID: 722939773edb8ccaa567eed1a181574feb60cd57bddf681873ccc436f9585a00
Opcode Fuzzy Hash: 30a0d395e0319f9fe27bd3b5a3d78fa293a73bb3334bb83dd84f5ec7667c34da
Instruction Fuzzy Hash: 53714970144244AFEB21DF18CC44BAABBF9EB89304F44095DFAD987265C7BAE905CB11

Function 0101911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00F99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F99BB2

DragQueryPoint.SHELL32(?,?), ref: 01019147

Part of subcall function 01017674: ClientToScreen.USER32(?,?), ref: 0101769A
Part of subcall function 01017674: GetWindowRect.USER32(?,?), ref: 01017710
Part of subcall function 01017674: PtInRect.USER32(?,?,01018B89), ref: 01017720

SendMessageW.USER32(?,000000B0,?,?), ref: 010191B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 010191BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 010191DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 01019225
SendMessageW.USER32(?,000000B0,?,?), ref: 0101923E
SendMessageW.USER32(?,000000B1,?,?), ref: 01019255
SendMessageW.USER32(?,000000B1,?,?), ref: 01019277
DragFinish.SHELL32(?), ref: 0101927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 01019371

Strings

@GUI_DRAGID, xrefs: 010192E9
@GUI_DRAGFILE, xrefs: 01019320
@GUI_DROPID, xrefs: 0101929E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: bd73959cb75dd030328060ef5e9f8d3e19c4a7dbdd8f8aabe5bb802e60da2e57
Instruction ID: e59af4bd4132c7d5d8af5a9e8270fd0e583feff455e70ded32efd7df8e2bc6ec
Opcode Fuzzy Hash: bd73959cb75dd030328060ef5e9f8d3e19c4a7dbdd8f8aabe5bb802e60da2e57
Instruction Fuzzy Hash: 0C617871108301AFD711EF64DC85DAFBBE8EF89354F00091EF596931A0DB79AA48CB62

Function 00FFC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00FFC4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00FFC4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00FFC4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00FFC4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00FFC533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00FFC549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00FFC554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00FFC584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00FFC5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00FFC5F0
InternetCloseHandle.WININET(00000000), ref: 00FFC5FB

Strings

, xrefs: 00FFC575

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 73c6abaa9eb315ec525972fee1629aa247584188bb9813a00177cd67176c7897
Instruction ID: ca6239591284c9caabaae18305fec8d4b70568309aa8e63617fb93be4030531e
Opcode Fuzzy Hash: 73c6abaa9eb315ec525972fee1629aa247584188bb9813a00177cd67176c7897
Instruction Fuzzy Hash: 8C514FB154021DBFEB218F60CA48ABB7BBCFF04754F084419FA45D6250DB79E944EBA0

Function 0101856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 01018592
GetFileSize.KERNEL32(00000000,00000000), ref: 010185A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 010185AD
CloseHandle.KERNEL32(00000000), ref: 010185BA
GlobalLock.KERNEL32(00000000), ref: 010185C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 010185D7
GlobalUnlock.KERNEL32(00000000), ref: 010185E0
CloseHandle.KERNEL32(00000000), ref: 010185E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 010185F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,0101FC38,?), ref: 01018611
GlobalFree.KERNEL32(00000000), ref: 01018621
GetObjectW.GDI32(?,00000018,000000FF), ref: 01018641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 01018671
DeleteObject.GDI32(00000000), ref: 01018699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 010186AF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 016c6690ee0f2238c4cf81ae3b455ff9cbe2528ccea7dda8bce4ee0d1ee6ec35
Instruction ID: 57c064418ce08d090b0c69ef5eef8e1e126b45e6b2b403fcf8435c39b4a96016
Opcode Fuzzy Hash: 016c6690ee0f2238c4cf81ae3b455ff9cbe2528ccea7dda8bce4ee0d1ee6ec35
Instruction Fuzzy Hash: 34412975640204AFEB219FA9CD48EAE7BBCFF89711F108459F989E7254D739DA01CB20

Function 00FF14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00FF1502
VariantCopy.OLEAUT32(?,?), ref: 00FF150B
VariantClear.OLEAUT32(?), ref: 00FF1517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00FF15FB
VarR8FromDec.OLEAUT32(?,?), ref: 00FF1657
VariantInit.OLEAUT32(?), ref: 00FF1708
SysFreeString.OLEAUT32(?), ref: 00FF178C
VariantClear.OLEAUT32(?), ref: 00FF17D8
VariantClear.OLEAUT32(?), ref: 00FF17E7
VariantInit.OLEAUT32(00000000), ref: 00FF1823

Strings

Default, xrefs: 00FF16AF
%4d%02d%02d%02d%02d%02d, xrefs: 00FF1625

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 2e878770c5ed978148b897fa1efda00c00c6503dcc51fee413aaf3c4455b23c3
Instruction ID: ebc0f43be4724a99f3f718e28a33032b6078bfb612f458c7dee9567fb6a9a6ab
Opcode Fuzzy Hash: 2e878770c5ed978148b897fa1efda00c00c6503dcc51fee413aaf3c4455b23c3
Instruction Fuzzy Hash: 26D11332A04119DBEF14AF65D885B79B7B6BF44700F188056F646AB1A0DB38DC44FBA1

Function 0100B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 0100C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0100B6AE,?,?), ref: 0100C9B5
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100C9F1
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100CA68
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0100B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0100B772
RegDeleteValueW.ADVAPI32(?,?), ref: 0100B80A
RegCloseKey.ADVAPI32(?), ref: 0100B87E
RegCloseKey.ADVAPI32(?), ref: 0100B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 0100B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0100B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 0100B922
FreeLibrary.KERNEL32(00000000), ref: 0100B983
RegCloseKey.ADVAPI32(00000000), ref: 0100B994

Strings

RegDeleteKeyExW, xrefs: 0100B8FE
advapi32.dll, xrefs: 0100B8ED

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 3f25d027855534239bcfde229a6e69c0c0a43739de4a6d6445b7473dba9f8b45
Instruction ID: 5e6bcda75d8053360431c74f5f9ef3b7b8518d4f220410c976356aca4b669961
Opcode Fuzzy Hash: 3f25d027855534239bcfde229a6e69c0c0a43739de4a6d6445b7473dba9f8b45
Instruction Fuzzy Hash: 45C1A334208201AFE715DF18C495F6ABBE1FF85308F18859CF59A8B3A2CB75E945CB91

Function 0100255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 010025D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 010025E8
CreateCompatibleDC.GDI32(?), ref: 010025F4
SelectObject.GDI32(00000000,?), ref: 01002601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0100266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 010026AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 010026D0
SelectObject.GDI32(?,?), ref: 010026D8
DeleteObject.GDI32(?), ref: 010026E1
DeleteDC.GDI32(?), ref: 010026E8
ReleaseDC.USER32(00000000,?), ref: 010026F3

Strings

(, xrefs: 0100268D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 629e1ed317ae88c2751a1164b6215f716a4254d86feeffa13f5e5fb6c4421a29
Instruction ID: 534b208e1c9f9e5a062707c254040e2a1cc0273d1528e2cae380288d6d06165b
Opcode Fuzzy Hash: 629e1ed317ae88c2751a1164b6215f716a4254d86feeffa13f5e5fb6c4421a29
Instruction Fuzzy Hash: 84611375D00219EFDF15CFA8C988AAEBBF6FF48310F208529E999A7240D735A940CF50

Function 00FBDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00FBDAA1

Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD659
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD66B
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD67D
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD68F
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD6A1
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD6B3
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD6C5
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD6D7
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD6E9
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD6FB
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD70D
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD71F
Part of subcall function 00FBD63C: _free.LIBCMT ref: 00FBD731

_free.LIBCMT ref: 00FBDA96

Part of subcall function 00FB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000), ref: 00FB29DE
Part of subcall function 00FB29C8: GetLastError.KERNEL32(00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000,00000000), ref: 00FB29F0

_free.LIBCMT ref: 00FBDAB8
_free.LIBCMT ref: 00FBDACD
_free.LIBCMT ref: 00FBDAD8
_free.LIBCMT ref: 00FBDAFA
_free.LIBCMT ref: 00FBDB0D
_free.LIBCMT ref: 00FBDB1B
_free.LIBCMT ref: 00FBDB26
_free.LIBCMT ref: 00FBDB5E
_free.LIBCMT ref: 00FBDB65
_free.LIBCMT ref: 00FBDB82
_free.LIBCMT ref: 00FBDB9A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 1297d1112d4b4bb5836021c2328089dae520ee7c8e0324a76f17d72751eb40cc
Instruction ID: 5a3f97e31a81f9ea66c2bc5cfe721aca30f0235d7a6bffb968deaf7d5c95de9c
Opcode Fuzzy Hash: 1297d1112d4b4bb5836021c2328089dae520ee7c8e0324a76f17d72751eb40cc
Instruction Fuzzy Hash: F4316F31A04304AFEB65AA3ADC45BD6B7E9FF40320F158819E449D7592EF39AC40BF21

Function 00FE365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00FE369C
_wcslen.LIBCMT ref: 00FE36A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00FE3797
GetClassNameW.USER32(?,?,00000400), ref: 00FE380C
GetDlgCtrlID.USER32(?), ref: 00FE385D
GetWindowRect.USER32(?,?), ref: 00FE3882
GetParent.USER32(?), ref: 00FE38A0
ScreenToClient.USER32(00000000), ref: 00FE38A7
GetClassNameW.USER32(?,?,00000100), ref: 00FE3921
GetWindowTextW.USER32(?,?,00000400), ref: 00FE395D

Strings

%s%u, xrefs: 00FE3734

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 2982ec903e39a6e753d2b65f2092f800e8f7fd5334364d62762dcc96e6d299e8
Instruction ID: 97094c9ab3d8d7b7321479c6849247791c4068b40d01c8d12c7f0eedb6c910cd
Opcode Fuzzy Hash: 2982ec903e39a6e753d2b65f2092f800e8f7fd5334364d62762dcc96e6d299e8
Instruction Fuzzy Hash: 1191D271604346AFD718DE26C88DFAAF7A9FF44320F008629F999C3181DB34EA45DB91

Function 00FE4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00FE4994
GetWindowTextW.USER32(?,?,00000400), ref: 00FE49DA
_wcslen.LIBCMT ref: 00FE49EB
CharUpperBuffW.USER32(?,00000000), ref: 00FE49F7
_wcsstr.LIBVCRUNTIME ref: 00FE4A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00FE4A64
GetWindowTextW.USER32(?,?,00000400), ref: 00FE4A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00FE4AE6
GetClassNameW.USER32(?,?,00000400), ref: 00FE4B20
GetWindowRect.USER32(?,?), ref: 00FE4B8B

Strings

ThumbnailClass, xrefs: 00FE4A6F, 00FE4AF1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: b37cb459c5ec8dee574d1765a811644cb89b92ff186ed6fc5f9ff94cd1a85d2a
Instruction ID: 68f4c761b71173645fcc49f25cc96de06f10480305e37a1facebf5510c995bf9
Opcode Fuzzy Hash: b37cb459c5ec8dee574d1765a811644cb89b92ff186ed6fc5f9ff94cd1a85d2a
Instruction Fuzzy Hash: AE91EC714082459FDB04CE16C984FAA77E9FF88724F04846DFD859A086DB38FD45EBA1

Function 00FEBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(01051990,000000FF,00000000,00000030), ref: 00FEBFAC
SetMenuItemInfoW.USER32(01051990,00000004,00000000,00000030), ref: 00FEBFE1
Sleep.KERNEL32(000001F4), ref: 00FEBFF3
GetMenuItemCount.USER32(?), ref: 00FEC039
GetMenuItemID.USER32(?,00000000), ref: 00FEC056
GetMenuItemID.USER32(?,-00000001), ref: 00FEC082
GetMenuItemID.USER32(?,?), ref: 00FEC0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00FEC10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FEC124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FEC145

Strings

0, xrefs: 00FEBF3D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: b2703f650811c33510ae505925d882b3bfdf6259c3d9a0ab91212118a585d4d5
Instruction ID: b90a92a59696128f36356690ec8980f8525c3de9c0cc718080de8de0eae6355f
Opcode Fuzzy Hash: b2703f650811c33510ae505925d882b3bfdf6259c3d9a0ab91212118a585d4d5
Instruction Fuzzy Hash: C5619171900386AFEF21CFA5D988AEE7BB8EB05354F044055F951E3291C739AD46EBA0

Function 0100CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0100CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0100CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0100CD48

Part of subcall function 0100CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0100CCAA
Part of subcall function 0100CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0100CCBD
Part of subcall function 0100CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0100CCCF
Part of subcall function 0100CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0100CD05
Part of subcall function 0100CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0100CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 0100CCF3

Strings

RegDeleteKeyExW, xrefs: 0100CCC9
advapi32.dll, xrefs: 0100CCB8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 7a1055b64763436db63a49cd2455c82cf49b8aa016cf0d4df6ed92eb3981f654
Instruction ID: 00f9ab9cc6f9c617c7bee006524a2e6f34d84b8f41fefa5c1db95b33752fef33
Opcode Fuzzy Hash: 7a1055b64763436db63a49cd2455c82cf49b8aa016cf0d4df6ed92eb3981f654
Instruction Fuzzy Hash: 2731807194112DBBF7329A55DD88EFFBFBCEF06640F0002A9F981E2144D7389A459BA0

Function 00FF3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00FF3D40
_wcslen.LIBCMT ref: 00FF3D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00FF3D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00FF3DBE
RemoveDirectoryW.KERNEL32(?), ref: 00FF3DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00FF3E55
CloseHandle.KERNEL32(00000000), ref: 00FF3E60
CloseHandle.KERNEL32(00000000), ref: 00FF3E6B

Strings

\, xrefs: 00FF3D77
\??\%s, xrefs: 00FF3D5B
:, xrefs: 00FF3D82

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: 44b88753779ab36275034e3f213b7f6082abc475fe6314010cd9a6442c3781a5
Instruction ID: ce2797fcad75f4079a9e860833faa0e590f22c4fb7ca02785e3d631adefc20d8
Opcode Fuzzy Hash: 44b88753779ab36275034e3f213b7f6082abc475fe6314010cd9a6442c3781a5
Instruction Fuzzy Hash: 5A318EB2940219ABDB209FA0DC49FEF37BDEF89750F1040A5F649D6064EB78D7449B24

Function 00FEE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00FEE6B4

Part of subcall function 00F9E551: timeGetTime.WINMM(?,?,00FEE6D4), ref: 00F9E555

Sleep.KERNEL32(0000000A), ref: 00FEE6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00FEE705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00FEE727
SetActiveWindow.USER32 ref: 00FEE746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00FEE754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00FEE773
Sleep.KERNEL32(000000FA), ref: 00FEE77E
IsWindow.USER32 ref: 00FEE78A
EndDialog.USER32(00000000), ref: 00FEE79B

Strings

BUTTON, xrefs: 00FEE719

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 33b1333de6fcec80d3b78bb0d5bc21748c20ddc0ce9eff84c89ccf27513a7225
Instruction ID: 7bc88e7bdf2888a61490d20988f343d54dbdbeabfa4e74e87ee3bdf2b420afce
Opcode Fuzzy Hash: 33b1333de6fcec80d3b78bb0d5bc21748c20ddc0ce9eff84c89ccf27513a7225
Instruction Fuzzy Hash: 46218470240385EFFB205F21FD89B263B69FB59758B104824F49582149DB7FEC50EB25

Function 00FEE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00FEEA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00FEEA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00FEEA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00FEEA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00FEEAA7

Strings

status PlayMe mode, xrefs: 00FEEA58
close PlayMe, xrefs: 00FEEA6E, 00FEEA9B
play PlayMe wait, xrefs: 00FEEA91
play PlayMe, xrefs: 00FEEAA2
open , xrefs: 00FEEA0C
alias PlayMe, xrefs: 00FEEA36

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: 3f04bea1852c15db4c47a827d5ba551838683681a444a09892728f2bd842f7ab
Instruction ID: 340291955ae192cfc23d0b412fa13cface0d3b690d6ec6f48f5c62be894bf05f
Opcode Fuzzy Hash: 3f04bea1852c15db4c47a827d5ba551838683681a444a09892728f2bd842f7ab
Instruction Fuzzy Hash: CE11A775A502697AD720B7A3DC8ADFF7A7CEBD2F10F00043DB441A6090EEA51D05D6B0

Function 00FE9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00FEA012
SetKeyboardState.USER32(?), ref: 00FEA07D
GetAsyncKeyState.USER32(000000A0), ref: 00FEA09D
GetKeyState.USER32(000000A0), ref: 00FEA0B4
GetAsyncKeyState.USER32(000000A1), ref: 00FEA0E3
GetKeyState.USER32(000000A1), ref: 00FEA0F4
GetAsyncKeyState.USER32(00000011), ref: 00FEA120
GetKeyState.USER32(00000011), ref: 00FEA12E
GetAsyncKeyState.USER32(00000012), ref: 00FEA157
GetKeyState.USER32(00000012), ref: 00FEA165
GetAsyncKeyState.USER32(0000005B), ref: 00FEA18E
GetKeyState.USER32(0000005B), ref: 00FEA19C

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 8672cd3eec6b8aa859226370583150fceba1b011518391335962b7c45c255656
Instruction ID: 36cbc4671d61f4559de55488fbd1d5e15e505d05a2ca7bc639a4c86cb909534f
Opcode Fuzzy Hash: 8672cd3eec6b8aa859226370583150fceba1b011518391335962b7c45c255656
Instruction Fuzzy Hash: 6251D930D087C829FB35DB6288117EABFB59F12390F08859DD5C2571C2DA98BA4CDB63

Function 00FE5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00FE5CE2
GetWindowRect.USER32(00000000,?), ref: 00FE5CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00FE5D59
GetDlgItem.USER32(?,00000002), ref: 00FE5D69
GetWindowRect.USER32(00000000,?), ref: 00FE5D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00FE5DCF
GetDlgItem.USER32(?,000003E9), ref: 00FE5DDD
GetWindowRect.USER32(00000000,?), ref: 00FE5DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00FE5E31
GetDlgItem.USER32(?,000003EA), ref: 00FE5E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00FE5E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00FE5E67

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: f2b082725c6be037e8c63ec92ac1a5ae863434b29e0ddb8d1803df2e76091aeb
Instruction ID: c31e61be770c60f43b9f12d5b8fe8819034be492649f9333af9fe44b1b839697
Opcode Fuzzy Hash: f2b082725c6be037e8c63ec92ac1a5ae863434b29e0ddb8d1803df2e76091aeb
Instruction Fuzzy Hash: EB511C71A40605AFDB18CF69CE89AAEBBB5BB48714F108129F515E7294D774EE00CB50

Function 00F98BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00F98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F98BE8,?,00000000,?,?,?,?,00F98BBA,00000000,?), ref: 00F98FC5

DestroyWindow.USER32(?), ref: 00F98C81
KillTimer.USER32(00000000,?,?,?,?,00F98BBA,00000000,?), ref: 00F98D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00FD6973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00F98BBA,00000000,?), ref: 00FD69A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00F98BBA,00000000,?), ref: 00FD69B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00F98BBA,00000000), ref: 00FD69D4
DeleteObject.GDI32(00000000), ref: 00FD69E6

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: d02ee3fa33a1e8e1434488aaadd6b5643a2293c94d82eb2294677ea3c2b0db7b
Instruction ID: c421aa5a6112c97a3bdbaa3bee8f303789e7da38bdca74d19c952bd741251f65
Opcode Fuzzy Hash: d02ee3fa33a1e8e1434488aaadd6b5643a2293c94d82eb2294677ea3c2b0db7b
Instruction Fuzzy Hash: AD619F31901701DFEF359F14DA48B2677F2FB42362F144519E08297654CB7AAD82EB90

Function 00F99838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00F99944: GetWindowLongW.USER32(?,000000EB), ref: 00F99952

GetSysColor.USER32(0000000F), ref: 00F99862

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: b1d88beb78022269413847eb3d50e0052b653f87392ea03f8ed346a1a6792458
Instruction ID: b13b5e520f09c609750dd96ae8a63bc9c8460d539a89295cfa91d49152e8a81c
Opcode Fuzzy Hash: b1d88beb78022269413847eb3d50e0052b653f87392ea03f8ed346a1a6792458
Instruction Fuzzy Hash: 1D419231548640AFEF305F3C9884BB93765AB06330F59461DF9A28B2D5D77ADC81EB11

Function 00FE96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00FCF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00FE9717
LoadStringW.USER32(00000000,?,00FCF7F8,00000001), ref: 00FE9720

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00FCF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00FE9742
LoadStringW.USER32(00000000,?,00FCF7F8,00000001), ref: 00FE9745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00FE9866

Strings

Line %d:, xrefs: 00FE97A0
Line %d (File "%s"):, xrefs: 00FE978F
^ ERROR, xrefs: 00FE97FB
Error: , xrefs: 00FE981D
%s (%d) : ==> %s: %s %s, xrefs: 00FE984A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 197f320be951fbcd5bf398260c78db53b5b30f8e5d47dda2a00363e285a25449
Instruction ID: fab9620e6b8cf0b169a74b83fc2d73cde0e7a68fc9651bbb942e2ae8f3779417
Opcode Fuzzy Hash: 197f320be951fbcd5bf398260c78db53b5b30f8e5d47dda2a00363e285a25449
Instruction Fuzzy Hash: F0415D72904219AADF04FBE1CE86EEE7378AF55740F540025F601B2092EB796F49EB61

Function 00FE06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00F86B57: _wcslen.LIBCMT ref: 00F86B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00FE07A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00FE07BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00FE07DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00FE0804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00FE082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00FE0837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00FE083C

Strings

\CLSID, xrefs: 00FE0724
SOFTWARE\Classes\, xrefs: 00FE070E
\IPC$, xrefs: 00FE0784

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 863e8aeb0ba8d30abb35a5ece114de9cae4d552ebc65a20db187aa0aa34b6286
Instruction ID: 62fd45525956376235bd1da76421ffda8b236dceda0dee24efe537fbc60779dd
Opcode Fuzzy Hash: 863e8aeb0ba8d30abb35a5ece114de9cae4d552ebc65a20db187aa0aa34b6286
Instruction Fuzzy Hash: 90410472C10229ABDF25EFA4DC85CEDB778FF04750B04412AF901A7161EB78AE44DBA0

Function 01013F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0101403B
CreateCompatibleDC.GDI32(00000000), ref: 01014042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 01014055
SelectObject.GDI32(00000000,00000000), ref: 0101405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 01014068
DeleteDC.GDI32(00000000), ref: 01014072
GetWindowLongW.USER32(?,000000EC), ref: 0101407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 01014092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0101409E

Strings

static, xrefs: 01013FD3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 0fca355478d0bf1fce434f772c9012410dcc48a494c8bb00f293408540b51356
Instruction ID: bbf480aac464b6c5e9bcea68ea9780ac10da725d9a2dfc0902edf46d2b638587
Opcode Fuzzy Hash: 0fca355478d0bf1fce434f772c9012410dcc48a494c8bb00f293408540b51356
Instruction Fuzzy Hash: 20316C32141215ABEF229FA8DD08FDA3BA9FF0D324F110215FA98E6194C77ED860DB54

Function 01003C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 01003C5C
CoInitialize.OLE32(00000000), ref: 01003C8A
CoUninitialize.OLE32 ref: 01003C94
_wcslen.LIBCMT ref: 01003D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 01003DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 01003ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 01003F0E
CoGetObject.OLE32(?,00000000,0101FB98,?), ref: 01003F2D
SetErrorMode.KERNEL32(00000000), ref: 01003F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 01003FC4
VariantClear.OLEAUT32(?), ref: 01003FD8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 6103fab19a4d917cdc787a8a94f9b62cabfff884b86e276dcc0ebe2936f4004f
Instruction ID: 311d9f1fa4ab3ffda7fb34f9c26d8d0a247434f49a7e6312cab2e0c1c86cceaf
Opcode Fuzzy Hash: 6103fab19a4d917cdc787a8a94f9b62cabfff884b86e276dcc0ebe2936f4004f
Instruction Fuzzy Hash: D7C165716083059FE702EF28C88492BBBE9FF89744F04495DF98A9B291DB35ED05CB52

Function 00FF7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00FF7AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00FF7B8F
SHGetDesktopFolder.SHELL32(?), ref: 00FF7BA3
CoCreateInstance.OLE32(0101FD08,00000000,00000001,01046E6C,?), ref: 00FF7BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00FF7C74
CoTaskMemFree.OLE32(?,?), ref: 00FF7CCC
SHBrowseForFolderW.SHELL32(?), ref: 00FF7D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00FF7D7A
CoTaskMemFree.OLE32(00000000), ref: 00FF7D81
CoTaskMemFree.OLE32(00000000), ref: 00FF7DD6
CoUninitialize.OLE32 ref: 00FF7DDC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: d1a853b1fb547021451c6e51efe0235d0bae4594fed56af2c24506d61452e719
Instruction ID: 95f885880a6f131192f1fc82e1892f867f89e0e8056827f3d57d5446e3a04237
Opcode Fuzzy Hash: d1a853b1fb547021451c6e51efe0235d0bae4594fed56af2c24506d61452e719
Instruction Fuzzy Hash: 11C14B75A04209AFDB14EFA4C884DAEBBF9FF48314B148098E915DB361DB35ED41DB90

Function 0101541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 01015504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 01015515
CharNextW.USER32(00000158), ref: 01015544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 01015585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0101559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 010155AC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 093ccbb90df7b2f850c3838a433ad061aa6757603ab905113f252f65be6af5f2
Instruction ID: d1aa2155b2a9d82948006722d8bf031874007ffe285fb4999b675994545976f3
Opcode Fuzzy Hash: 093ccbb90df7b2f850c3838a433ad061aa6757603ab905113f252f65be6af5f2
Instruction Fuzzy Hash: 0C618230A40209AFEF208F54CD849FE7BB9EB4B728F004545F6A5AF294D77D9641CB61

Function 00FDFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00FDFAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00FDFB08
VariantInit.OLEAUT32(?), ref: 00FDFB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00FDFB3A
VariantCopy.OLEAUT32(?,?), ref: 00FDFB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00FDFBA1
VariantClear.OLEAUT32(?), ref: 00FDFBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00FDFBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00FDFBCC
VariantClear.OLEAUT32(?), ref: 00FDFBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00FDFBE9

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: fd5dc1e5a74c158370a51067c5d3ba68c0a1d1c1fa15b2d0c464681a7cbfa1b5
Instruction ID: f56f7d14e6b3a26255a74d8df753c097c68825d360ba5e1b9f2846be34a7ff31
Opcode Fuzzy Hash: fd5dc1e5a74c158370a51067c5d3ba68c0a1d1c1fa15b2d0c464681a7cbfa1b5
Instruction Fuzzy Hash: 5C41A135A402199FDB10DFA4D844DADBBB9FF48354F04802AE946A7351CB39E945DBA0

Function 00FE9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00FE9CA1
GetAsyncKeyState.USER32(000000A0), ref: 00FE9D22
GetKeyState.USER32(000000A0), ref: 00FE9D3D
GetAsyncKeyState.USER32(000000A1), ref: 00FE9D57
GetKeyState.USER32(000000A1), ref: 00FE9D6C
GetAsyncKeyState.USER32(00000011), ref: 00FE9D84
GetKeyState.USER32(00000011), ref: 00FE9D96
GetAsyncKeyState.USER32(00000012), ref: 00FE9DAE
GetKeyState.USER32(00000012), ref: 00FE9DC0
GetAsyncKeyState.USER32(0000005B), ref: 00FE9DD8
GetKeyState.USER32(0000005B), ref: 00FE9DEA

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 2b9e723b3ab826a4643d59b6f7236ccc366402f07d4aeac7939ba2ca92566509
Instruction ID: ff67f0f55c96325f2bed8dcb454a7a3a74e04652ce28c252292723076dd291f8
Opcode Fuzzy Hash: 2b9e723b3ab826a4643d59b6f7236ccc366402f07d4aeac7939ba2ca92566509
Instruction Fuzzy Hash: 20411830D0C7CA6DFF30966688043B5BEE16F11324F08805EDAC6562C2DBE999C8D7B2

Function 0100055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 010005BC
inet_addr.WSOCK32(?), ref: 0100061C
gethostbyname.WSOCK32(?), ref: 01000628
IcmpCreateFile.IPHLPAPI ref: 01000636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 010006C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 010006E5
IcmpCloseHandle.IPHLPAPI(?), ref: 010007B9
WSACleanup.WSOCK32 ref: 010007BF

Strings

Ping, xrefs: 01000676

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 434310704170253aac8cb845ed689ae24590c3363b765238cbc86b8a8f912108
Instruction ID: 8737fbe000a1cff9dfa2db22e3d668d8cc6dd4f2c58682b5cd4be79c4089a30f
Opcode Fuzzy Hash: 434310704170253aac8cb845ed689ae24590c3363b765238cbc86b8a8f912108
Instruction Fuzzy Hash: B391D4346042019FE321DF18C888F1ABBE0BF49358F148599F5A98B7A6C739ED45CF91

Function 01008CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 01008CF3

Part of subcall function 00FE8E54: _wcslen.LIBCMT ref: 00FE8E77

_wcslen.LIBCMT ref: 01008D4E
_wcslen.LIBCMT ref: 01008D9C
_wcslen.LIBCMT ref: 01008DDC
_wcslen.LIBCMT ref: 01008E6E

Strings

cdecl, xrefs: 01008D48, 01008D4D
winapi, xrefs: 01008D96, 01008D9B
none, xrefs: 01008E65, 01008E6A
stdcall, xrefs: 01008DD6, 01008DDB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: 851c1fbe7c9db79903a4bf1295b389c451db1f9984528de2127c70f4b447013f
Instruction ID: 0706e21af84fb241d8f492bb7e576f86886c95f56094e03f5cfb201c5dd5acfb
Opcode Fuzzy Hash: 851c1fbe7c9db79903a4bf1295b389c451db1f9984528de2127c70f4b447013f
Instruction Fuzzy Hash: BD51B071E001169BEB16EF6CC9408BEB7E5BF65320F20826AE5A6E72C5DB35DD40C790

Function 0100372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 01003774
CoUninitialize.OLE32 ref: 0100377F
CoCreateInstance.OLE32(?,00000000,00000017,0101FB78,?), ref: 010037D9
IIDFromString.OLE32(?,?), ref: 0100384C
VariantInit.OLEAUT32(?), ref: 010038E4
VariantClear.OLEAUT32(?), ref: 01003936

Strings

NULL Pointer assignment, xrefs: 0100381E
Failed to create object, xrefs: 010037E4, 0100389A
Invalid parameter, xrefs: 01003865

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 524acd89240de54ba8efdde747c769ec84ca7fef3edf3aaf5463e8402ec8eec1
Instruction ID: 6e86f2485afeb94400de06415d71a7530654892f85cf35aaf5d23fee83389a6c
Opcode Fuzzy Hash: 524acd89240de54ba8efdde747c769ec84ca7fef3edf3aaf5463e8402ec8eec1
Instruction Fuzzy Hash: D5619F70608301AFE322DF54C889B6ABBE4FF49714F04089DF9C59B291D774EA48CB92

Function 00FF3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00FF33CF

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00FF33F0

Strings

Line %d (File "%s"):, xrefs: 00FF3443, 00FF345C
"%s" (%d) : ==> %s:, xrefs: 00FF3522
Error: , xrefs: 00FF34D1
Incorrect parameters to object property !, xrefs: 00FF34AB
"%s" (%d) : ==> %s:%s%s, xrefs: 00FF3504
^ ERROR , xrefs: 00FF349E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 19c0de8c5d8a634f041702574de0883400b02a3995a31f6632f7083d94eb7b14
Instruction ID: 55e688fc15b736617a227843bbe651d9d4734a0f55bfeb37aaccccf79695936f
Opcode Fuzzy Hash: 19c0de8c5d8a634f041702574de0883400b02a3995a31f6632f7083d94eb7b14
Instruction Fuzzy Hash: 09518C7290420AAADF14FBA0CD46EFEB379AF05740F144065F50572062EB7A6F58EB60

Function 00FEB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00FEB5FC
_wcslen.LIBCMT ref: 00FEB608
_wcslen.LIBCMT ref: 00FEB64D
_wcslen.LIBCMT ref: 00FEB68C
_wcslen.LIBCMT ref: 00FEB6C7

Strings

APPEND, xrefs: 00FEB6C1, 00FEB6C6
REMOVE, xrefs: 00FEB602, 00FEB607
KEYS, xrefs: 00FEB647, 00FEB64C
EXISTS, xrefs: 00FEB686, 00FEB68B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: beb1e5a22710fba0227b721ba0acac3606a945b90aaf528cc4e99d877cd405a1
Instruction ID: 9fef4ce31d31c3d55f0ff9afa9adc9e35e5a4a8307c866e5b66ea327804e1811
Opcode Fuzzy Hash: beb1e5a22710fba0227b721ba0acac3606a945b90aaf528cc4e99d877cd405a1
Instruction Fuzzy Hash: E541D372E000669BCB20AF7ECC905BFB7A5BBA1764B244169E461DB284F735CD81E790

Function 00FF5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00FF53A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00FF5416
GetLastError.KERNEL32 ref: 00FF5420
SetErrorMode.KERNEL32(00000000,READY), ref: 00FF54A7

Strings

READONLY, xrefs: 00FF5452
INVALID, xrefs: 00FF5459
READY, xrefs: 00FF5460, 00FF5468
NOTREADY, xrefs: 00FF544B
UNKNOWN, xrefs: 00FF5444

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 4acfac28f76718976e02937bd41681fa7654c176f3b1af622c1823b41cb950f9
Instruction ID: 7393efbb1e7517737d0279cd90fe7057bc996b4e88f27434c20e2b3234e40b9c
Opcode Fuzzy Hash: 4acfac28f76718976e02937bd41681fa7654c176f3b1af622c1823b41cb950f9
Instruction Fuzzy Hash: A831F375E002099FD710DF68C494BB9BBB4FF05715F148059E601CB262D776DD82DBA0

Function 01013C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 01013C79
SetMenu.USER32(?,00000000), ref: 01013C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 01013D10
IsMenu.USER32(?), ref: 01013D24
CreatePopupMenu.USER32 ref: 01013D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 01013D5B
DrawMenuBar.USER32 ref: 01013D63

Strings

F, xrefs: 01013D4E
0, xrefs: 01013C54

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 2ad7545dc8848fb5cf3d6f725653c12bf3c0074849e6353201a6e3ba21bba712
Instruction ID: a219b7c6fc178c1029e47526fa865b2e55e5490bc116fc6371457917f95e0b90
Opcode Fuzzy Hash: 2ad7545dc8848fb5cf3d6f725653c12bf3c0074849e6353201a6e3ba21bba712
Instruction Fuzzy Hash: E2418C78A01209AFEB24DF64E844B9A7BF5FF49314F040068EA869B354D739E910CB50

Function 00FE1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 00FE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FE3CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00FE1F64
GetDlgCtrlID.USER32 ref: 00FE1F6F
GetParent.USER32 ref: 00FE1F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00FE1F8E
GetDlgCtrlID.USER32(?), ref: 00FE1F97
GetParent.USER32(?), ref: 00FE1FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00FE1FAE

Strings

ListBox, xrefs: 00FE1F21
ComboBox, xrefs: 00FE1EEC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 21d0d7b5d1deb50c62a65f0ee7ab09c0a876fe9658f781358175a3ee027cf68d
Instruction ID: eb7992d4d688960500a66a5c75f6ebe2010dbee60fe680a97418cb37e0dd464b
Opcode Fuzzy Hash: 21d0d7b5d1deb50c62a65f0ee7ab09c0a876fe9658f781358175a3ee027cf68d
Instruction Fuzzy Hash: 5521D370900214BFDF10AFA1CC84DFEBBB4AF09310B100515B99167291DB7D9904EBA0

Function 00FE1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 00FE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FE3CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00FE2043
GetDlgCtrlID.USER32 ref: 00FE204E
GetParent.USER32 ref: 00FE206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00FE206D
GetDlgCtrlID.USER32(?), ref: 00FE2076
GetParent.USER32(?), ref: 00FE208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00FE208D

Strings

ListBox, xrefs: 00FE2002
ComboBox, xrefs: 00FE1FCD

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: a6380624cbe6674e4ec7d2bae1bbb0117d2878dc39d9b559b0179c49a5a8f238
Instruction ID: a058cf244e5033e408011e4adeef022aa52246af98c6d14b6356e0f28c2c0f86
Opcode Fuzzy Hash: a6380624cbe6674e4ec7d2bae1bbb0117d2878dc39d9b559b0179c49a5a8f238
Instruction Fuzzy Hash: BC21CFB1E40214BFDF11AFA1CC89EFEBBB8AF09300F100415B991A7195DA7E9914EB60

Function 01013A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 01013A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 01013AA0
GetWindowLongW.USER32(?,000000F0), ref: 01013AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 01013AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 01013B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 01013BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 01013BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 01013BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 01013BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 01013C13

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 5768ee14e6017f81fbc666ba851e825a4c419c90be0bc7dcaa585833887be2a7
Instruction ID: f428a67a2796901af71dbf4c97eb73577a1f4a90e4ee5fc8b8a0443c8f81aba3
Opcode Fuzzy Hash: 5768ee14e6017f81fbc666ba851e825a4c419c90be0bc7dcaa585833887be2a7
Instruction Fuzzy Hash: 82617975A00248AFEB20DFA8CC81EEE77F8FB09714F100199FA55AB291D778AD41DB50

Function 00FEB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00FEB151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00FEA1E1,?,00000001), ref: 00FEB165
GetWindowThreadProcessId.USER32(00000000), ref: 00FEB16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00FEA1E1,?,00000001), ref: 00FEB17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00FEB18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00FEA1E1,?,00000001), ref: 00FEB1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00FEA1E1,?,00000001), ref: 00FEB1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00FEA1E1,?,00000001), ref: 00FEB1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00FEA1E1,?,00000001), ref: 00FEB212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00FEA1E1,?,00000001), ref: 00FEB21D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 60718285dd89462f508aed84ab3f3bf79d1c88a5f9a9939ad580cc6371fb616c
Instruction ID: 8d9614efa8a2b3866af3360a8b328a870e5ad17bdd0fcc0279ff11f13a98a938
Opcode Fuzzy Hash: 60718285dd89462f508aed84ab3f3bf79d1c88a5f9a9939ad580cc6371fb616c
Instruction Fuzzy Hash: E731EC75940304BFEB269F25D958B6F7BA9BF543A1F10440AFA80CA184D7BEE8009F64

Function 00FB2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00FB2C94

Part of subcall function 00FB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000), ref: 00FB29DE
Part of subcall function 00FB29C8: GetLastError.KERNEL32(00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000,00000000), ref: 00FB29F0

_free.LIBCMT ref: 00FB2CA0
_free.LIBCMT ref: 00FB2CAB
_free.LIBCMT ref: 00FB2CB6
_free.LIBCMT ref: 00FB2CC1
_free.LIBCMT ref: 00FB2CCC
_free.LIBCMT ref: 00FB2CD7
_free.LIBCMT ref: 00FB2CE2
_free.LIBCMT ref: 00FB2CED
_free.LIBCMT ref: 00FB2CFB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9eddbdd3f383a0b69ff7702ba66dce75b4b0f6e8dec44f5e35cf8cd3d6034244
Instruction ID: 7a8fad9da8aa41ae03b9bb1bb3a9fd26d51390f30233351358c8970358e3fafd
Opcode Fuzzy Hash: 9eddbdd3f383a0b69ff7702ba66dce75b4b0f6e8dec44f5e35cf8cd3d6034244
Instruction Fuzzy Hash: 89119476500108BFCB42EF5ADC42CDD3BB5BF05350F4148A5F9485B622DA35EA50AF90

Function 00FF7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00FF7FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00FF7FC1
GetFileAttributesW.KERNEL32(?), ref: 00FF7FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00FF8005
SetCurrentDirectoryW.KERNEL32(?), ref: 00FF8017
SetCurrentDirectoryW.KERNEL32(?), ref: 00FF8060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00FF80B0

Strings

*.*, xrefs: 00FF8066

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 789361ab6c3692e2a9ec3abdf51a2d4e55dbf57d696f2ac8e83da9023c2116e2
Instruction ID: fe04a308d052a5c2abb6278d21c5f79a656ca28c8a013b228fb50493a167b642
Opcode Fuzzy Hash: 789361ab6c3692e2a9ec3abdf51a2d4e55dbf57d696f2ac8e83da9023c2116e2
Instruction Fuzzy Hash: BA81D2729083499BCB20EF14C844ABEF3D8BF84320F54485EF685C7260EB79DD45AB92

Function 00F85BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00F85C7A

Part of subcall function 00F85D0A: GetClientRect.USER32(?,?), ref: 00F85D30
Part of subcall function 00F85D0A: GetWindowRect.USER32(?,?), ref: 00F85D71
Part of subcall function 00F85D0A: ScreenToClient.USER32(?,?), ref: 00F85D99

GetDC.USER32 ref: 00FC46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00FC4708
SelectObject.GDI32(00000000,00000000), ref: 00FC4716
SelectObject.GDI32(00000000,00000000), ref: 00FC472B
ReleaseDC.USER32(?,00000000), ref: 00FC4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00FC47C4

Strings

U, xrefs: 00FC4693

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 7816ed9635aa0efcb23feaf4db16405a84b18bc64e8418e7219d6a8aab6da515
Instruction ID: e7631172e589179ca93cf7783f97771c3b3fd6b06e097b858cdb32ef8980def2
Opcode Fuzzy Hash: 7816ed9635aa0efcb23feaf4db16405a84b18bc64e8418e7219d6a8aab6da515
Instruction Fuzzy Hash: AB71DF31800206DFCF219F64CA96FEA7BB1FF4A324F144269ED955A299C335A841FF50

Function 00FF359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00FF35E4

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

LoadStringW.USER32(01052390,?,00000FFF,?), ref: 00FF360A

Strings

Line %d (File "%s"):, xrefs: 00FF366B
"%s" (%d) : ==> %s:, xrefs: 00FF3742
^ ERROR, xrefs: 00FF36C9
Error: , xrefs: 00FF36EF
"%s" (%d) : ==> %s:%s%s, xrefs: 00FF3724

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: fd6d7c801248502b4d695caf18e166f01d91da94b94950f69c53178132d23a4a
Instruction ID: f76ece2e5bc963907b4d8f268d850e84df022e645c2d5eea645aa32c455a45d1
Opcode Fuzzy Hash: fd6d7c801248502b4d695caf18e166f01d91da94b94950f69c53178132d23a4a
Instruction Fuzzy Hash: 9A514C7290421ABADF14FBA0CC42EFEBB79AF05700F144125F20572162EB795B99EB60

Function 00FFC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00FFC272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00FFC29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00FFC2CA
GetLastError.KERNEL32 ref: 00FFC322
SetEvent.KERNEL32(?), ref: 00FFC336
InternetCloseHandle.WININET(00000000), ref: 00FFC341

Strings

, xrefs: 00FFC2BB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 9b31709cc5014fb42a19a52056d01f4a6b880669656ba69ecb14d53f5dfdf1f1
Instruction ID: aa3f842dfb61bbe64ee8d327f2793f87cf8675ec633c4b2c8e9c742fefd933a6
Opcode Fuzzy Hash: 9b31709cc5014fb42a19a52056d01f4a6b880669656ba69ecb14d53f5dfdf1f1
Instruction Fuzzy Hash: 413193B190021CAFD7219F648A84ABB7BFCEF45794B14451DF586D2210DB39DD04ABA1

Function 00FE989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00FC3AAF,?,?,Bad directive syntax error,0101CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00FE98BC
LoadStringW.USER32(00000000,?,00FC3AAF,?), ref: 00FE98C3

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00FE9987

Strings

Line %d:, xrefs: 00FE9912
Error: , xrefs: 00FE9955
Line %d (File "%s"):, xrefs: 00FE992D
., xrefs: 00FE996D
%s (%d) : ==> %s.: %s %s, xrefs: 00FE98F1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 606a77162018af50c5e167413fff93ebe0fa88da1694bc16130464a761eb20be
Instruction ID: fabd153227fb355569d0fbd7c5790896765ed6f3bdc3666259fa285631734463
Opcode Fuzzy Hash: 606a77162018af50c5e167413fff93ebe0fa88da1694bc16130464a761eb20be
Instruction Fuzzy Hash: 6A219F32D4421ABBDF15AF90CC46EFE7735FF19700F044429F51566062EBBA9A28EB20

Function 00FE209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00FE20AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00FE20C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00FE214D

Strings

list, xrefs: 00FE212F
largeicons, xrefs: 00FE20E1
details, xrefs: 00FE20FB
smallicons, xrefs: 00FE2115
SHELLDLL_DefView, xrefs: 00FE20CC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 5c264e9b2e74c99b130c46e398e78ee2f175a64c3aaac23188eec686938d8006
Instruction ID: a27339506a58de74f9271932ffbf2c586267b8ba1ef34c1049f26f2a575fc761
Opcode Fuzzy Hash: 5c264e9b2e74c99b130c46e398e78ee2f175a64c3aaac23188eec686938d8006
Instruction Fuzzy Hash: 18112CB76C8306BBF6112622DC07DA6379CCB05734B20002AFB44A90A1FEBDB9017A54

Function 00FB8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e596205f5be8777205fe0569edbbd180514a447bc16eddbcbe6d055f23175a53
Instruction ID: 9a968a54893b19f5e51b71d4f2dc3687bf7b534f3c1738d58a63b15ce7e16cdf
Opcode Fuzzy Hash: e596205f5be8777205fe0569edbbd180514a447bc16eddbcbe6d055f23175a53
Instruction Fuzzy Hash: B5C11575D08249AFDB11EFEAD840BEDBBB4AF49360F144059F554AB382C7798942EF20

Function 00FBCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00FBCEB7
_free.LIBCMT ref: 00FBCF22
_free.LIBCMT ref: 00FBCF48
_free.LIBCMT ref: 00FBCF71
_free.LIBCMT ref: 00FBCFA9
_free.LIBCMT ref: 00FBCFDA
_free.LIBCMT ref: 00FBD01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00FBD09C
_free.LIBCMT ref: 00FBD0B5

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 8d03942632c60b2c08e59c3c71cd5868cf3a863ca05f872d90266cd68e11447a
Instruction ID: 69e3681aa3da32466b000123c6907e1faed79ef3fcb34eac5efd2670824c3fc2
Opcode Fuzzy Hash: 8d03942632c60b2c08e59c3c71cd5868cf3a863ca05f872d90266cd68e11447a
Instruction Fuzzy Hash: DB612671D04301ABDB21BF769881AFF7BA5AF05760F0441ADF9449B245E73A9900BFB1

Function 010150D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 01015186
ShowWindow.USER32(?,00000000), ref: 010151C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 010151CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 010151D1

Part of subcall function 01016FBA: DeleteObject.GDI32(00000000), ref: 01016FE6

GetWindowLongW.USER32(?,000000F0), ref: 0101520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 0101521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0101524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 01015287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 01015296

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 683cf9397c5a90abd0462cfb75eac7f7eacf636b43a1c0b49ee9cc70531fdf09
Instruction ID: 51105c614ea80d28a96f299059d36b893a239b27ceadfa23feda764689bb1aac
Opcode Fuzzy Hash: 683cf9397c5a90abd0462cfb75eac7f7eacf636b43a1c0b49ee9cc70531fdf09
Instruction Fuzzy Hash: 3651C231A90209BEFF319E28CC49BD93BA1FB87321F144051F6949E2D8D7BEA580CB41

Function 00F98B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00FD6890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00FD68A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00FD68B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00FD68D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00FD68F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F98874,00000000,00000000,00000000,000000FF,00000000), ref: 00FD6901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00FD691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F98874,00000000,00000000,00000000,000000FF,00000000), ref: 00FD692D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 08d25eb4d0c98196bf262d1c6e786edde4c5f2fe6bf61b86765ce64d4c87722d
Instruction ID: 00e78c198f4069eea803932d362044cb7147fb759eb3db34e7acbd321126fb43
Opcode Fuzzy Hash: 08d25eb4d0c98196bf262d1c6e786edde4c5f2fe6bf61b86765ce64d4c87722d
Instruction Fuzzy Hash: 0C517A70A40205AFEF20CF24CC55BAA7BB6EF88760F144519F942D7290DB79E991EB50

Function 00FFC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00FFC182
GetLastError.KERNEL32 ref: 00FFC195
SetEvent.KERNEL32(?), ref: 00FFC1A9

Part of subcall function 00FFC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00FFC272
Part of subcall function 00FFC253: GetLastError.KERNEL32 ref: 00FFC322
Part of subcall function 00FFC253: SetEvent.KERNEL32(?), ref: 00FFC336
Part of subcall function 00FFC253: InternetCloseHandle.WININET(00000000), ref: 00FFC341

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: 849bf0e71813504ec0012e1ac87c769b0acdbe37dc787c0c8bf2b77a8a423ffd
Instruction ID: b6ed5a954f2a727e0179793b2040224db47815b9dcda91562baba5c7ef6ce5ce
Opcode Fuzzy Hash: 849bf0e71813504ec0012e1ac87c769b0acdbe37dc787c0c8bf2b77a8a423ffd
Instruction Fuzzy Hash: 8031B27154061DAFEB219FE5DE44AB6BBF8FF18310B00441DFA9683624C739E914EBA0

Function 00FE25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00FE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00FE3A57
Part of subcall function 00FE3A3D: GetCurrentThreadId.KERNEL32 ref: 00FE3A5E
Part of subcall function 00FE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00FE25B3), ref: 00FE3A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00FE25BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00FE25DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00FE25DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00FE25E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00FE2601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00FE2605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00FE260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00FE2623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00FE2627

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: a207ce51d61051a27ece31067a6656663f4e148eefd25c64b3c497ea6a423993
Instruction ID: 6fd251cd73213edd5ae5469f29c04e3dc7d6c98a67bbcd7c61af7b3da8ab6386
Opcode Fuzzy Hash: a207ce51d61051a27ece31067a6656663f4e148eefd25c64b3c497ea6a423993
Instruction Fuzzy Hash: B501D4313D0354BBFB2067699C8EF593F99DB4EB12F100011F358AF0C4C9FA64449A69

Function 00FE1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00FE1449,?,?,00000000), ref: 00FE180C
HeapAlloc.KERNEL32(00000000,?,00FE1449,?,?,00000000), ref: 00FE1813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00FE1449,?,?,00000000), ref: 00FE1828
GetCurrentProcess.KERNEL32(?,00000000,?,00FE1449,?,?,00000000), ref: 00FE1830
DuplicateHandle.KERNEL32(00000000,?,00FE1449,?,?,00000000), ref: 00FE1833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00FE1449,?,?,00000000), ref: 00FE1843
GetCurrentProcess.KERNEL32(00FE1449,00000000,?,00FE1449,?,?,00000000), ref: 00FE184B
DuplicateHandle.KERNEL32(00000000,?,00FE1449,?,?,00000000), ref: 00FE184E
CreateThread.KERNEL32(00000000,00000000,00FE1874,00000000,00000000,00000000), ref: 00FE1868

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: c05d5bb1b9d2aacfd95520cf5897f8b7684078d6a3ba4aa090c248bf0ce40a85
Instruction ID: 565c5dbb2ebe48893c24f9b29ae41f40fbeeed81e31f10005910dd226eaa9fad
Opcode Fuzzy Hash: c05d5bb1b9d2aacfd95520cf5897f8b7684078d6a3ba4aa090c248bf0ce40a85
Instruction Fuzzy Hash: 3C01ACB52C0344BFF720AB65DD49F577B6CEB89B11F004411FA45DB195C679D8008B20

Function 0100A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00FED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00FED501
Part of subcall function 00FED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00FED50F
Part of subcall function 00FED4DC: CloseHandle.KERNEL32(00000000), ref: 00FED5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0100A16D
GetLastError.KERNEL32 ref: 0100A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0100A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 0100A268
GetLastError.KERNEL32(00000000), ref: 0100A273
CloseHandle.KERNEL32(00000000), ref: 0100A2C4

Strings

SeDebugPrivilege, xrefs: 0100A18F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: bd7287181bbe092ad824882783d4d925ca72953ca5353d1dcc630dd77e10e97d
Instruction ID: 42cf444844555166a58d89d79c2ea18712b98d4aecf0387d5ee15e99a41dc7e8
Opcode Fuzzy Hash: bd7287181bbe092ad824882783d4d925ca72953ca5353d1dcc630dd77e10e97d
Instruction Fuzzy Hash: 8F618C70204342EFE721DF19C894F5ABBE1AF44318F18849CE5A68B793C77AE945CB91

Function 01013886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 01013925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0101393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 01013954
_wcslen.LIBCMT ref: 01013999
SendMessageW.USER32(?,00001057,00000000,?), ref: 010139C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 010139F4

Strings

SysListView32, xrefs: 010138F7

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 1cf3cb26b27098f5fdd11624c87b9854ac4874141dc5e1c0b97d8f33b4d1f599
Instruction ID: d9a1ce5c8efc34ce56b8bb5f5a4337697bddfb44266b58ac638a4920d0a9f4de
Opcode Fuzzy Hash: 1cf3cb26b27098f5fdd11624c87b9854ac4874141dc5e1c0b97d8f33b4d1f599
Instruction Fuzzy Hash: 3C41C771A00319ABEF219F64CC45FEA7BA9FF08364F100566F984EB285D379D940CB90

Function 00FEBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FEBCFD
IsMenu.USER32(00000000), ref: 00FEBD1D
CreatePopupMenu.USER32 ref: 00FEBD53
GetMenuItemCount.USER32(01285468), ref: 00FEBDA4
InsertMenuItemW.USER32(01285468,?,00000001,00000030), ref: 00FEBDCC

Strings

0, xrefs: 00FEBCA8
2, xrefs: 00FEBD37

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 024c0a7cd08c09a49365a10a8483920fd53983283c2c665cc02001415dd9e0f5
Instruction ID: 26fcb839b3e9dbee4bf8073a12411fdd70e01c5945c50f3f50a72846fe071307
Opcode Fuzzy Hash: 024c0a7cd08c09a49365a10a8483920fd53983283c2c665cc02001415dd9e0f5
Instruction Fuzzy Hash: DA51AD70A002899BDF30CFAADD88BAFBBF8BF45324F244229E451D7290D7749941DB61

Function 00FEC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00FEC913

Strings

question, xrefs: 00FEC8CC
blank, xrefs: 00FEC895
stop, xrefs: 00FEC8E4
warning, xrefs: 00FEC8FC
info, xrefs: 00FEC8B4

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 7f442f3dabe765981581c465b429abf3507384ab47e528f5235cb7d255288abd
Instruction ID: 9fe6ea47583b57d69de57bf17f320e9f7413761f58c572bbbd8c68d324a91875
Opcode Fuzzy Hash: 7f442f3dabe765981581c465b429abf3507384ab47e528f5235cb7d255288abd
Instruction Fuzzy Hash: D311EE72A89346BBE7019B569C82D9E7B9CDF16764B10003FF500A6183F7BD6E0172A4

Function 00FEDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00FEDE42
gethostname.WSOCK32(?,00000100), ref: 00FEDE5C
gethostbyname.WSOCK32(?), ref: 00FEDE69
inet_ntoa.WSOCK32(?), ref: 00FEDEAB
_strcat.LIBCMT ref: 00FEDEB9
WSACleanup.WSOCK32 ref: 00FEDEDE

Strings

0.0.0.0, xrefs: 00FEDE87

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 51250c4808f797e450d784784e42110c834dcc9c1763beb44c18332b3f6d4abc
Instruction ID: 4776b13fe322083509622bceff7254673d0a46400acfd5c1e20367745f382aa8
Opcode Fuzzy Hash: 51250c4808f797e450d784784e42110c834dcc9c1763beb44c18332b3f6d4abc
Instruction Fuzzy Hash: B7110671904114AFDB30AB61DC4AEEF77ACDF55720F040169F4459A081EFBADA81A760

Function 01019F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F99BB2

GetSystemMetrics.USER32(0000000F), ref: 01019FC7
GetSystemMetrics.USER32(0000000F), ref: 01019FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0101A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0101A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0101A263
ShowWindow.USER32(00000003,00000000), ref: 0101A282
InvalidateRect.USER32(?,00000000,00000001), ref: 0101A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 0101A2CA

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 12716390b3feb6475240faeee130c8755362b621caa1d169ab499973c0b14028
Instruction ID: d9a79675359e80c41ab3cf3150799b0d4bd5216931cf8cff8824997d8107df1c
Opcode Fuzzy Hash: 12716390b3feb6475240faeee130c8755362b621caa1d169ab499973c0b14028
Instruction Fuzzy Hash: 1BB18A31601265DBEF25CF6CC9857EE7BF2BF44741F0880A9ED859B289D739A940CB50

Function 00FEED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00FEED2A
_wcslen.LIBCMT ref: 00FEED3B
_wcslen.LIBCMT ref: 00FEED79
_wcslen.LIBCMT ref: 00FEEDAF
_wcslen.LIBCMT ref: 00FEEDDF
_wcslen.LIBCMT ref: 00FEEDEF
_wcslen.LIBCMT ref: 00FEEE2B
_wcslen.LIBCMT ref: 00FEEE5A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: 9e02b26a5838a8818930edea1380b08b8a896cee5096c63d0dacd5e9903cfe4a
Instruction ID: a1bbd64f84fe2b789ec86837c129ebd1d96920799d73431bb054b296e6fd7d41
Opcode Fuzzy Hash: 9e02b26a5838a8818930edea1380b08b8a896cee5096c63d0dacd5e9903cfe4a
Instruction Fuzzy Hash: 5341A3A5C10258B6CB11EBF5CC8AACFB7ACAF46710F508466E518E3121FB38E255D3A5

Function 00F9F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00FD682C,00000004,00000000,00000000), ref: 00F9F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00FD682C,00000004,00000000,00000000), ref: 00FDF3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00FD682C,00000004,00000000,00000000), ref: 00FDF454

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: c74c6aa048a78961ac50c6bc127af76e06a779b4a51bf888e889e482f0aee2ee
Instruction ID: ad71384b907a7bc7bfae206b56dba8be23a30417b78295feab57f7e20c2411b6
Opcode Fuzzy Hash: c74c6aa048a78961ac50c6bc127af76e06a779b4a51bf888e889e482f0aee2ee
Instruction Fuzzy Hash: C9411D31E14640BAFF399B29CD88B2A7B926B57334F18443DE087D6654C67A9488F711

Function 01012D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 01012D1B
GetDC.USER32(00000000), ref: 01012D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 01012D2E
ReleaseDC.USER32(00000000,00000000), ref: 01012D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 01012D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 01012D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,01015A65,?,?,000000FF,00000000,?,000000FF,?), ref: 01012DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 01012DE1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: b8e2c63d83de78219bc9941336956f90b8d91460f665a3577b8f0b0aab17e437
Instruction ID: e4f7b604c49162e2424b3b58bac832198b6a868ea2a162272eaf5dc73623e3de
Opcode Fuzzy Hash: b8e2c63d83de78219bc9941336956f90b8d91460f665a3577b8f0b0aab17e437
Instruction Fuzzy Hash: 2A317C72241214BFFB258F54CD89FEB3FA9FF0A715F044055FE889A285C67A9850C7A4

Function 00FE5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00FE5637
_memcmp.LIBVCRUNTIME ref: 00FE5659
_memcmp.LIBVCRUNTIME ref: 00FE5671
_memcmp.LIBVCRUNTIME ref: 00FE5684
_memcmp.LIBVCRUNTIME ref: 00FE569E
_memcmp.LIBVCRUNTIME ref: 00FE56B1
_memcmp.LIBVCRUNTIME ref: 00FE56C9
_memcmp.LIBVCRUNTIME ref: 00FE56E4

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 1f64853269f0ae099cfdbc61e99e666ae83bb841606628cca23975550748f894
Instruction ID: 8ba7a1f9ea72b31ea2fd0ce07198df4915a0e62885414090738ebf84c5a79d80
Opcode Fuzzy Hash: 1f64853269f0ae099cfdbc61e99e666ae83bb841606628cca23975550748f894
Instruction Fuzzy Hash: 2C21D7A6A40A4A7BD6149A234E92FFB335CBF21B9CF440024FD049E541F768ED14B5E5

Function 01004FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 0100502E, 01005383
Not an Object type, xrefs: 01005007

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: e84a0f0e197744158bb943cb58d07ad50179867f5b7eefb67c54f0ed5436c223
Instruction ID: f8e91fa5edc81f2c337474db4607ceafe9fefe0074bb614021c6503c6e185c60
Opcode Fuzzy Hash: e84a0f0e197744158bb943cb58d07ad50179867f5b7eefb67c54f0ed5436c223
Instruction Fuzzy Hash: 5DD19275A0020AAFEF11CF98CC81AAEBBF5BF48314F148469E955AB281E771D945CF50

Function 00FC1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00FC15CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00FC1651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FC16E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00FC16FB

Part of subcall function 00FB3820: RtlAllocateHeap.NTDLL(00000000,?,01051444,?,00F9FDF5,?,?,00F8A976,00000010,01051440,00F813FC,?,00F813C6,?,00F81129), ref: 00FB3852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FC1777
__freea.LIBCMT ref: 00FC17A2
__freea.LIBCMT ref: 00FC17AE

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 531d746aa7e13cf67d362bf2f3eff9e10bfc86b9793e4c65a48dac9178e3717c
Instruction ID: 1a6699fa52b5fb9419becbb8929b5e4ed8463b02dd2ded73593ad7db3ba0d0d6
Opcode Fuzzy Hash: 531d746aa7e13cf67d362bf2f3eff9e10bfc86b9793e4c65a48dac9178e3717c
Instruction Fuzzy Hash: 85919372E102179ADF208E64CE52FEE7BB5BF4A320F18465DE801E7142D739DD54AB60

Function 01004523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 01004648
VariantInit.OLEAUT32(?), ref: 01004749
VariantClear.OLEAUT32(?), ref: 01004753
VariantClear.OLEAUT32(?), ref: 010047B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 010045D8, 01004706, 010047BE
Incorrect Object type in FOR..IN loop, xrefs: 0100472C

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 70010a44d20e93053b5437ca9ad76eb3745046f2a525c8b885230eec1a1c6356
Instruction ID: c9be816d3b583064979350dafccdd8a9b34297f5552af7dce0ae967e09556081
Opcode Fuzzy Hash: 70010a44d20e93053b5437ca9ad76eb3745046f2a525c8b885230eec1a1c6356
Instruction Fuzzy Hash: 37917D71A00219ABEF21CFA5CC84FAEBBB8FF45710F008559E645EB281D7749945CBA4

Function 00FF1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00FF125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00FF1284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00FF12A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FF12D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FF135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FF13C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FF1430

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 46efa6d7b26b9bce49827b7a868ef5ffbc561d843a782aae3f849759e4f887ed
Instruction ID: c8a62c15935256793120ef1e47cf8d7ab3ba6eac8bbb98efcaba36b77b76ccf1
Opcode Fuzzy Hash: 46efa6d7b26b9bce49827b7a868ef5ffbc561d843a782aae3f849759e4f887ed
Instruction Fuzzy Hash: 9C91C172A0020DDFEB10DF94C884BBEB7B5FF45325F104029EA50EB2A1D779A945EB90

Function 00F9948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 246edf115eb30d9c03844d7debe2e4058bc935acf818b655739dd4e2ca677e16
Instruction ID: 06958a7c2879619e99ef68bc3876f340c29fc9d51776822677b7ec810e64f24e
Opcode Fuzzy Hash: 246edf115eb30d9c03844d7debe2e4058bc935acf818b655739dd4e2ca677e16
Instruction Fuzzy Hash: B1917771D04209AFDF11CFA9CC84AEEBBB9FF49320F19804AE501B7251D378AA41DB60

Function 01003947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0100396B
CharUpperBuffW.USER32(?,?), ref: 01003A7A
_wcslen.LIBCMT ref: 01003A8A
VariantClear.OLEAUT32(?), ref: 01003C1F

Part of subcall function 00FF0CDF: VariantInit.OLEAUT32(00000000), ref: 00FF0D1F
Part of subcall function 00FF0CDF: VariantCopy.OLEAUT32(?,?), ref: 00FF0D28
Part of subcall function 00FF0CDF: VariantClear.OLEAUT32(?), ref: 00FF0D34

Strings

AUTOIT.ERROR, xrefs: 01003A80, 01003A85
Incorrect Parameter format, xrefs: 010039A6, 01003BA1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: a0da2750921b0796ee4232276cb55eb0eefcec235526ba6c0f32f212a2402655
Instruction ID: 917e066a5ec5f6c7e956fb2573714cd39cafba11a4fad2d8b5472b34f8b67435
Opcode Fuzzy Hash: a0da2750921b0796ee4232276cb55eb0eefcec235526ba6c0f32f212a2402655
Instruction Fuzzy Hash: E9917C74A083059FD705EF28C48096AB7E4FF89314F14886DF9899B391DB35ED45CB92

Function 01004BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00FE000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?,?,?,00FE035E), ref: 00FE002B
Part of subcall function 00FE000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?,?), ref: 00FE0046
Part of subcall function 00FE000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?,?), ref: 00FE0054
Part of subcall function 00FE000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?), ref: 00FE0064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 01004C51
_wcslen.LIBCMT ref: 01004D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 01004DCF
CoTaskMemFree.OLE32(?), ref: 01004DDA

Strings

NULL Pointer assignment, xrefs: 01004E23, 01004E52

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 41c8f9727cd8be3c4ab94fb613b0757813a01ee7e53da5417418c66201ffe3ad
Instruction ID: 7bbfeb5fc9e094865e3bafa25d6a0224db43de1fbb8ca0b08e7281191845a8b7
Opcode Fuzzy Hash: 41c8f9727cd8be3c4ab94fb613b0757813a01ee7e53da5417418c66201ffe3ad
Instruction Fuzzy Hash: 06911971D0021D9FEF15EFA4CC91AEDB7B8BF08314F10416AEA55A7291DB749A44CF60

Function 010120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 01012183
GetMenuItemCount.USER32(00000000), ref: 010121B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 010121DD
_wcslen.LIBCMT ref: 01012213
GetMenuItemID.USER32(?,?), ref: 0101224D
GetSubMenu.USER32(?,?), ref: 0101225B

Part of subcall function 00FE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00FE3A57
Part of subcall function 00FE3A3D: GetCurrentThreadId.KERNEL32 ref: 00FE3A5E
Part of subcall function 00FE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00FE25B3), ref: 00FE3A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 010122E3

Part of subcall function 00FEE97B: Sleep.KERNEL32 ref: 00FEE9F3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: aecdfed66a8f7771a7ff1c11cbad69dcf72c25edda5e290da0300361d42b3032
Instruction ID: 36917dbabe965ca467eeb1ba4e8f4b1f5d2239203083f93179a267a09d92c292
Opcode Fuzzy Hash: aecdfed66a8f7771a7ff1c11cbad69dcf72c25edda5e290da0300361d42b3032
Instruction Fuzzy Hash: F6718375E00205AFDB10EF68C845AEEBBF5FF48310F248499E956EB345D739E9418BA0

Function 01017E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01285580), ref: 01017F37
IsWindowEnabled.USER32(01285580), ref: 01017F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0101801E
SendMessageW.USER32(01285580,000000B0,?,?), ref: 01018051
IsDlgButtonChecked.USER32(?,?), ref: 01018089
GetWindowLongW.USER32(01285580,000000EC), ref: 010180AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 010180C3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 9c87a21bf3240f0fe38734ba19fa195ccd4492cfe4f1f1b67bab61cf34caf9e8
Instruction ID: 463f9efd8552ee08a5a193f0d2458b6c9f4f62bf8a59c6c7ca09ba7486d63fc2
Opcode Fuzzy Hash: 9c87a21bf3240f0fe38734ba19fa195ccd4492cfe4f1f1b67bab61cf34caf9e8
Instruction Fuzzy Hash: 18715D75604204AFEB629F68C884FEB7BF5EF09300F14449EFAD597259C73AA941CB10

Function 00FEAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00FEAEF9
GetKeyboardState.USER32(?), ref: 00FEAF0E
SetKeyboardState.USER32(?), ref: 00FEAF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00FEAF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00FEAFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00FEAFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00FEB020

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 9cf7ba169698d06abec59131084719d4946ead4362080e8dd378dafba982f6a1
Instruction ID: 1508e10c9f5b9036a4bece24708347f2daec20db5af2ea545401aa26077cf5f2
Opcode Fuzzy Hash: 9cf7ba169698d06abec59131084719d4946ead4362080e8dd378dafba982f6a1
Instruction Fuzzy Hash: C751C1A0A047D53DFB3683368C45BBBBEA95B46324F088489E2D9458C2C3D9FCC8E751

Function 00FEACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00FEAD19
GetKeyboardState.USER32(?), ref: 00FEAD2E
SetKeyboardState.USER32(?), ref: 00FEAD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00FEADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00FEADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00FEAE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00FEAE38

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 87b474a414c6d282828d543d4adab52bcdddd95da7ccdd3bb758e8e18d110b4e
Instruction ID: 2125f6e7098eef973fb35ac7f391386a3de9e915c01ec067fcf5b20bdf583920
Opcode Fuzzy Hash: 87b474a414c6d282828d543d4adab52bcdddd95da7ccdd3bb758e8e18d110b4e
Instruction Fuzzy Hash: 8551F5A1D047D53DFB3382368C95B7ABEA95F46310F088489E1D5468C2D298FC98F762

Function 00FB542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00FC3CD6,?,?,?,?,?,?,?,?,00FB5BA3,?,?,00FC3CD6,?,?), ref: 00FB5470
__fassign.LIBCMT ref: 00FB54EB
__fassign.LIBCMT ref: 00FB5506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00FC3CD6,00000005,00000000,00000000), ref: 00FB552C
WriteFile.KERNEL32(?,00FC3CD6,00000000,00FB5BA3,00000000,?,?,?,?,?,?,?,?,?,00FB5BA3,?), ref: 00FB554B
WriteFile.KERNEL32(?,?,00000001,00FB5BA3,00000000,?,?,?,?,?,?,?,?,?,00FB5BA3,?), ref: 00FB5584

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: f3a7f163ea15efa2c1470a97019f9643a57aac2bb7908a7d8de4bf833966034f
Instruction ID: eee7a7886fef9b5151cbdb07dcfef5f0b237449b2c500dc3440ad01a1a79549a
Opcode Fuzzy Hash: f3a7f163ea15efa2c1470a97019f9643a57aac2bb7908a7d8de4bf833966034f
Instruction Fuzzy Hash: 4D51C1B1A006489FDB20CFA9D841BEEBBF9EF09711F18411AF955E7281D638DA41CF60

Function 00FA2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00FA2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00FA2D53
_ValidateLocalCookies.LIBCMT ref: 00FA2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00FA2E0C
_ValidateLocalCookies.LIBCMT ref: 00FA2E61

Strings

csm, xrefs: 00FA2DF6

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 402a8aa71455eabd0ae6881687f51e26263bbbcb9a26083b7f2c51649ebbfe73
Instruction ID: e4a3325720eb95e5ebe87c16e318a6aaee5a066f095e57d7ae67352d6d147f90
Opcode Fuzzy Hash: 402a8aa71455eabd0ae6881687f51e26263bbbcb9a26083b7f2c51649ebbfe73
Instruction Fuzzy Hash: DF41A0B5F01209ABCF10DF6CC885A9EBBA5BF46328F148155F8146B352D739DA05EB90

Function 010010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0100304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0100307A
Part of subcall function 0100304E: _wcslen.LIBCMT ref: 0100309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 01001112
WSAGetLastError.WSOCK32 ref: 01001121
WSAGetLastError.WSOCK32 ref: 010011C9
closesocket.WSOCK32(00000000), ref: 010011F9

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: acdbdd77310da935f1ef43344b1b36237c69449312f4c539226da86e47af880f
Instruction ID: 0136ac451f93870f0ae42a1dce22efcc8810a200fc41838dae6ec877627cbba1
Opcode Fuzzy Hash: acdbdd77310da935f1ef43344b1b36237c69449312f4c539226da86e47af880f
Instruction Fuzzy Hash: C541A131600204AFEB169F18C884BEABBE9FF45324F148059FD959B2C5C779E941CBE1

Function 00FECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00FEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00FECF22,?), ref: 00FEDDFD

Part of subcall function 00FEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00FECF22,?), ref: 00FEDE16

lstrcmpiW.KERNEL32(?,?), ref: 00FECF45
MoveFileW.KERNEL32(?,?), ref: 00FECF7F
_wcslen.LIBCMT ref: 00FED005
_wcslen.LIBCMT ref: 00FED01B
SHFileOperationW.SHELL32(?), ref: 00FED061

Strings

\*.*, xrefs: 00FECFF3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: ecde7517bbbb282e2dfb524d6d4fa998c6e685800604fa596b78654389151479
Instruction ID: c05139a95a44893d9bbaaaadd2852ff02f215504ffbd8711817fc07dfe8fef6c
Opcode Fuzzy Hash: ecde7517bbbb282e2dfb524d6d4fa998c6e685800604fa596b78654389151479
Instruction Fuzzy Hash: 664186B1D452585FDF22EFA5DD81ADEB7B8AF08380F0000E6E505EB141EB39A785DB50

Function 01012DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 01012E1C
GetWindowLongW.USER32(?,000000F0), ref: 01012E4F
GetWindowLongW.USER32(?,000000F0), ref: 01012E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 01012EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 01012EE0
GetWindowLongW.USER32(?,000000F0), ref: 01012EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 01012F0B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: c16f0ff0ace7b6b2e862702bc595ce05c7c0fffa8e9e8d53df566d96f7f58389
Instruction ID: 7bcc004ace9be85f5446f378e781e08f685e2aa28d6cbc0a301345d1aba91275
Opcode Fuzzy Hash: c16f0ff0ace7b6b2e862702bc595ce05c7c0fffa8e9e8d53df566d96f7f58389
Instruction Fuzzy Hash: 0A310634644250AFEB21CF5CDD84FA537E5FB5A714F2501A4F9908F2AACB7AE840DB41

Function 00FE7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00FE7769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00FE778F
SysAllocString.OLEAUT32(00000000), ref: 00FE7792
SysAllocString.OLEAUT32(?), ref: 00FE77B0
SysFreeString.OLEAUT32(?), ref: 00FE77B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00FE77DE
SysAllocString.OLEAUT32(?), ref: 00FE77EC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 964a858bb08664ecc9a2f7d61700b979a0a12b7f8cb580aac5403c1127c8c9a0
Instruction ID: 603ed87e4a53c016cef1c263ffa5ca6fc6ff585543b2e22967283ddda06db7dd
Opcode Fuzzy Hash: 964a858bb08664ecc9a2f7d61700b979a0a12b7f8cb580aac5403c1127c8c9a0
Instruction Fuzzy Hash: A421D676A08359AFEF20EEA9CC88DBB73ACEB093647048025F904DB150D678DC419760

Function 00FE77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00FE7842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00FE7868
SysAllocString.OLEAUT32(00000000), ref: 00FE786B
SysAllocString.OLEAUT32 ref: 00FE788C
SysFreeString.OLEAUT32 ref: 00FE7895
StringFromGUID2.OLE32(?,?,00000028), ref: 00FE78AF
SysAllocString.OLEAUT32(?), ref: 00FE78BD

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 460ec742b51b6fb134760ef729457dfa803ac71f0af36dadc76b1d99dc8fb291
Instruction ID: 6f88b147884d142e5fca065b7176264d6e1acac20ca4612afaa64b793793212b
Opcode Fuzzy Hash: 460ec742b51b6fb134760ef729457dfa803ac71f0af36dadc76b1d99dc8fb291
Instruction Fuzzy Hash: D121D831A48214AFEF10AFB9CC8CDAA77ECEB193607208025F914CB194DA78DD41DB64

Function 00FF04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00FF04F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00FF052E

Strings

nul, xrefs: 00FF0567

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 4f6115f9113b3ae1b2d108bf01ad85c67c2b71d273c1dff59eb9d0ad39a6ed3b
Instruction ID: 3088e4e3e2a1e3ac2760c5a6c8752ee4c0b1394130f7dbe7fdb82dbc5da82bce
Opcode Fuzzy Hash: 4f6115f9113b3ae1b2d108bf01ad85c67c2b71d273c1dff59eb9d0ad39a6ed3b
Instruction Fuzzy Hash: AF219475900309AFDF208F69D844AAA77B4AF45734F284A19F9A1D72E1DBB1D940DF20

Function 00FF05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00FF05C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00FF0601

Strings

nul, xrefs: 00FF0639

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 9e21be3d9fc94044a00fefc4dfce43f1210ff62d4b33a622bf7c2eccd996f761
Instruction ID: d242ce47dd7a02b6258d4bfc3eade6bf8899692d3df635ed12e5e83473b0dbb0
Opcode Fuzzy Hash: 9e21be3d9fc94044a00fefc4dfce43f1210ff62d4b33a622bf7c2eccd996f761
Instruction Fuzzy Hash: E821A3759003199BDB208F698804AAA77E4AF85730F200A19FAA1D72E1DFB19960DB10

Function 010140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F8604C
Part of subcall function 00F8600E: GetStockObject.GDI32(00000011), ref: 00F86060
Part of subcall function 00F8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F8606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 01014112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0101411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0101412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 01014139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 01014145

Strings

Msctls_Progress32, xrefs: 010140E3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 91372ffbd3ac3334f0febc5c0e32a715e49f2bc657471bc14c7b816088c52109
Instruction ID: 39d1b633360194aaf3fda6466a87fbe580a4ab6a07729a7aae5523d5197f6ca2
Opcode Fuzzy Hash: 91372ffbd3ac3334f0febc5c0e32a715e49f2bc657471bc14c7b816088c52109
Instruction Fuzzy Hash: 7011B2B2140219BEEF219E65CC85EE77F9DEF09798F004111BA58E6054C776DC21DBA4

Function 00FBD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00FBD7A3: _free.LIBCMT ref: 00FBD7CC

_free.LIBCMT ref: 00FBD82D

Part of subcall function 00FB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000), ref: 00FB29DE
Part of subcall function 00FB29C8: GetLastError.KERNEL32(00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000,00000000), ref: 00FB29F0

_free.LIBCMT ref: 00FBD838
_free.LIBCMT ref: 00FBD843
_free.LIBCMT ref: 00FBD897
_free.LIBCMT ref: 00FBD8A2
_free.LIBCMT ref: 00FBD8AD
_free.LIBCMT ref: 00FBD8B8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: c32d5dcd4e2e16652645884f863a805b4f9ccf1782375f0a57dc59218e4dca28
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: DF115171540B04BBD521BFB2CC47FCB7BEC6F00700F400C25B29DA6492EA69B5057E51

Function 00FEDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00FEDA74
LoadStringW.USER32(00000000), ref: 00FEDA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00FEDA91
LoadStringW.USER32(00000000), ref: 00FEDA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00FEDADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00FEDAB9

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: a9d1d02e8ba50b0e3247db8edebf678664d8373f22e28de6000eb2d7ab37d247
Instruction ID: 2b627961194615aca2dfa58ab4e170faaa9556d3de7e4cbf50dc8562e9f110fd
Opcode Fuzzy Hash: a9d1d02e8ba50b0e3247db8edebf678664d8373f22e28de6000eb2d7ab37d247
Instruction Fuzzy Hash: D90162F69402087FF710ABA09E89EE7336CE708701F4008A5B786E6045EA7DDE844B74

Function 00FF096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0127E120,0127E120), ref: 00FF097B
EnterCriticalSection.KERNEL32(0127E100,00000000), ref: 00FF098D
TerminateThread.KERNEL32(?,000001F6), ref: 00FF099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00FF09A9
CloseHandle.KERNEL32(?), ref: 00FF09B8
InterlockedExchange.KERNEL32(0127E120,000001F6), ref: 00FF09C8
LeaveCriticalSection.KERNEL32(0127E100), ref: 00FF09CF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 4d90e3ed7ad9e3c93dca51ee98be57e6b5441e6a5a97b257e8058c7abd1da392
Instruction ID: 1bfc1e0d2848a1a9d86f0d614f260419cf20d37437a70714f32bf5b4fcee58a0
Opcode Fuzzy Hash: 4d90e3ed7ad9e3c93dca51ee98be57e6b5441e6a5a97b257e8058c7abd1da392
Instruction Fuzzy Hash: 85F01D31482612BBE7615B94EF88AE67A35BF01712F401015F241508A5DB7ED565DF90

Function 00F85D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00F85D30
GetWindowRect.USER32(?,?), ref: 00F85D71
ScreenToClient.USER32(?,?), ref: 00F85D99
GetClientRect.USER32(?,?), ref: 00F85ED7
GetWindowRect.USER32(?,?), ref: 00F85EF8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 070347b1b5b6e07b6989ceeb77e862e25f844995be19c087b3bd13c325955bc4
Instruction ID: 467ecce3d2a6edc3cf66cda3648bf265f5efd059243e330b4f6e7ab01c9c389c
Opcode Fuzzy Hash: 070347b1b5b6e07b6989ceeb77e862e25f844995be19c087b3bd13c325955bc4
Instruction Fuzzy Hash: 6EB17935A0064ADBDB14DFA8C981BEEB7F1FF58310F14841AE8A9D7250DB34EA51EB50

Function 00FB01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00FB00BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FB00D6
__allrem.LIBCMT ref: 00FB00ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FB010B
__allrem.LIBCMT ref: 00FB0122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FB0140

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: dd967dc0fedf7faf4e29295e87ae3b04c6ffec3a117871bca88d051111d98b9b
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 0581FC72A007069FE724AE69CC41BAB73E9AF42374F24423DF551DB281EB74D904AF50

Function 01001D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 01003149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0100101C,00000000,?,?,00000000), ref: 01003195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 01001DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 01001DE1
WSAGetLastError.WSOCK32 ref: 01001DF2
inet_ntoa.WSOCK32(?), ref: 01001E8C
htons.WSOCK32(?,?,?,?,?), ref: 01001EDB
_strlen.LIBCMT ref: 01001F35

Part of subcall function 00FE39E8: _strlen.LIBCMT ref: 00FE39F2

Part of subcall function 00F86D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00F9CF58,?,?,?), ref: 00F86DBA
Part of subcall function 00F86D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00F9CF58,?,?,?), ref: 00F86DED

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: c5ecd066119d9bf996e0bb29111489cb5949be1de7792c3799bee13400c69500
Instruction ID: b16c2a288cfe61fbc768c5d0f1a324c4b34bb946c13492c39784423b04fcc292
Opcode Fuzzy Hash: c5ecd066119d9bf996e0bb29111489cb5949be1de7792c3799bee13400c69500
Instruction Fuzzy Hash: E7A1F130204340AFE321EF24C885E7A7BE5AF84318F54894CF5965B2E2CB35ED42CB91

Function 00FB61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FA82D9,00FA82D9,?,?,?,00FB644F,00000001,00000001,8BE85006), ref: 00FB6258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00FB644F,00000001,00000001,8BE85006,?,?,?), ref: 00FB62DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00FB63D8
__freea.LIBCMT ref: 00FB63E5

Part of subcall function 00FB3820: RtlAllocateHeap.NTDLL(00000000,?,01051444,?,00F9FDF5,?,?,00F8A976,00000010,01051440,00F813FC,?,00F813C6,?,00F81129), ref: 00FB3852

__freea.LIBCMT ref: 00FB63EE
__freea.LIBCMT ref: 00FB6413

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 277fd6a88b613a92856d61fbc56b1220b8f3037cf717bccf6f5fc3c5a7a83d9d
Instruction ID: 6b23be122217a4e75ae4c1c00097aba9de27e82701deec840f7abf1e90b019d8
Opcode Fuzzy Hash: 277fd6a88b613a92856d61fbc56b1220b8f3037cf717bccf6f5fc3c5a7a83d9d
Instruction Fuzzy Hash: F351C072A00216ABEF259E66DD81EEF77A9EB44760F184629FC05D6240DB3CDC44EE60

Function 0100BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 0100C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0100B6AE,?,?), ref: 0100C9B5
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100C9F1
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100CA68
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0100BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0100BD25
RegCloseKey.ADVAPI32(00000000), ref: 0100BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0100BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0100BDF3
RegCloseKey.ADVAPI32(?), ref: 0100BDFF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 8391a21e3a78bed815e1bedcbc8eec9b83a1e1bbc3df7368a49ad3ae2c2ddfa3
Instruction ID: e8df63ba2b7b89f93ad08b186760909e7c19c89722f50f1c3b7ae56e1e22ab2c
Opcode Fuzzy Hash: 8391a21e3a78bed815e1bedcbc8eec9b83a1e1bbc3df7368a49ad3ae2c2ddfa3
Instruction Fuzzy Hash: 9A81F434208241EFE715EF24C881E6ABBE5FF84308F14859DF5958B2A2DB35ED45CB92

Function 00FDF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00FDF7B9
SysAllocString.OLEAUT32(00000001), ref: 00FDF860
VariantCopy.OLEAUT32(00FDFA64,00000000), ref: 00FDF889
VariantClear.OLEAUT32(00FDFA64), ref: 00FDF8AD
VariantCopy.OLEAUT32(00FDFA64,00000000), ref: 00FDF8B1
VariantClear.OLEAUT32(?), ref: 00FDF8BB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: 8858b3fa74ea99079ab98548defe52276138b8b38445ee930601fc36e8405d17
Instruction ID: 4b6cd6b64985c45f94e7efb81d207d904a61e0bb77de04be9e672d16d38dada5
Opcode Fuzzy Hash: 8858b3fa74ea99079ab98548defe52276138b8b38445ee930601fc36e8405d17
Instruction Fuzzy Hash: 5051C531A40310AADF20AB65DC95F29B3A6EF45310B288467E907DF395DB788C48F757

Function 00FF910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00F87620: _wcslen.LIBCMT ref: 00F87625

Part of subcall function 00F86B57: _wcslen.LIBCMT ref: 00F86B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00FF94E5
_wcslen.LIBCMT ref: 00FF9506
_wcslen.LIBCMT ref: 00FF952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00FF9585

Strings

X, xrefs: 00FF9412

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 40de0482003cd6928b6f25b6ed0eebc42af0a4b93c34879cfd81afd7f2cfb2c0
Instruction ID: e2e091dcb8a1e237065df9d358c4ea0e532e65814f5d1f04101b96a288c24f11
Opcode Fuzzy Hash: 40de0482003cd6928b6f25b6ed0eebc42af0a4b93c34879cfd81afd7f2cfb2c0
Instruction Fuzzy Hash: 5CE1D571908301CFD724EF24C881BAAB7E4BF85314F08856DF9899B2A2DB75DD05DB91

Function 00F9920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00F99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F99BB2

BeginPaint.USER32(?,?,?), ref: 00F99241
GetWindowRect.USER32(?,?), ref: 00F992A5
ScreenToClient.USER32(?,?), ref: 00F992C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00F992D3
EndPaint.USER32(?,?,?,?,?), ref: 00F99321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00FD71EA

Part of subcall function 00F99339: BeginPath.GDI32(00000000), ref: 00F99357

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 0dcd2c35ea8713dccc5907744420f8e355edd973bd3d546f189516bbf4a21bca
Instruction ID: f2ef7251fee1a654f53c3c08357ad463d7f9999d1e93089ac9bf776211a3bf52
Opcode Fuzzy Hash: 0dcd2c35ea8713dccc5907744420f8e355edd973bd3d546f189516bbf4a21bca
Instruction Fuzzy Hash: BA41B371508300AFEB21DF18C884FBB7BB9EB46320F14061DF995872E1D7799845EB61

Function 00FF07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00FF080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00FF0847
EnterCriticalSection.KERNEL32(?), ref: 00FF0863
LeaveCriticalSection.KERNEL32(?), ref: 00FF08DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00FF08F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00FF0921

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: e5eca1ab962b666ba912e63e72a12e8ba3268a497f5c460423d9d4a123043139
Instruction ID: dd5ad6b3d62723cf5af20522ac76e27432343886a8296d0356667875cda8648a
Opcode Fuzzy Hash: e5eca1ab962b666ba912e63e72a12e8ba3268a497f5c460423d9d4a123043139
Instruction Fuzzy Hash: 9B417E71900209EBEF24AF54DC85AAA7778FF04310F1440A5ED04DA29BDB79DE54EBA4

Function 010181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00FDF3AB,00000000,?,?,00000000,?,00FD682C,00000004,00000000,00000000), ref: 0101824C
EnableWindow.USER32(?,00000000), ref: 01018272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 010182D1
ShowWindow.USER32(?,00000004), ref: 010182E5
EnableWindow.USER32(?,00000001), ref: 0101830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0101832F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 9195e3aaf43aab520ad0a1a66623da121cb9966cad8e40b15e1f338d31aeee32
Instruction ID: 874bc26aacbcb9814f17de25eb1afdd344b99de54fefe10a656d53cf380d5250
Opcode Fuzzy Hash: 9195e3aaf43aab520ad0a1a66623da121cb9966cad8e40b15e1f338d31aeee32
Instruction Fuzzy Hash: D941DD34601644EFEB62CF18C489BE57FF0FB09714F1881E6E6984F16AC37AA541CB50

Function 010022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 010022E8

Part of subcall function 00FFE4EC: GetWindowRect.USER32(?,?), ref: 00FFE504

GetDesktopWindow.USER32 ref: 01002312
GetWindowRect.USER32(00000000), ref: 01002319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 01002355
GetCursorPos.USER32(?), ref: 01002381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 010023DF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 1ea0bd61ecb176adb6606e0e0baaecf1341486b0f3d4f98cb200436ffbbf833c
Instruction ID: 93761171fd8205d54fd0479efbece1f1a39cbfedb8923f5cfa898eacfc8e686f
Opcode Fuzzy Hash: 1ea0bd61ecb176adb6606e0e0baaecf1341486b0f3d4f98cb200436ffbbf833c
Instruction Fuzzy Hash: 8C31C072505305AFE721DF59D848B5BBBE9FF88314F004A19F9C597181DB39EA08CB92

Function 00FE4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00FE4C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00FE4CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00FE4CEA
_wcslen.LIBCMT ref: 00FE4D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00FE4D10
_wcsstr.LIBVCRUNTIME ref: 00FE4D1A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 370528b934bb9e2227f4d5bc6d78b76e9847ddc7d39c8f1813af5bbd5b59658a
Instruction ID: 1d480ea6f1d78a3ae6b1e766ad3dd2e6ccd6a634c450f2d27631eff0d4beded5
Opcode Fuzzy Hash: 370528b934bb9e2227f4d5bc6d78b76e9847ddc7d39c8f1813af5bbd5b59658a
Instruction Fuzzy Hash: 8D21F9726042407BFB355B3AAD49E7B7B9CDF49760F10402DF805CA192DA79EC40A7A0

Function 00FF581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00F83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F83A97,?,?,00F82E7F,?,?,?,00000000), ref: 00F83AC2

_wcslen.LIBCMT ref: 00FF587B
CoInitialize.OLE32(00000000), ref: 00FF5995
CoCreateInstance.OLE32(0101FCF8,00000000,00000001,0101FB68,?), ref: 00FF59AE
CoUninitialize.OLE32 ref: 00FF59CC

Strings

.lnk, xrefs: 00FF5876, 00FF58C1, 00FF5985

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: 78cfef82c8ea62a58ba3fb5ca6fff7773bb668f8cea6b168b4a8267bb01ab2cb
Instruction ID: 225ea59e9234e03f6d74aab558a7b40603d2d75754d816e7f5e3fcbe2f98861a
Opcode Fuzzy Hash: 78cfef82c8ea62a58ba3fb5ca6fff7773bb668f8cea6b168b4a8267bb01ab2cb
Instruction Fuzzy Hash: 1AD17771A047059FC714EF14C880A6ABBE1FF89B24F14485DFA899B361D735EC05DB92

Function 00FE175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00FE0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00FE0FCA
Part of subcall function 00FE0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00FE0FD6
Part of subcall function 00FE0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00FE0FE5
Part of subcall function 00FE0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00FE0FEC
Part of subcall function 00FE0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00FE1002

GetLengthSid.ADVAPI32(?,00000000,00FE1335), ref: 00FE17AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00FE17BA
HeapAlloc.KERNEL32(00000000), ref: 00FE17C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00FE17DA
GetProcessHeap.KERNEL32(00000000,00000000,00FE1335), ref: 00FE17EE
HeapFree.KERNEL32(00000000), ref: 00FE17F5

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: d6b650ec47188bb99a6789e8d7307623026951a5ecea10333597c9f184627bd2
Instruction ID: 607b3edb87dfa9314ebe56d428db63aae61b4288b8a55701656dd60e36737e19
Opcode Fuzzy Hash: d6b650ec47188bb99a6789e8d7307623026951a5ecea10333597c9f184627bd2
Instruction Fuzzy Hash: 1C117C32984205EFEB249FA6CD49BAF7BA9FB46765F104118F48197200D73AE944EB60

Function 00FE14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00FE14FF
OpenProcessToken.ADVAPI32(00000000), ref: 00FE1506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00FE1515
CloseHandle.KERNEL32(00000004), ref: 00FE1520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00FE154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00FE1563

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 81efa7ab7f39981544991f524fe1d5950901763de613d99a85afaf95fd1ff9f0
Instruction ID: fedd3fc4857f14b48651d1cc5f1be39b998c292f3bf0ba4101af8e3cbe581ff6
Opcode Fuzzy Hash: 81efa7ab7f39981544991f524fe1d5950901763de613d99a85afaf95fd1ff9f0
Instruction Fuzzy Hash: 1B115972500249ABEF22CF99DE49BDE7BA9FF49714F044014FA05A2190C37ACE60EB60

Function 00FA3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00FA3379,00FA2FE5), ref: 00FA3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00FA339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FA33B7
SetLastError.KERNEL32(00000000,?,00FA3379,00FA2FE5), ref: 00FA3409

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 4f2ffb447bda611715596c71d3e023cd204ed42b447b05cac2184499919546a8
Instruction ID: 9f1a23027430a7995c610978952c56a27d1080bddf0fffee90f08684a838e5a4
Opcode Fuzzy Hash: 4f2ffb447bda611715596c71d3e023cd204ed42b447b05cac2184499919546a8
Instruction Fuzzy Hash: 3D0124F3A0E3117FFB342674BEC9A673A94EB0B3793200229F410802E0EF1A4E017644

Function 00FB2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00FB5686,00FC3CD6,?,00000000,?,00FB5B6A,?,?,?,?,?,00FAE6D1,?,01048A48), ref: 00FB2D78
_free.LIBCMT ref: 00FB2DAB
_free.LIBCMT ref: 00FB2DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00FAE6D1,?,01048A48,00000010,00F84F4A,?,?,00000000,00FC3CD6), ref: 00FB2DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00FAE6D1,?,01048A48,00000010,00F84F4A,?,?,00000000,00FC3CD6), ref: 00FB2DEC
_abort.LIBCMT ref: 00FB2DF2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: f18d57ce9086e601a3e3340423d9345ccfa3b5f9f093bed5f11efae54d9bd141
Instruction ID: 37e2e3b1e220139381d115e8a8662c8da0f5c6149c229c9c5f6c20aecec632c5
Opcode Fuzzy Hash: f18d57ce9086e601a3e3340423d9345ccfa3b5f9f093bed5f11efae54d9bd141
Instruction Fuzzy Hash: 7AF0283698560027D7A2363BBD0AEDF3569AFCA7B0F240518F86492189EE2DC9017E20

Function 01018A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00F99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F99693
Part of subcall function 00F99639: SelectObject.GDI32(?,00000000), ref: 00F996A2
Part of subcall function 00F99639: BeginPath.GDI32(?), ref: 00F996B9
Part of subcall function 00F99639: SelectObject.GDI32(?,00000000), ref: 00F996E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 01018A4E
LineTo.GDI32(?,00000003,00000000), ref: 01018A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 01018A70
LineTo.GDI32(?,00000000,00000003), ref: 01018A80
EndPath.GDI32(?), ref: 01018A90
StrokePath.GDI32(?), ref: 01018AA0

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: e1c05022166b0b4180b76bd7217eb0be4c24426accbc9b0b7c5f4532c33a4de2
Instruction ID: e3e8fc3496949a78b1fad5350ab25efe0ca724544473c54435a37bafb27dbbfc
Opcode Fuzzy Hash: e1c05022166b0b4180b76bd7217eb0be4c24426accbc9b0b7c5f4532c33a4de2
Instruction Fuzzy Hash: 82111E7604010CBFEF129F94DC48F9A7FACEB05354F008451FA5596164C77A9D55DFA0

Function 00FE51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00FE5218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00FE5229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FE5230
ReleaseDC.USER32(00000000,00000000), ref: 00FE5238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00FE524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00FE5261

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 01748a58c33900da33e97935e9ddf1655c80fb8ec1b0b43b3a7c3b3eaa14a8e3
Instruction ID: 76aa514c35ec603bf036c9dccfd42b80a9054a3b8384945d0e63ffcb96c24a25
Opcode Fuzzy Hash: 01748a58c33900da33e97935e9ddf1655c80fb8ec1b0b43b3a7c3b3eaa14a8e3
Instruction Fuzzy Hash: B7018F75E40708BBEB109BE69D49E5EBFB8FB48751F044065FA09A7280D675D800CBA0

Function 00F81BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F81BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00F81BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F81C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F81C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00F81C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00F81C22

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: e74ee9f84faf82eabb002a28b7d717ab652cae35ede04fd1bcdb169046b6bd33
Instruction ID: c135a61075723070c8ddcf51062984046b39ede11320f0fb61e67f0214aa4124
Opcode Fuzzy Hash: e74ee9f84faf82eabb002a28b7d717ab652cae35ede04fd1bcdb169046b6bd33
Instruction Fuzzy Hash: 520167B0942B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5

Function 00FEEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00FEEB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00FEEB46
GetWindowThreadProcessId.USER32(?,?), ref: 00FEEB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00FEEB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00FEEB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00FEEB75

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 5f84ff1282d160748d0e06d61013c1d9382bee8e1918fad1043c8c0bb9e7cba6
Instruction ID: 1a7184eaae60249d0564937fec1add804108ae502842ba73ab1a73344774bc86
Opcode Fuzzy Hash: 5f84ff1282d160748d0e06d61013c1d9382bee8e1918fad1043c8c0bb9e7cba6
Instruction Fuzzy Hash: E8F01D72581158BBE63156529D0DEAB3A7CEBCAB15F000158F641D1084D6A9AA0187B5

Function 00FD7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00FD7452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00FD7469
GetWindowDC.USER32(?), ref: 00FD7475
GetPixel.GDI32(00000000,?,?), ref: 00FD7484
ReleaseDC.USER32(?,00000000), ref: 00FD7496
GetSysColor.USER32(00000005), ref: 00FD74B0

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 251c45963483706635c76b87520f92099b29e85850908a907c4b19711682dba8
Instruction ID: 93412c8f9313288e3a88af091826da19048dc179ecdf05dfc383f06e4f281fc4
Opcode Fuzzy Hash: 251c45963483706635c76b87520f92099b29e85850908a907c4b19711682dba8
Instruction Fuzzy Hash: 3D01AD32440215EFEB61AF64DD08BAA7BB6FF08321F650464F955A2190CB3A5E41EB10

Function 00FE1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00FE187F
UnloadUserProfile.USERENV(?,?), ref: 00FE188B
CloseHandle.KERNEL32(?), ref: 00FE1894
CloseHandle.KERNEL32(?), ref: 00FE189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00FE18A5
HeapFree.KERNEL32(00000000), ref: 00FE18AC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 5d824810a9dff88c6a905cbe35fbb8243a0ddc22c4cc04a4996918196c2d35b3
Instruction ID: 6489a5bd910090da09510a1c69696e08825153bc607e75ba9152e57104ba6925
Opcode Fuzzy Hash: 5d824810a9dff88c6a905cbe35fbb8243a0ddc22c4cc04a4996918196c2d35b3
Instruction Fuzzy Hash: 88E0E536484611BBEB115FA1EE0C90ABF3AFF4AB22B108220F26581068CB7BD520DB50

Function 00FEC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F87620: _wcslen.LIBCMT ref: 00F87625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FEC6EE
_wcslen.LIBCMT ref: 00FEC735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FEC79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00FEC7CA

Strings

0, xrefs: 00FEC6AF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: 71b8d6c5e25f957fb3946d530d712791c00ee69e97809b7ec894c2fd0d9cb8f7
Instruction ID: d0d9fcee6c19215617e112ac0b156ddde0b2cc211733de3ce378debfb25ec4b7
Opcode Fuzzy Hash: 71b8d6c5e25f957fb3946d530d712791c00ee69e97809b7ec894c2fd0d9cb8f7
Instruction Fuzzy Hash: 5651D371A043809BD7509F2AC845B6B7BE4AF49320F040A2DF995D3190DB74DD46EBD2

Function 0100AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 0100AEA3

Part of subcall function 00F87620: _wcslen.LIBCMT ref: 00F87625

GetProcessId.KERNEL32(00000000), ref: 0100AF38
CloseHandle.KERNEL32(00000000), ref: 0100AF67

Strings

@, xrefs: 0100AE72
<, xrefs: 0100AE6B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 95d7f07783473a0a3b2189ce105beb5705a448363bd5f13ade17a47c8baebd33
Instruction ID: 1a518f46fbd90fa174245d66aba94ab7c50446e0b1a2d892f82bd15518ae55dc
Opcode Fuzzy Hash: 95d7f07783473a0a3b2189ce105beb5705a448363bd5f13ade17a47c8baebd33
Instruction Fuzzy Hash: 85714A71A00715DFEB15EF94C884A9EBBF0BF08314F148499E856AB392C779ED45CBA0

Function 00FE719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00FE7206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00FE723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00FE724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00FE72CF

Strings

DllGetClassObject, xrefs: 00FE7242

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 827b2b82eb04a5f7cbdc0f9c576eb6ddf308358a45b4cec9e8588c44bde7cc17
Instruction ID: 04f0cccccf1601eea667b085dac217dd3b3d63443a6ceeb1cb91411a1e58d900
Opcode Fuzzy Hash: 827b2b82eb04a5f7cbdc0f9c576eb6ddf308358a45b4cec9e8588c44bde7cc17
Instruction Fuzzy Hash: A641BDB1A04305EFDB25DF55C884A9A7BA9EF44310F1080A9BE059F20AD7B5DD00EFA0

Function 01013D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 01013E35
IsMenu.USER32(?), ref: 01013E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 01013E92
DrawMenuBar.USER32 ref: 01013EA5

Strings

0, xrefs: 01013D89

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 74e800704328111f1eb1822384f40a4f0613d6968b24ca101178f0355b1a46e0
Instruction ID: 4b641d1cb754c339b522f393fabf23f60234eb8b69c138aa296399b5df62074f
Opcode Fuzzy Hash: 74e800704328111f1eb1822384f40a4f0613d6968b24ca101178f0355b1a46e0
Instruction Fuzzy Hash: A1416875A00309EFEB20DF54D884AAABBF9FF49360F044069E985AB284D739E944CF50

Function 00FE1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 00FE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FE3CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00FE1E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00FE1E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00FE1EA9

Part of subcall function 00F86B57: _wcslen.LIBCMT ref: 00F86B6A

Strings

ListBox, xrefs: 00FE1E25
ComboBox, xrefs: 00FE1DF0

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 49fbd972bfcbbd06bab02153c110851eaf7046d66f0607525c50770e9b2bd321
Instruction ID: 643ca9458c078f4f206f402b33b4a59652db29fd3f52ba10861eaf53a9e21ec1
Opcode Fuzzy Hash: 49fbd972bfcbbd06bab02153c110851eaf7046d66f0607525c50770e9b2bd321
Instruction Fuzzy Hash: D7214771A00148BFEB14AB76DC49CFFB7B8EF46364B144129F821A71D1DB7D5909AB20

Function 0100C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0100C9F1
_wcslen.LIBCMT ref: 0100CA68
_wcslen.LIBCMT ref: 0100CA9E
_wcslen.LIBCMT ref: 0100CAF9
_wcslen.LIBCMT ref: 0100CB2F
_wcslen.LIBCMT ref: 0100CB7F

Strings

HKLM, xrefs: 0100CA98, 0100CA9D
HKEY_LOCAL_MACHINE, xrefs: 0100CA62, 0100CA67

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: 83321834b16487f7dfcf80dd7ed1a47bedee4fdb1e08a87e57e6ce7b03edfc68
Instruction ID: be3e99ae224f8045f98af666de96e35f3ecd4d3526beed1c6085c531eb507bfb
Opcode Fuzzy Hash: 83321834b16487f7dfcf80dd7ed1a47bedee4fdb1e08a87e57e6ce7b03edfc68
Instruction Fuzzy Hash: C331F772A001624BFB63DE6CDA901BF37D15B93658F0542E9E8C1AB2C6E775CDC493A0

Function 01012F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 01012F8D
LoadLibraryW.KERNEL32(?), ref: 01012F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 01012FA9
DestroyWindow.USER32(?), ref: 01012FB1

Strings

SysAnimate32, xrefs: 01012F68

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: 9553e226d9536a04a22ff57c9f4eec58cea806637d8038136c9ae8426a2c16a5
Instruction ID: ff33edffd288a0ea6e20cc9ad562d50542e7316fdcdf541abd0799476de5aa0d
Opcode Fuzzy Hash: 9553e226d9536a04a22ff57c9f4eec58cea806637d8038136c9ae8426a2c16a5
Instruction Fuzzy Hash: DD21CD71200209AFEF214EA8DC84FBB37EDEB49364F20062CFA90D6199D779DC519760

Function 00FA4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FA4D1E,00FB28E9,?,00FA4CBE,00FB28E9,010488B8,0000000C,00FA4E15,00FB28E9,00000002), ref: 00FA4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FA4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00FA4D1E,00FB28E9,?,00FA4CBE,00FB28E9,010488B8,0000000C,00FA4E15,00FB28E9,00000002,00000000), ref: 00FA4DC3

Strings

mscoree.dll, xrefs: 00FA4D86
CorExitProcess, xrefs: 00FA4D98

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 85a69d6e25db7bf79085262c078ee43ac7c13ca08426342dd2a588a86d660d96
Instruction ID: ca7742a31e999728178f0a570effbfa9c9502e0f3f6b03c2046d1d3ba759b5c7
Opcode Fuzzy Hash: 85a69d6e25db7bf79085262c078ee43ac7c13ca08426342dd2a588a86d660d96
Instruction Fuzzy Hash: 0AF0C274A80218BBEB209F90DD49BADBFB4EF45721F0000A8F845A6644CF7A9E40DB90

Function 00FDD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00FDD3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00FDD3BF
FreeLibrary.KERNEL32(00000000), ref: 00FDD3E5

Strings

X64, xrefs: 00FDD2A8
GetSystemWow64DirectoryW, xrefs: 00FDD3B9

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 220f0f0e99bdd54533f8436176362116e959a4df00ae720143ca93a006db86bb
Instruction ID: 5b566e622cb68a211a826c90ac3be52dddad9610a8ee02806402eb256a557995
Opcode Fuzzy Hash: 220f0f0e99bdd54533f8436176362116e959a4df00ae720143ca93a006db86bb
Instruction Fuzzy Hash: 9EF0EC72CC26119BE7751620CC58E5D7325AF11756B5C815BF885E6208D738CD40A782

Function 00F84E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F84EDD,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F84EAE
FreeLibrary.KERNEL32(00000000,?,?,00F84EDD,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84EC0

Strings

Wow64DisableWow64FsRedirection, xrefs: 00F84EA8
kernel32.dll, xrefs: 00F84E94

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 6dea2f3faa78d693215ac99b3141f40ba24e26ecb180d39b9f40b1601331f624
Instruction ID: b4df7fe473c65581504713358bcc2b37085fa6fd260e6d18383071949ee55c78
Opcode Fuzzy Hash: 6dea2f3faa78d693215ac99b3141f40ba24e26ecb180d39b9f40b1601331f624
Instruction Fuzzy Hash: 43E08635E825235BA3316B256818A9B6654AF82B72B050115FC40E6104DB6CDC0152A0

Function 00F84E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FC3CDE,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F84E74
FreeLibrary.KERNEL32(00000000,?,?,00FC3CDE,?,01051418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F84E87

Strings

Wow64RevertWow64FsRedirection, xrefs: 00F84E6E
kernel32.dll, xrefs: 00F84E5B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: ec1dcca079ab0cf73e78278cd033c3bc0cf01819795af62ededb6e4ceb813138
Instruction ID: ba632805ccd99eecc2c0bbce28dca03512e76135669ae3f9171b1b057f4df6e4
Opcode Fuzzy Hash: ec1dcca079ab0cf73e78278cd033c3bc0cf01819795af62ededb6e4ceb813138
Instruction Fuzzy Hash: F0D01235A826329766322B256918ECB6A18BF86B653050525B985E6108CF6DDD0197D0

Function 00FF2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FF2C05
DeleteFileW.KERNEL32(?), ref: 00FF2C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00FF2C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FF2CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FF2CC0

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 152570dd7376473d02179d50475a8c7a8894ad30f8f7e190984e86bd53a51e62
Instruction ID: 63efbfa0b072c59f6edf2671ddf340e0130162fdc95b651eb5c39beffff7478a
Opcode Fuzzy Hash: 152570dd7376473d02179d50475a8c7a8894ad30f8f7e190984e86bd53a51e62
Instruction Fuzzy Hash: E2B161B2D0011DABDF21EFA4CC85EEE7B7DEF49350F1040A6F609E6151EA349A449F61

Function 0100A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0100A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0100A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0100A468
CloseHandle.KERNEL32(?), ref: 0100A63D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 45f12c4960eca1a8157e9b9e1d6e29c8130d4ed6310003d1bd227001888a0023
Instruction ID: 3686f39c44c24248cda4ab5f3d29283618a2652e52fa289ddf36622c9ca61e4e
Opcode Fuzzy Hash: 45f12c4960eca1a8157e9b9e1d6e29c8130d4ed6310003d1bd227001888a0023
Instruction Fuzzy Hash: 0EA193716043009FE720DF28DC86F2AB7E5AF88714F14885DF69A9B2D2DB75EC418B91

Function 00FEE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00FEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00FECF22,?), ref: 00FEDDFD

Part of subcall function 00FEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00FECF22,?), ref: 00FEDE16

Part of subcall function 00FEE199: GetFileAttributesW.KERNEL32(?,00FECF95), ref: 00FEE19A

lstrcmpiW.KERNEL32(?,?), ref: 00FEE473
MoveFileW.KERNEL32(?,?), ref: 00FEE4AC
_wcslen.LIBCMT ref: 00FEE5EB
_wcslen.LIBCMT ref: 00FEE603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00FEE650

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 65943a36e2fe4a84f9915bc7620b3fbc81bee7ea1ec021d4b1e0be426cd8ef5e
Instruction ID: 5d117d81f70aae29c3eadeb1dba78efa017c6c82949a6c2461e26193beb93d34
Opcode Fuzzy Hash: 65943a36e2fe4a84f9915bc7620b3fbc81bee7ea1ec021d4b1e0be426cd8ef5e
Instruction Fuzzy Hash: 885196B24083855BC724EB90DC819DF73ECAF85350F00491EF589D3191EF79A6889766

Function 0100B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 0100C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0100B6AE,?,?), ref: 0100C9B5
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100C9F1
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100CA68
Part of subcall function 0100C998: _wcslen.LIBCMT ref: 0100CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0100BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0100BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0100BB63
RegCloseKey.ADVAPI32(?,?), ref: 0100BBA6
RegCloseKey.ADVAPI32(00000000), ref: 0100BBB3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: a2e6108b6e692bab6637d2b5d4efca4a409bbc3011f52983d79dd8eb95d8d88e
Instruction ID: 312f7c78596755738d3f61d0aa14a76e84dcf616bcae22c56128186246cf2fa4
Opcode Fuzzy Hash: a2e6108b6e692bab6637d2b5d4efca4a409bbc3011f52983d79dd8eb95d8d88e
Instruction Fuzzy Hash: DA610334208201AFE325DF14C890E7ABBE4FF85308F14859CF0998B292DB75ED45CB92

Function 00FE8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00FE8BCD
VariantClear.OLEAUT32 ref: 00FE8C3E
VariantClear.OLEAUT32 ref: 00FE8C9D
VariantClear.OLEAUT32(?), ref: 00FE8D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00FE8D3B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 3db55032a7252707c7756a15580455d63fa00fceef59c721464d449fe065927c
Instruction ID: 1fc2ba7b1c912e397c15d915fa47531143d833d4d898d7bea6f717b9aa88f084
Opcode Fuzzy Hash: 3db55032a7252707c7756a15580455d63fa00fceef59c721464d449fe065927c
Instruction Fuzzy Hash: 9F518CB5A00219EFCB10DF59C884AAAB7F5FF89310B118559F909DB354EB34E912CF90

Function 00FF8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00FF8BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00FF8BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00FF8C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00FF8C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00FF8C5F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 2f655d4fe1ae95a72c23a6b56668e1feac27a658725d57fcb1c06ce3f060caaf
Instruction ID: b457215ed9c83d1c8694e97b6631cc10569a40db63e074842f0a31670e9f0656
Opcode Fuzzy Hash: 2f655d4fe1ae95a72c23a6b56668e1feac27a658725d57fcb1c06ce3f060caaf
Instruction Fuzzy Hash: 47515035A002199FDB14EF54C881EADBBF5FF48314F088058E949AB362CB35ED41DBA0

Function 01008EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 01008F40
GetProcAddress.KERNEL32(00000000,?), ref: 01008FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 01008FEC
GetProcAddress.KERNEL32(00000000,?), ref: 01009032
FreeLibrary.KERNEL32(00000000), ref: 01009052

Part of subcall function 00F9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00FF1043,?,753CE610), ref: 00F9F6E6
Part of subcall function 00F9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00FDFA64,00000000,00000000,?,?,00FF1043,?,753CE610,?,00FDFA64), ref: 00F9F70D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: c37e62403c48105f0ffe5bfffbd63c54dfe1ec796b0db3c9c8af93fb79dcb34c
Instruction ID: 70fc0ce73d3112a3c74fae6123e35edc586e50a723224800a23428d70574e999
Opcode Fuzzy Hash: c37e62403c48105f0ffe5bfffbd63c54dfe1ec796b0db3c9c8af93fb79dcb34c
Instruction Fuzzy Hash: 9B515E34A05205DFD716EF68C4848ADBBF1FF49314F0880A9E9499B3A2DB35ED85CB90

Function 01016B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 01016C33
SetWindowLongW.USER32(?,000000EC,?), ref: 01016C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 01016C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00FFAB79,00000000,00000000), ref: 01016C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 01016CC7

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 50b9933c4838c458a34e8d3fc4d3f49ee40da2e81661d5db6e174caed99cb48e
Instruction ID: c22f56a399594d57bd843b5224ecbbb06beea76a6700275ae75f5def2bf764aa
Opcode Fuzzy Hash: 50b9933c4838c458a34e8d3fc4d3f49ee40da2e81661d5db6e174caed99cb48e
Instruction Fuzzy Hash: 2141A135A00108AFE7248E68CD54BBA7FE5EB09350F0502A8F995A7298C3BAED41CA40

Function 00FB2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00FB20C3
_free.LIBCMT ref: 00FB20E3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 5e6c8f50a3451af0b2a3fb7e419364829a669359c11c13fab982e25c3296aca8
Instruction ID: 400b6f76bcece783d89050dad40d34e1e7be183a82b6a8fb130dd1d31e650adf
Opcode Fuzzy Hash: 5e6c8f50a3451af0b2a3fb7e419364829a669359c11c13fab982e25c3296aca8
Instruction Fuzzy Hash: 2F41E276E00200AFDB20EF79C980A9DB7B5EF89320F154569E515EB355DB31AD01EF80

Function 00F9912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00F99141
ScreenToClient.USER32(00000000,?), ref: 00F9915E
GetAsyncKeyState.USER32(00000001), ref: 00F99183
GetAsyncKeyState.USER32(00000002), ref: 00F9919D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 581f06b5a20ce2f053f0c0e0a0893612fd09ff583f7315621e77e212e786bee9
Instruction ID: da26b5f5369d87f7d2a5adf0f69f9537dda5a0347a8ebcf66def6a30e03e1824
Opcode Fuzzy Hash: 581f06b5a20ce2f053f0c0e0a0893612fd09ff583f7315621e77e212e786bee9
Instruction Fuzzy Hash: 2841AF3190820AEBDF15AF68C844BEEB775FB05334F24431AE425A6290D7745990EB51

Function 00FF3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00FF38CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00FF3922
TranslateMessage.USER32(?), ref: 00FF394B
DispatchMessageW.USER32(?), ref: 00FF3955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FF3966

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 3afb2c593c39824ae9d56f7851d877bc90d632a38c9aa952fa3f55bb5a495fba
Instruction ID: 62cc494c8aae053b25d3b48acb3320e27541e28f2de6281f4bccd44fc28a25cf
Opcode Fuzzy Hash: 3afb2c593c39824ae9d56f7851d877bc90d632a38c9aa952fa3f55bb5a495fba
Instruction Fuzzy Hash: 8131E971D4434AEEEB35CB34D448BB737A9AF05354F04055DE6A2C21A4E3FD9A84EB11

Function 00FFCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00FFC21E,00000000), ref: 00FFCF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00FFCF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00FFC21E,00000000), ref: 00FFCFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00FFC21E,00000000), ref: 00FFCFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00FFC21E,00000000), ref: 00FFCFF2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 1d32bb4c81bc9f611af55be922d4c8d73c53bdae988b8ba859f7f7a217e41ade
Instruction ID: 918804197faae8e02017a141549f05da4585ad296b009ae80d35e3bec78acf6d
Opcode Fuzzy Hash: 1d32bb4c81bc9f611af55be922d4c8d73c53bdae988b8ba859f7f7a217e41ade
Instruction Fuzzy Hash: E531737190021DAFEB20DFA5CA84ABBB7F9EF04310B10442EF656D2150D735ED41EBA0

Function 00FE1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00FE1915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00FE19C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00FE19C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00FE19DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00FE19E2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: dc06742104bed5cbdb3aac82756f1ffbb7bd58caf7cc45024ad323dc78cb3538
Instruction ID: 853bf5bab961057bbf7c2cafbb204e0dc890a02423e30d1cb714225f40f2478a
Opcode Fuzzy Hash: dc06742104bed5cbdb3aac82756f1ffbb7bd58caf7cc45024ad323dc78cb3538
Instruction Fuzzy Hash: 2931E272900259EFDB10CFA9C998ADE3BB5FB04324F004225F961A72C1C374E944DB90

Function 01015706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 01015745
SendMessageW.USER32(?,00001074,?,00000001), ref: 0101579D
_wcslen.LIBCMT ref: 010157AF
_wcslen.LIBCMT ref: 010157BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 01015816

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: b04964b7c5bb43632ab39a7ee8892886a4e4b0e74bed246aac5375b0901cdee6
Instruction ID: d2c565ff0f1cbe3cce1a7c3a37dd69ecf3a228943542db714a1ae3369cee2e3b
Opcode Fuzzy Hash: b04964b7c5bb43632ab39a7ee8892886a4e4b0e74bed246aac5375b0901cdee6
Instruction Fuzzy Hash: CC21B9719002189BDB209F64DC85AEE7BB8FF86328F004156EA59EF188D7789585CF50

Function 01000930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 01000951
GetForegroundWindow.USER32 ref: 01000968
GetDC.USER32(00000000), ref: 010009A4
GetPixel.GDI32(00000000,?,00000003), ref: 010009B0
ReleaseDC.USER32(00000000,00000003), ref: 010009E8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 3f3510f09666317401fa4dc39487d031dc42e6a10b5daa38f44cff1c5ff599cd
Instruction ID: 992916b67256ba7024998d2985d8f0b062c8c91ec567fe072713813c0e0535df
Opcode Fuzzy Hash: 3f3510f09666317401fa4dc39487d031dc42e6a10b5daa38f44cff1c5ff599cd
Instruction Fuzzy Hash: E321A135600204AFE714EF64C984AAEBBE5FF48740F048468F98A97365CB39EC04DB50

Function 00FBCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00FBCDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FBCDE9

Part of subcall function 00FB3820: RtlAllocateHeap.NTDLL(00000000,?,01051444,?,00F9FDF5,?,?,00F8A976,00000010,01051440,00F813FC,?,00F813C6,?,00F81129), ref: 00FB3852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00FBCE0F
_free.LIBCMT ref: 00FBCE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00FBCE31

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 2affc8699f9602bd3f298e5f244066e37a115f334a79598e271ad92616836245
Instruction ID: 3c3ba769e54f6513668fab9bc9b96d6872d136a725154afd699c2424cfb29e4a
Opcode Fuzzy Hash: 2affc8699f9602bd3f298e5f244066e37a115f334a79598e271ad92616836245
Instruction Fuzzy Hash: 44018872A42215BF332125776C48DBB796DDEC6BA13150129F905DB204DA69CD01AAF0

Function 00F99639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F99693
SelectObject.GDI32(?,00000000), ref: 00F996A2
BeginPath.GDI32(?), ref: 00F996B9
SelectObject.GDI32(?,00000000), ref: 00F996E2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: fca23fa8955772a4aaf73d6f9026e8c46f3dded8dba1da88ee063362e2ad4c2b
Instruction ID: 201575bc7e4c44301a7ab8422a28d4b54b7401af8659660b69de33090c35c4e3
Opcode Fuzzy Hash: fca23fa8955772a4aaf73d6f9026e8c46f3dded8dba1da88ee063362e2ad4c2b
Instruction Fuzzy Hash: 2521C571815305EFFF219F68E9047AA3B79FB11321F11021AF491961D8D3BA9891DF90

Function 00FE5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00FE5726
_memcmp.LIBVCRUNTIME ref: 00FE5744
_memcmp.LIBVCRUNTIME ref: 00FE5757
_memcmp.LIBVCRUNTIME ref: 00FE576F
_memcmp.LIBVCRUNTIME ref: 00FE5787

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 4abe7a3fdee2c576c70d349f8808c762693043d0e0615a9417e5429fa4b5e798
Instruction ID: a5d39e7ae2ebf2c94adf20cd8bbcbfbd98c8002750a7744986558d2fccb2b9e3
Opcode Fuzzy Hash: 4abe7a3fdee2c576c70d349f8808c762693043d0e0615a9417e5429fa4b5e798
Instruction Fuzzy Hash: 0B01B5A664174EFBD60895139E92FBB735CAB61BACF014024FD049E241F764ED24A2E0

Function 00FB2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00FAF2DE,00FB3863,01051444,?,00F9FDF5,?,?,00F8A976,00000010,01051440,00F813FC,?,00F813C6), ref: 00FB2DFD
_free.LIBCMT ref: 00FB2E32
_free.LIBCMT ref: 00FB2E59
SetLastError.KERNEL32(00000000,00F81129), ref: 00FB2E66
SetLastError.KERNEL32(00000000,00F81129), ref: 00FB2E6F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: ae5ecc7c4261e442e2c4dd264224666f4a20bd7e423911a11a2870e592175a17
Instruction ID: e183efd626bf8310a65a164d937418d92e4f463a80db6adf3fe9bd3df1d1279b
Opcode Fuzzy Hash: ae5ecc7c4261e442e2c4dd264224666f4a20bd7e423911a11a2870e592175a17
Instruction Fuzzy Hash: 3C01287668560077E763263B6D85EEF366DBBC53B1B244428F865A2186EF3DCC017E20

Function 00FE000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?,?,?,00FE035E), ref: 00FE002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?,?), ref: 00FE0046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?,?), ref: 00FE0054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?), ref: 00FE0064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00FDFF41,80070057,?,?), ref: 00FE0070

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 649d4bab776c3b38c34ff38716f7dc25adf018eb4d823d0e04348b9fab49ba64
Instruction ID: b44c098a6fa621846039909e7c953eef9139a9be659518d2cd16d69022328682
Opcode Fuzzy Hash: 649d4bab776c3b38c34ff38716f7dc25adf018eb4d823d0e04348b9fab49ba64
Instruction Fuzzy Hash: 8101A772640205BFEB205F6ADD44BAA7AEDEF44761F144114FE45D2204DBB9DD809760

Function 00FEE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00FEE997
QueryPerformanceFrequency.KERNEL32(?), ref: 00FEE9A5
Sleep.KERNEL32(00000000), ref: 00FEE9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00FEE9B7
Sleep.KERNEL32 ref: 00FEE9F3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 4cc1f0205f5ecded0a615e64eccbf6a7c13c85c213b995c629b9a564d500a20e
Instruction ID: 84198e97c9e104bc9ddadadd85d1b334e2dbdfcee22911dd6323035dbcd58a12
Opcode Fuzzy Hash: 4cc1f0205f5ecded0a615e64eccbf6a7c13c85c213b995c629b9a564d500a20e
Instruction Fuzzy Hash: 67018C31D4162DDBDF10AFE6E949AEDBBB8FF09310F000556E542B2245CB399550DBA1

Function 00FE10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00FE1114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE1120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00FE0B9B,?,?,?), ref: 00FE1136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00FE114D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: ce06ba6583f880cc6a476fcbddc1977af2ada55c63f3992a8c16417a23269da8
Instruction ID: 0aa62f4c7c2da2dc9889e3454ebc3b9f3bbc6acaae780d5c84e24405cd49bea0
Opcode Fuzzy Hash: ce06ba6583f880cc6a476fcbddc1977af2ada55c63f3992a8c16417a23269da8
Instruction Fuzzy Hash: CC016D79540305BFEB214F66DD49A6A3B6EFF86360B100414FA81C3350DA7ADC009B60

Function 00FE0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00FE0FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00FE0FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00FE0FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00FE0FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00FE1002

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 0f12b9f94067c212ae2decc3948cbf510f8a294137657ff429d7dfdb06e1d5b8
Instruction ID: 90058e65cd77ac95c70d569a448f421c407587b04718db5b83ef6a23b5c038d7
Opcode Fuzzy Hash: 0f12b9f94067c212ae2decc3948cbf510f8a294137657ff429d7dfdb06e1d5b8
Instruction Fuzzy Hash: 12F0C239180341ABE7210FA6DD4DF563B6EFF8A761F110414FA85C7284CA39DC408B60

Function 00FE1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00FE102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00FE1036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00FE1045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00FE104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00FE1062

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 7487e1be37586cd6998b3afc873cad626359894f488672169a2b6db6997c43d4
Instruction ID: 46d676aec95885f8207515124088171c28582ce2e836e8db0850cb7b79128802
Opcode Fuzzy Hash: 7487e1be37586cd6998b3afc873cad626359894f488672169a2b6db6997c43d4
Instruction Fuzzy Hash: 69F06239180351ABE7225FA6ED49F563B6EFF8A761F110414FA85C7240CA79D9508B60

Function 00FF030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00FF017D,?,00FF32FC,?,00000001,00FC2592,?), ref: 00FF0324
CloseHandle.KERNEL32(?,?,?,?,00FF017D,?,00FF32FC,?,00000001,00FC2592,?), ref: 00FF0331
CloseHandle.KERNEL32(?,?,?,?,00FF017D,?,00FF32FC,?,00000001,00FC2592,?), ref: 00FF033E
CloseHandle.KERNEL32(?,?,?,?,00FF017D,?,00FF32FC,?,00000001,00FC2592,?), ref: 00FF034B
CloseHandle.KERNEL32(?,?,?,?,00FF017D,?,00FF32FC,?,00000001,00FC2592,?), ref: 00FF0358
CloseHandle.KERNEL32(?,?,?,?,00FF017D,?,00FF32FC,?,00000001,00FC2592,?), ref: 00FF0365

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 81622ea7cb5b9b2e78448129742018577ccf8daec46d11f54acbf7d04b2361b2
Instruction ID: b7303cc416f3a5bb30950ab289a7e821c8206e3aa4ff2b1015c46e55c0063959
Opcode Fuzzy Hash: 81622ea7cb5b9b2e78448129742018577ccf8daec46d11f54acbf7d04b2361b2
Instruction Fuzzy Hash: 9401A272800B199FC7309F66D880822F7F5BF507253158A3FD29652932C7B1A954DF80

Function 00FBD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00FBD752

Part of subcall function 00FB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000), ref: 00FB29DE
Part of subcall function 00FB29C8: GetLastError.KERNEL32(00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000,00000000), ref: 00FB29F0

_free.LIBCMT ref: 00FBD764
_free.LIBCMT ref: 00FBD776
_free.LIBCMT ref: 00FBD788
_free.LIBCMT ref: 00FBD79A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2adc215e0668531fcf3d2dcd3898e1f5ee7ebd35bdc621a48acf9c3b1c70754
Instruction ID: efa9535809ff424607aa8138d7cd89576f2b876d106b2d93de831a418ad929cc
Opcode Fuzzy Hash: f2adc215e0668531fcf3d2dcd3898e1f5ee7ebd35bdc621a48acf9c3b1c70754
Instruction Fuzzy Hash: 98F068769012047B9765EA5AFAC5CD677EDBB043307A40C09F048D7505DB39FC406F65

Function 00FE5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00FE5C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00FE5C6F
MessageBeep.USER32(00000000), ref: 00FE5C87
KillTimer.USER32(?,0000040A), ref: 00FE5CA3
EndDialog.USER32(?,00000001), ref: 00FE5CBD

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 87fe08e06caaf2f9b54a6aad06686e05b5dee814d7e592cd0bc2cf8bce42eba2
Instruction ID: 7a96187b4be9082a0d626c1c50c5f04bf05bdb30cae0ffcfc886d3e7966d5ebd
Opcode Fuzzy Hash: 87fe08e06caaf2f9b54a6aad06686e05b5dee814d7e592cd0bc2cf8bce42eba2
Instruction Fuzzy Hash: 6E01D130540B04ABFB305B25EE5EFA677B8BF08B09F040559A283A10D1DBF9B984DB91

Function 00FB22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00FB22BE

Part of subcall function 00FB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000), ref: 00FB29DE
Part of subcall function 00FB29C8: GetLastError.KERNEL32(00000000,?,00FBD7D1,00000000,00000000,00000000,00000000,?,00FBD7F8,00000000,00000007,00000000,?,00FBDBF5,00000000,00000000), ref: 00FB29F0

_free.LIBCMT ref: 00FB22D0
_free.LIBCMT ref: 00FB22E3
_free.LIBCMT ref: 00FB22F4
_free.LIBCMT ref: 00FB2305

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 049684007fe95691d02026dbd6550e1814b25ed39376c4ba9fdbb46a01ecd234
Instruction ID: 07784d4652b979e0ae00d223379c0116b391a246940a2eaf20edcac57bd31039
Opcode Fuzzy Hash: 049684007fe95691d02026dbd6550e1814b25ed39376c4ba9fdbb46a01ecd234
Instruction Fuzzy Hash: 0DF054F48013109BA7A2AF59F94199E3B78F7187A0B000A0AF498D2A6DC73F0411BFE5

Function 00F995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00F995D4
StrokeAndFillPath.GDI32(?,?,00FD71F7,00000000,?,?,?), ref: 00F995F0
SelectObject.GDI32(?,00000000), ref: 00F99603
DeleteObject.GDI32 ref: 00F99616
StrokePath.GDI32(?), ref: 00F99631

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: ee03a35969b0e524a2dae65677f59d89135b5423dcd96566c695e3fa3b178a62
Instruction ID: e50202f537ea208df8e157d79f1d4eb0da58dd39a9763d086c1895124276710b
Opcode Fuzzy Hash: ee03a35969b0e524a2dae65677f59d89135b5423dcd96566c695e3fa3b178a62
Instruction Fuzzy Hash: 86F031314493049BEB365F59E90C7AA3B71A701332F058218F4D5550E8C77E8951DF64

Function 00FB0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00FB10F9
__freea.LIBCMT ref: 00FB1117

Part of subcall function 00FB1537: _free.LIBCMT ref: 00FB154F

Strings

a/p, xrefs: 00FB11DE
am/pm, xrefs: 00FB117A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 4911523b3de26c763970c8d9aeb2d59fb9b7eef56c94d05f14b70d6ab66a4c9f
Instruction ID: 26d5ddcce5afc944df96b5a7dba41fd954ea79af5c1b2feeaa28347c5f870f29
Opcode Fuzzy Hash: 4911523b3de26c763970c8d9aeb2d59fb9b7eef56c94d05f14b70d6ab66a4c9f
Instruction Fuzzy Hash: 63D11532D00206CADB249F6AC865BFEB7F4FF06320FA80159E9019B650E7759D80EF91

Function 01007B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00FA0242: EnterCriticalSection.KERNEL32(0105070C,01051884,?,?,00F9198B,01052518,?,?,?,00F812F9,00000000), ref: 00FA024D
Part of subcall function 00FA0242: LeaveCriticalSection.KERNEL32(0105070C,?,00F9198B,01052518,?,?,?,00F812F9,00000000), ref: 00FA028A

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 00FA00A3: __onexit.LIBCMT ref: 00FA00A9

__Init_thread_footer.LIBCMT ref: 01007BFB

Part of subcall function 00FA01F8: EnterCriticalSection.KERNEL32(0105070C,?,?,00F98747,01052514), ref: 00FA0202
Part of subcall function 00FA01F8: LeaveCriticalSection.KERNEL32(0105070C,?,00F98747,01052514), ref: 00FA0235

Strings

Variable must be of type 'Object'., xrefs: 01007C3A
5, xrefs: 01007C78
G, xrefs: 01007C7F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: 42fd59475d896f0ec5418e1e0c21ae4c90108d750aa14a6c211558bb53267c04
Instruction ID: da0a9ae3429a694b88a486d699550124423b6ac36fced5458c70cd6b78329a2a
Opcode Fuzzy Hash: 42fd59475d896f0ec5418e1e0c21ae4c90108d750aa14a6c211558bb53267c04
Instruction Fuzzy Hash: 5D918F71A00209EFEB16EF58D890DADB7B1FF45304F04809DF9865B291DB79AE41CB51

Function 00FE2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00FEB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00FE21D0,?,?,00000034,00000800,?,00000034), ref: 00FEB42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00FE2760

Part of subcall function 00FEB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00FE21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00FEB3F8

Part of subcall function 00FEB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00FEB355
Part of subcall function 00FEB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00FE2194,00000034,?,?,00001004,00000000,00000000), ref: 00FEB365
Part of subcall function 00FEB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00FE2194,00000034,?,?,00001004,00000000,00000000), ref: 00FEB37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00FE27CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00FE281A

Strings

@, xrefs: 00FE2832

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 3fa6c3312649f31cf08643f79a72a3e70e9a5c2a7329d72a9e48ae5541586549
Instruction ID: 57ed32bf5fe704099e99703a9546ef27ca9ecf44decb9574bc0d278edf509007
Opcode Fuzzy Hash: 3fa6c3312649f31cf08643f79a72a3e70e9a5c2a7329d72a9e48ae5541586549
Instruction Fuzzy Hash: 8C413C72D00218AFDB10DFA5CD86AEEBBB8EF09310F004095FA55B7181DB756E45DBA1

Function 00FB172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00FB1769
_free.LIBCMT ref: 00FB1834
_free.LIBCMT ref: 00FB183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00FB1760, 00FB1767, 00FB1796, 00FB17CE

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: 179deccf77ad450ce654871619fef9020a9ecb23b5b565fe9d47d8603ee57281
Instruction ID: e93fe84f33fd77e8ae6bc028c5f4a9886e0a7dc9b495c5c74c00fe5c96d876ff
Opcode Fuzzy Hash: 179deccf77ad450ce654871619fef9020a9ecb23b5b565fe9d47d8603ee57281
Instruction Fuzzy Hash: F6316175E40218ABDB21DF9A9895EDFBBFCFB85360B644166F804D7201DA748A40EF90

Function 00FEC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00FEC306
DeleteMenu.USER32(?,00000007,00000000), ref: 00FEC34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,01051990,01285468), ref: 00FEC395

Strings

0, xrefs: 00FEC2DF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: a8727a982a8c7165b79a9231f263872a2666dc2319a1c571c9b682367441f753
Instruction ID: ab1e982cbd5d66af0a1bdc3228fa71fea2a70a5d92c16a0f7f839187a878efe5
Opcode Fuzzy Hash: a8727a982a8c7165b79a9231f263872a2666dc2319a1c571c9b682367441f753
Instruction Fuzzy Hash: 1641C3316043819FD720DF26DC44F5ABBE8AF85320F04861DF9A5972D1D774E905EBA2

Function 01014416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0101CC08,00000000,?,?,?,?), ref: 010144AA
GetWindowLongW.USER32 ref: 010144C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 010144D7

Strings

SysTreeView32, xrefs: 0101447C

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 17f5a0b2861b9659a8b3eaa08951f671725a79df553299569f3a79ee87fabd72
Instruction ID: 79be8c41981d23cca52322fd8478d1d2368a5e4f949b110995c5e1b7b66294c7
Opcode Fuzzy Hash: 17f5a0b2861b9659a8b3eaa08951f671725a79df553299569f3a79ee87fabd72
Instruction Fuzzy Hash: 6031AD71240205AFEF619E38DC45BEA7BA9EB08334F204725F9B5D21E5DB78E8509B50

Function 0100304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0100335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,01003077,?,?), ref: 01003378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0100307A
_wcslen.LIBCMT ref: 0100309B
htons.WSOCK32(00000000,?,?,00000000), ref: 01003106

Strings

255.255.255.255, xrefs: 01003095, 0100309A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 746285b0630b1039c2d077f0f34c17619d36a84ae130bfdb701eabbded104f33
Instruction ID: c2806a45eb9753af2fc7be81a02aaf69a81265579772eefbccb08c1d3d76c0ec
Opcode Fuzzy Hash: 746285b0630b1039c2d077f0f34c17619d36a84ae130bfdb701eabbded104f33
Instruction Fuzzy Hash: 7331C1352042019FE722CF28C595AAA7BF0FF14314F148099E9958F3D2D776E941C760

Function 01013EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 01013F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 01013F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 01013F78

Strings

SysMonthCal32, xrefs: 01013F0B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 3a418ff386ed73066a3b96c71bfd08b61f9d5e7d7df24ca7479317bd80345735
Instruction ID: 2fca1668ee550d72762b546d31ba65ef18b3ad99edb6327e243a1d67688f94b5
Opcode Fuzzy Hash: 3a418ff386ed73066a3b96c71bfd08b61f9d5e7d7df24ca7479317bd80345735
Instruction Fuzzy Hash: 97219132600219BFEF229E54DC46FEA3BB5FB48724F110258FA956B1C4D6B9E854CB90

Function 01014653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 01014705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 01014713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0101471A

Strings

msctls_updown32, xrefs: 01014684

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: c5ea19395fd917fef92d24afdec16bd805b774ff685830cc03db8e9b25265b60
Instruction ID: 2ae7d9f4d5ac25614875126e6ea2ad7ebc823f504e3181bf71b298076d90f4a2
Opcode Fuzzy Hash: c5ea19395fd917fef92d24afdec16bd805b774ff685830cc03db8e9b25265b60
Instruction Fuzzy Hash: 382160B5600209AFEB11DF68DCC1DA737EDEB4A798B040459FA40DB265CB79EC11DB60

Function 00FE95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00FE961D

Strings

#OnAutoItStartRegister, xrefs: 00FE95F3
#requireadmin, xrefs: 00FE95D9
#notrayicon, xrefs: 00FE95B7

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: d16752456dd9ad1177db7ccbb5fcfc82c197935147ece9728fadce2370ce3b5a
Instruction ID: 2dce648fd734a12faf3cd1cea79635e3650eb189c2389362bf21c6c9e0efb823
Opcode Fuzzy Hash: d16752456dd9ad1177db7ccbb5fcfc82c197935147ece9728fadce2370ce3b5a
Instruction Fuzzy Hash: 1A216B7260869166C331BB26DC02FBB73D89F51310F14442AF94597041EBD89D45E3B1

Function 010137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 01013840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 01013850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 01013876

Strings

Listbox, xrefs: 0101380F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 28cbb0448a90398ff784e54e9b1edafdf3a42126d4644bc296cc08d1c96c1658
Instruction ID: ba69eba6c70ad4c3d66318166053d88a0f6e3dc855152ec1d7c0258ba245eb1a
Opcode Fuzzy Hash: 28cbb0448a90398ff784e54e9b1edafdf3a42126d4644bc296cc08d1c96c1658
Instruction Fuzzy Hash: 8421D7726002187BEF228F58CC41FBB37AEFF89760F108164F9809B194C679DC518790

Function 00FF49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00FF4A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00FF4A5C
SetErrorMode.KERNEL32(00000000,?,?,0101CC08), ref: 00FF4AD0

Strings

%lu, xrefs: 00FF4A6F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: d4bd75f9f967e887122bcf20e51f35dc8ece242e05e3364a0fc24d64f75c198d
Instruction ID: 30aec93f39265bb9973f5741722879c460770641affa9c6139ac5ad0a25aa77a
Opcode Fuzzy Hash: d4bd75f9f967e887122bcf20e51f35dc8ece242e05e3364a0fc24d64f75c198d
Instruction Fuzzy Hash: E1319171A40109AFDB10DF54C981EAA7BF8EF09308F1480A8F909DF262D779ED45DB61

Function 010141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0101424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 01014264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 01014271

Strings

msctls_trackbar32, xrefs: 01014226

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 35a2491decd2e26539196b2544eaec548c0d948da663914ad4dcc479624eb9f9
Instruction ID: 2843e8f49e78ea164d3ee5cf5b1eb98db6c4eb0e5abef0222b0f22094b7593ea
Opcode Fuzzy Hash: 35a2491decd2e26539196b2544eaec548c0d948da663914ad4dcc479624eb9f9
Instruction Fuzzy Hash: FC11C271240248BEEF315E69CC46FEB3BECEF89B64F110524FA95E60A4D376D8519B20

Function 00FE2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F86B57: _wcslen.LIBCMT ref: 00F86B6A

Part of subcall function 00FE2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00FE2DC5
Part of subcall function 00FE2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00FE2DD6
Part of subcall function 00FE2DA7: GetCurrentThreadId.KERNEL32 ref: 00FE2DDD
Part of subcall function 00FE2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00FE2DE4

GetFocus.USER32 ref: 00FE2F78

Part of subcall function 00FE2DEE: GetParent.USER32(00000000), ref: 00FE2DF9

GetClassNameW.USER32(?,?,00000100), ref: 00FE2FC3
EnumChildWindows.USER32(?,00FE303B), ref: 00FE2FEB

Strings

%s%d, xrefs: 00FE2FFF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 99f67ed4b9ab045f467541d2a2c15e0d5ff1e3620ff11ff37f6ddd377dc0a593
Instruction ID: dba69f03852cf2d986228a548f7187dd836a6c8aeac4af6ca759dcb7f1b2c3da
Opcode Fuzzy Hash: 99f67ed4b9ab045f467541d2a2c15e0d5ff1e3620ff11ff37f6ddd377dc0a593
Instruction Fuzzy Hash: 0C11E4B16002456BDF507F718C89EEE376AAF84318F044075FA09DB143EE389909AB60

Function 01015882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 010158C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 010158EE
DrawMenuBar.USER32(?), ref: 010158FD

Strings

0, xrefs: 0101588F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 32a90d5b7f6b9017fd71dde6009a1444c921cde0f37426d895ba736f3b4d4caf
Instruction ID: 68e9a51af2ce2434c05f99cd688aa2a3adde26a833821cb98a19bd3bc97ea020
Opcode Fuzzy Hash: 32a90d5b7f6b9017fd71dde6009a1444c921cde0f37426d895ba736f3b4d4caf
Instruction Fuzzy Hash: 9D0188315002189FEB619F15DC44BAFBBB5FF86364F008095F889DA155DB388684DF21

Function 00FE007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c64d6db9f21bc1f8bd1c401970cf012a62992dae983d13b09d6bcd928e19850
Instruction ID: 1cb8ce0aad8f9cd326da99d2928df539abd799a46ea60c37c12221b1f27de480
Opcode Fuzzy Hash: 6c64d6db9f21bc1f8bd1c401970cf012a62992dae983d13b09d6bcd928e19850
Instruction Fuzzy Hash: C4C16A75A0024AEFDB14CFA5C884BAEB7B5FF48314F208598E505EB251CB71EE81DB90

Function 00FB3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00FB3F0B
__alldvrm.LIBCMT ref: 00FB410C
__alldvrm.LIBCMT ref: 00FB412E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 1c2fedcb1e3fad0668ecde056187d21f1c8a6184fa5d4241a044696a57457ae4
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: 3FA14872E003869FDB16DE19CD917FEBBE4EF613A0F14416DE5859B282C238A941EF50

Function 0100342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 01003459
CoUninitialize.OLE32 ref: 01003463
VariantInit.OLEAUT32(?), ref: 0100346E
VariantClear.OLEAUT32(?), ref: 0100371B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 3cc52fbd5f024aa999fff024ed45213cedc09d4a3a9f067df28b658d692fa3e2
Instruction ID: b8f04d08e4456220a8ac7aacea46e9434148a78d7985e44c3ee40c5ac375bb22
Opcode Fuzzy Hash: 3cc52fbd5f024aa999fff024ed45213cedc09d4a3a9f067df28b658d692fa3e2
Instruction Fuzzy Hash: 9AA15D756043009FD712EF28C885A6ABBE5FF88714F048859F9899F3A2DB35ED01CB91

Function 00FE0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0101FC08,?), ref: 00FE05F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0101FC08,?), ref: 00FE0608
CLSIDFromProgID.OLE32(?,?,00000000,0101CC40,000000FF,?,00000000,00000800,00000000,?,0101FC08,?), ref: 00FE062D
_memcmp.LIBVCRUNTIME ref: 00FE064E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 6ace6f63c94851e568d67dea472d0dd3e63b2fddf658be7b79ccaad01d7279e8
Instruction ID: 17546bbb44dd399b4bc6f476ba3dc4311c6894b4c0e2e3b703205fe30eca5544
Opcode Fuzzy Hash: 6ace6f63c94851e568d67dea472d0dd3e63b2fddf658be7b79ccaad01d7279e8
Instruction Fuzzy Hash: 53813971A00209EFCB04DF94C984EEEB7B9FF89315F244158E506AB250DB75AE46DF60

Function 00FC1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00FC14C0

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 5cc1192b74b9b5e7c14482b62ea9542704f69bc3ef2345b908efffd7e23bf076
Instruction ID: 418da5ef48fd8959dc257b062bc351fa9a8bea58c2be8300f8be3fd8cb56ada8
Opcode Fuzzy Hash: 5cc1192b74b9b5e7c14482b62ea9542704f69bc3ef2345b908efffd7e23bf076
Instruction Fuzzy Hash: 42415D71900102ABDB29FAF98D47FAE3AE5FF43370F144629F419D6193E63C48217661

Function 01016278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 010162E2
ScreenToClient.USER32(?,?), ref: 01016315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 01016382

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 233a2cd7585d33e96be01633f2ea593d30b284ff9173894fe29c14fb2af86250
Instruction ID: 9bc80ffe8d1b9b94655d5927732736106eeb5fb97bfcc80694a77d2c3af98fe5
Opcode Fuzzy Hash: 233a2cd7585d33e96be01633f2ea593d30b284ff9173894fe29c14fb2af86250
Instruction Fuzzy Hash: 67518E74A00209EFDF21DF58C880AAE7BF5FF45360F108199F89497295D77AE941CB50

Function 01001AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 01001AFD
WSAGetLastError.WSOCK32 ref: 01001B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 01001B8A
WSAGetLastError.WSOCK32 ref: 01001B94

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 169044488af5f8ff7ea2819b3dd3ad94a14f2b3979d9cc7570e8ea72d7592975
Instruction ID: 6fcb68c1ac3c3d305a15587e269114eab06c9805ee430aa0817c76ac8ae360b0
Opcode Fuzzy Hash: 169044488af5f8ff7ea2819b3dd3ad94a14f2b3979d9cc7570e8ea72d7592975
Instruction Fuzzy Hash: 7C41B334640600AFF721AF28C886F6977E5AF44718F548488FA5A9F7C2D776DD41CB90

Function 00FBB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52bee8ba0a9f6c6379a3e6ebd330533409251dea83d824170d2547c5a30f1a29
Instruction ID: 47e47f66ce000f3b1d661fecc5b92edc84b79a3c635a52cc35abcd5f878c1087
Opcode Fuzzy Hash: 52bee8ba0a9f6c6379a3e6ebd330533409251dea83d824170d2547c5a30f1a29
Instruction Fuzzy Hash: B2410A71A00704EFD724DF79CC41BAA7BE9FB85720F10462EF145DB282D7B5A9019B90

Function 00FF56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00FF5783
GetLastError.KERNEL32(?,00000000), ref: 00FF57A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00FF57CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00FF57FA

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 8f3dd6c239897c31b36ef8f46782d4451ab80d176751d4612e43526940c7f151
Instruction ID: c6056ed78a87cba101b3cc8ac617c80f9e91d87a387a80662f42af1f2b696f65
Opcode Fuzzy Hash: 8f3dd6c239897c31b36ef8f46782d4451ab80d176751d4612e43526940c7f151
Instruction Fuzzy Hash: 0D414D35600614DFCB10EF15C545A5DBBE1FF49720B188488E95A9F366CB39FD00EBA1

Function 00FBD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00FA6D71,00000000,00000000,00FA82D9,?,00FA82D9,?,00000001,00FA6D71,8BE85006,00000001,00FA82D9,00FA82D9), ref: 00FBD910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FBD999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00FBD9AB
__freea.LIBCMT ref: 00FBD9B4

Part of subcall function 00FB3820: RtlAllocateHeap.NTDLL(00000000,?,01051444,?,00F9FDF5,?,?,00F8A976,00000010,01051440,00F813FC,?,00F813C6,?,00F81129), ref: 00FB3852

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 6823ebdaea6ef6753d970d38cb97289088a688fc6ce672ec273b4127e2768f28
Instruction ID: 7ce826119543983645742a123f2fce948a9d65f75747e2b1166970b4c9c6133e
Opcode Fuzzy Hash: 6823ebdaea6ef6753d970d38cb97289088a688fc6ce672ec273b4127e2768f28
Instruction Fuzzy Hash: 3031CD72A0020AABDF24DF66DC81EEE7BA5EB41320F054168FC04D7250EB39DD50EBA1

Function 010152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 01015352
GetWindowLongW.USER32(?,000000F0), ref: 01015375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 01015382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 010153A8

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: e04ab493295990ae51fdc38eabe7621ddbf6e2112f587dfbeca86981e271d2b4
Instruction ID: 17917a34760a3412c8fda538652b736c7b9d4dbf89c0dd999d894f63fd36dca7
Opcode Fuzzy Hash: e04ab493295990ae51fdc38eabe7621ddbf6e2112f587dfbeca86981e271d2b4
Instruction Fuzzy Hash: 7E31C434A55208EFFB748E18CC05BE93BA5AB86310F488142FAD09B1D9C7FD99409B42

Function 00FEAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00FEABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00FEAC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00FEAC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00FEACC6

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 4190cac5a2a7348dafe06619ea7353b17e425cf2873b553852e5c15d8fcace5b
Instruction ID: 2fdc278eda542ddfc30c0b0d7aae412da7bb550ce3da955aab1493aaa24e2857
Opcode Fuzzy Hash: 4190cac5a2a7348dafe06619ea7353b17e425cf2873b553852e5c15d8fcace5b
Instruction Fuzzy Hash: 7E313D30D447986FFF35CA6E8C047FE7B656B89320F24471AE485521D0C379E985A753

Function 01017674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0101769A
GetWindowRect.USER32(?,?), ref: 01017710
PtInRect.USER32(?,?,01018B89), ref: 01017720
MessageBeep.USER32(00000000), ref: 0101778C

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 68b8c6febcf4d38be83633bc4ef3af708599ea69b916e1cbc6a31900ade3728a
Instruction ID: 81aeee480d1d13ccad5a1e35e2bacb9e2763aeae6051d59b1dfdce075bf7840e
Opcode Fuzzy Hash: 68b8c6febcf4d38be83633bc4ef3af708599ea69b916e1cbc6a31900ade3728a
Instruction Fuzzy Hash: BB419F34601215EFDB12CF58C484FA9BBF5FF49314F1541A8E5949B259C739E941CF90

Function 010116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 010116EB

Part of subcall function 00FE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00FE3A57
Part of subcall function 00FE3A3D: GetCurrentThreadId.KERNEL32 ref: 00FE3A5E
Part of subcall function 00FE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00FE25B3), ref: 00FE3A65

GetCaretPos.USER32(?), ref: 010116FF
ClientToScreen.USER32(00000000,?), ref: 0101174C
GetForegroundWindow.USER32 ref: 01011752

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 4dc26a7c998b47ae0534b0e70f6d3e564ee307f4a6a3f7c452655e0aeb70ab50
Instruction ID: 76279eab08da634d30b0b865d78d258d513b0b2a17de3ead12569f3f69d2ee41
Opcode Fuzzy Hash: 4dc26a7c998b47ae0534b0e70f6d3e564ee307f4a6a3f7c452655e0aeb70ab50
Instruction Fuzzy Hash: 98315D75D00249AFDB04EFA9C8858EEBBF9EF48304B5080A9E555E7211D739DE45CBA0

Function 00FEDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00F87620: _wcslen.LIBCMT ref: 00F87625

_wcslen.LIBCMT ref: 00FEDFCB
_wcslen.LIBCMT ref: 00FEDFE2
_wcslen.LIBCMT ref: 00FEE00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00FEE018

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: ea72a8cac4246941bb109801d6d196754379d4cd7d1db218c4b75ace0bed6651
Instruction ID: 348fbd0b686d6b2a6ba6001df4db71c9acfa6b1182921dd40cd09560f0ad4d2a
Opcode Fuzzy Hash: ea72a8cac4246941bb109801d6d196754379d4cd7d1db218c4b75ace0bed6651
Instruction Fuzzy Hash: 3321D171D00214AFCB20EFA9DD81BAEB7F8EF8A760F144065E905FB245D6749E409BA1

Function 00FED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00FED501
Process32FirstW.KERNEL32(00000000,?), ref: 00FED50F
Process32NextW.KERNEL32(00000000,?), ref: 00FED52F
CloseHandle.KERNEL32(00000000), ref: 00FED5DC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 23d9954d51110ab6f6da5cefea543fd233dfda2ed5aecbea11dd891ebbb9b2c6
Instruction ID: d55b6e465fcc8f5c256daaef89af38031eb4838ba068d128a687a68cb9227e4f
Opcode Fuzzy Hash: 23d9954d51110ab6f6da5cefea543fd233dfda2ed5aecbea11dd891ebbb9b2c6
Instruction Fuzzy Hash: 8C31AD321083419FD300EF54CC85ABFBBE8EF99354F58092DF581821A1EB759A48DB92

Function 01018FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F99BB2

GetCursorPos.USER32(?), ref: 01019001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00FD7711,?,?,?,?,?), ref: 01019016
GetCursorPos.USER32(?), ref: 0101905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00FD7711,?,?,?), ref: 01019094

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 87f8f476c2fe0fbcb31709a07e520386ba01ac84a39385b83ee9f24f47948417
Instruction ID: 888855a708bc033091f75734c6aca953ebd0b0db471d90f3d94a244e542b1142
Opcode Fuzzy Hash: 87f8f476c2fe0fbcb31709a07e520386ba01ac84a39385b83ee9f24f47948417
Instruction Fuzzy Hash: E3219135600118FFEB66CF98C868EFA7BF9EB89354F044095FA8547155C33A9990DB60

Function 00FED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,0101CB68), ref: 00FED2FB
GetLastError.KERNEL32 ref: 00FED30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00FED319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0101CB68), ref: 00FED376

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 675707536f1a22143d222f2b15444c93071410382e1585b4b45b1debaf13d18e
Instruction ID: bccbfa915aace8f73e8c19bfdd7fe9f938ac360fa2c46a823cadc0ac4ba599af
Opcode Fuzzy Hash: 675707536f1a22143d222f2b15444c93071410382e1585b4b45b1debaf13d18e
Instruction Fuzzy Hash: 9A21D1709082419F8310EF29C9808AEB7E8EF56328F504A1DF499C72E1D735D905EB93

Function 00FE1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00FE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00FE102A
Part of subcall function 00FE1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00FE1036
Part of subcall function 00FE1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00FE1045
Part of subcall function 00FE1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00FE104C
Part of subcall function 00FE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00FE1062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00FE15BE
_memcmp.LIBVCRUNTIME ref: 00FE15E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00FE1617
HeapFree.KERNEL32(00000000), ref: 00FE161E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 13fe9b7764b2037cf573a5d83c8f9b9e7ac48d6e1dd1e851349c9f160158e261
Instruction ID: 8bf5175bad1e868a10abf99424f3b25fcbe314f04679ff3009311b824fae33c7
Opcode Fuzzy Hash: 13fe9b7764b2037cf573a5d83c8f9b9e7ac48d6e1dd1e851349c9f160158e261
Instruction Fuzzy Hash: 2721AF71E40208EFEF10DFA6C945BEEB7B8FF45354F084459E445AB240E735AA05EBA0

Function 01012782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 0101280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 01012824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 01012832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 01012840

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 859c4aca23832c4edcc33d3a3acc3c8208bdf6d32a3b7b6dd0ff759574302698
Instruction ID: c79f21c295b901f5b25bb00a0a205356d201134e587fb11f116aa77386553ea7
Opcode Fuzzy Hash: 859c4aca23832c4edcc33d3a3acc3c8208bdf6d32a3b7b6dd0ff759574302698
Instruction Fuzzy Hash: FB21B331205511AFE714EB24C844FAA7B95BF45324F248158F9A68B6D6C77AEC82C7D0

Function 00FE78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00FE8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00FE790A,?,000000FF,?,00FE8754,00000000,?,0000001C,?,?), ref: 00FE8D8C
Part of subcall function 00FE8D7D: lstrcpyW.KERNEL32(00000000,?,?,00FE790A,?,000000FF,?,00FE8754,00000000,?,0000001C,?,?,00000000), ref: 00FE8DB2
Part of subcall function 00FE8D7D: lstrcmpiW.KERNEL32(00000000,?,00FE790A,?,000000FF,?,00FE8754,00000000,?,0000001C,?,?), ref: 00FE8DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00FE8754,00000000,?,0000001C,?,?,00000000), ref: 00FE7923
lstrcpyW.KERNEL32(00000000,?,?,00FE8754,00000000,?,0000001C,?,?,00000000), ref: 00FE7949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00FE8754,00000000,?,0000001C,?,?,00000000), ref: 00FE7984

Strings

cdecl, xrefs: 00FE797B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: f14becb81300c3de46be9055777d9bf63969739d688917092facc66d05c463ed
Instruction ID: eb128dd11e63ed556f35b74f15dc989bacfe2315478abca7fe57d2abc7b62c6c
Opcode Fuzzy Hash: f14becb81300c3de46be9055777d9bf63969739d688917092facc66d05c463ed
Instruction Fuzzy Hash: 2D11063A200381ABDB256F36CC44E7B77A5FF45390B10402AF946C7265EB36D801E751

Function 01017CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 01017D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 01017D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 01017D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00FFB7AD,00000000), ref: 01017D6B

Part of subcall function 00F99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F99BB2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: 7dc932ac6591ebcbb28f81af51537494156425686a6b482d46e5cf03b6298760
Instruction ID: 5b414b30f1dab75a39c11c117373cf88a1516e29634427da6498fc64090ddfb3
Opcode Fuzzy Hash: 7dc932ac6591ebcbb28f81af51537494156425686a6b482d46e5cf03b6298760
Instruction Fuzzy Hash: D611D232200619AFDB609F2CCC04A6A3FF5BB45364B514768F9B5C72E8D739C950CB40

Function 01015660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 010156BB
_wcslen.LIBCMT ref: 010156CD
_wcslen.LIBCMT ref: 010156D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 01015816

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 170dd78e99eaa3b5b37487730501f07d1946cc868c6240ef6a2f829681c7fe35
Instruction ID: 287533f4006d837d8274d48ab0a0a401b70ca1307a9d171aa58ca71620eb188a
Opcode Fuzzy Hash: 170dd78e99eaa3b5b37487730501f07d1946cc868c6240ef6a2f829681c7fe35
Instruction Fuzzy Hash: B2110A7164020496EF209F65DC80AEF77ACEF8B368F004466FA85DE089DB7CD540CBA0

Function 00FB1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c2945691712605edc2a96ff600b5520f53e7ce080bad106152ef9e26faef7d
Instruction ID: b3bb51a19319788c621c51bc97f508d03a7f45d62ac545d406a3e05dc9a78b45
Opcode Fuzzy Hash: 12c2945691712605edc2a96ff600b5520f53e7ce080bad106152ef9e26faef7d
Instruction Fuzzy Hash: DA01D6B26066167EF721257A6CD0FA7761CEF457B8F700325F521511C5DB69CC007970

Function 00FE1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00FE1A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00FE1A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00FE1A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00FE1A8A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 463477f2570ef617a9aaf878eaaa3821ce057a3a5e31db8bdc3a2a6dcacd5188
Instruction ID: fe6f426a4d36b5a1cfe4f7c459c48c1bc7b57b458dba720dc32db6ccb4f8730b
Opcode Fuzzy Hash: 463477f2570ef617a9aaf878eaaa3821ce057a3a5e31db8bdc3a2a6dcacd5188
Instruction Fuzzy Hash: 91113C3AD01219FFEB10DBA6CD85FADBB78FB08750F2000A1E600B7290D6756E50EB94

Function 00FEE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00FEE1FD
MessageBoxW.USER32(?,?,?,?), ref: 00FEE230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00FEE246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00FEE24D

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: ee540bbdea83d31ac0d3e0004fc2d0a7a83fbd87815170053cc32cc06d3ff466
Instruction ID: 167803db273b1f0bbc205d7b75c9550075b3689eaf22d28e47f4d631f10f5697
Opcode Fuzzy Hash: ee540bbdea83d31ac0d3e0004fc2d0a7a83fbd87815170053cc32cc06d3ff466
Instruction Fuzzy Hash: 9B112B76D04354BBD7219FA8AC05B9F7FACAB45320F008215F954D3285D2B9CD0487A0

Function 00FAD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00FACFF9,00000000,00000004,00000000), ref: 00FAD218
GetLastError.KERNEL32 ref: 00FAD224
__dosmaperr.LIBCMT ref: 00FAD22B
ResumeThread.KERNEL32(00000000), ref: 00FAD249

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 37396b5634af6d2de3f2c1d4edfa55edd917e2e1fbdc84f81d27ab4f8a0199ea
Instruction ID: 441ef908479e5137c9a4cb3e2c95bf1b0c05634cfb58b3d24adf6e3686195ce2
Opcode Fuzzy Hash: 37396b5634af6d2de3f2c1d4edfa55edd917e2e1fbdc84f81d27ab4f8a0199ea
Instruction Fuzzy Hash: 4701F9F68451047BD7216BA5DC09BAE7AADDF83330F104219F926965D0DF75C901E7A0

Function 01019EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00F99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F99BB2

GetClientRect.USER32(?,?), ref: 01019F31
GetCursorPos.USER32(?), ref: 01019F3B
ScreenToClient.USER32(?,?), ref: 01019F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 01019F7A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 7b80b70c68de7f43b96d129b70c96cbbe9a629b94d0d55750a1bc0bbc976293e
Instruction ID: 73d699f2e49e50a8755ed3de2c7caa39fae1317bb566ee4ede977cb553292f29
Opcode Fuzzy Hash: 7b80b70c68de7f43b96d129b70c96cbbe9a629b94d0d55750a1bc0bbc976293e
Instruction Fuzzy Hash: 06115A3290021AFBEB10DF68C8559EE7BB8FB45315F000459F981E3144D339FA81CBA1

Function 00F8600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F8604C
GetStockObject.GDI32(00000011), ref: 00F86060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00F8606A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: ffba58e76218f4f8657e9f8d4b814066d70f386acc12b0d84597192f929f7239
Instruction ID: e62b0a326f6a92e7dca0226f7d790fc8863ab1d59f36d53afb8bcc852247b347
Opcode Fuzzy Hash: ffba58e76218f4f8657e9f8d4b814066d70f386acc12b0d84597192f929f7239
Instruction Fuzzy Hash: 3911AD72501508BFEF225FA48C44FEABB69FF083A4F000205FA0492100C73BDC60EBA0

Function 00FA3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00FA3B56

Part of subcall function 00FA3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00FA3AD2
Part of subcall function 00FA3AA3: ___AdjustPointer.LIBCMT ref: 00FA3AED

_UnwindNestedFrames.LIBCMT ref: 00FA3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00FA3B7C
CallCatchBlock.LIBVCRUNTIME ref: 00FA3BA4

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 9cb3fd379d20401862ab825dc229fcd493bafa54dc8765dd14c4f76a77480ecb
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: C70140B2500148BBDF115E95DC42EEB7F6EFF8A754F044014FE4856121C776E961EBA0

Function 00FB3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00F813C6,00000000,00000000,?,00FB301A,00F813C6,00000000,00000000,00000000,?,00FB328B,00000006,FlsSetValue), ref: 00FB30A5
GetLastError.KERNEL32(?,00FB301A,00F813C6,00000000,00000000,00000000,?,00FB328B,00000006,FlsSetValue,01022290,FlsSetValue,00000000,00000364,?,00FB2E46), ref: 00FB30B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00FB301A,00F813C6,00000000,00000000,00000000,?,00FB328B,00000006,FlsSetValue,01022290,FlsSetValue,00000000), ref: 00FB30BF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 7e6067ad7a07cfffeb373a120307396f23024f4475d7caeeb0f501000aaf1597
Instruction ID: a9734c94517b7746bf612dbaf0cad498c93f08682b479d890e8bbb22d077d409
Opcode Fuzzy Hash: 7e6067ad7a07cfffeb373a120307396f23024f4475d7caeeb0f501000aaf1597
Instruction Fuzzy Hash: 5601FC36BC5332ABD731597A9C44AD77798AF057F5B200620F945D3144C72AD901DBD0

Function 00FE7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00FE747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00FE7497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00FE74AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00FE74CA

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 5b1711e8adc9b972e1dea17b64098d96f8c216cf91861dcb26e8afce344517c7
Instruction ID: 3e6d2c4454bab136ce0a3add818a3a3379a0887d285b36bf87f22dd3c9b8fe8b
Opcode Fuzzy Hash: 5b1711e8adc9b972e1dea17b64098d96f8c216cf91861dcb26e8afce344517c7
Instruction Fuzzy Hash: 46118EB5249394DBF730EF15DD08B927BFCEB00B00F108569A656D61C1D775E904EB50

Function 00FEB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00FEACD3,?,00008000), ref: 00FEB0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00FEACD3,?,00008000), ref: 00FEB0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00FEACD3,?,00008000), ref: 00FEB0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00FEACD3,?,00008000), ref: 00FEB126

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 3a114f7c5349322e018c459628537350dc6045676dc0e3f77a0596fc1643bc02
Instruction ID: 52b6835da0aa0c026466800c95761d02895c92d6307e2e8ce6e0ea78408434ee
Opcode Fuzzy Hash: 3a114f7c5349322e018c459628537350dc6045676dc0e3f77a0596fc1643bc02
Instruction Fuzzy Hash: 3D115E31C4165CE7DF10AFE5E9987EFBB78FF4A721F104086D981B2184CB389550AB51

Function 01017E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 01017E33
ScreenToClient.USER32(?,?), ref: 01017E4B
ScreenToClient.USER32(?,?), ref: 01017E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 01017E8A

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: ebb288f86585274e56c4d483dfcf1843a6fe14dd10a5f86023e08a103d9e423b
Instruction ID: d7af0d691c6405a32965b670a0283985ec680e1e3052fece4fde87f486a32a42
Opcode Fuzzy Hash: ebb288f86585274e56c4d483dfcf1843a6fe14dd10a5f86023e08a103d9e423b
Instruction Fuzzy Hash: 0C1153B9D0020AAFDB51CF98C584AEEBBF9FF08310F509066E955E3214D779AA54CF90

Function 00FE2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00FE2DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00FE2DD6
GetCurrentThreadId.KERNEL32 ref: 00FE2DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00FE2DE4

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: c9ebf6ec3a6ee00c37b9e33eb5873c1619758fd7c8675270cb8c03f307680446
Instruction ID: 899fea33c0f44e2329e5e30854b5ff4c90cee312578177f5e36eb2cdb5d55f99
Opcode Fuzzy Hash: c9ebf6ec3a6ee00c37b9e33eb5873c1619758fd7c8675270cb8c03f307680446
Instruction Fuzzy Hash: 86E06D729812247AE7301A639D0DFEB3E6CEB46BA1F000515B205D1084EAAAD840D7B0

Function 01018863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00F99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F99693
Part of subcall function 00F99639: SelectObject.GDI32(?,00000000), ref: 00F996A2
Part of subcall function 00F99639: BeginPath.GDI32(?), ref: 00F996B9
Part of subcall function 00F99639: SelectObject.GDI32(?,00000000), ref: 00F996E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 01018887
LineTo.GDI32(?,?,?), ref: 01018894
EndPath.GDI32(?), ref: 010188A4
StrokePath.GDI32(?), ref: 010188B2

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 94f38e2817a81f6839959b015ca6a213cb2f334066cb6a7fd91d4a990d8e0987
Instruction ID: e4c7d0480c5fd4d284085761237ec9fb6ae98d6465f52233ffe2b64a4064c71e
Opcode Fuzzy Hash: 94f38e2817a81f6839959b015ca6a213cb2f334066cb6a7fd91d4a990d8e0987
Instruction Fuzzy Hash: 72F03A36085258BAEB225E98AD0AFCA3F69AF06310F048141FA91650D5C7BE9211DBE9

Function 00F998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00F998CC
SetTextColor.GDI32(?,?), ref: 00F998D6
SetBkMode.GDI32(?,00000001), ref: 00F998E9
GetStockObject.GDI32(00000005), ref: 00F998F1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 4d0f3b104c53bb2ad97f6b9ac12c4199571cf8b4af212c633f13c71f5cfc6241
Instruction ID: 83da76b08a5570c368c2663fbdba2e9c4f54652b986879dbd7c2c78d3fba7ae7
Opcode Fuzzy Hash: 4d0f3b104c53bb2ad97f6b9ac12c4199571cf8b4af212c633f13c71f5cfc6241
Instruction Fuzzy Hash: 7FE065316C4280AAEB315B74B909BD83F11AB12335F18821AF6F5580D4C37A86409B11

Function 00FE162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00FE1634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00FE11D9), ref: 00FE163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00FE11D9), ref: 00FE1648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00FE11D9), ref: 00FE164F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 188e1bca3794f324cb756bec0ed5071c9f3f61b7c07f7afef58fa068bc9a9991
Instruction ID: a8881e6bab4ef774b2bfcb96dbc7e7015b4cecba2c8ec1e70a2326b726355abe
Opcode Fuzzy Hash: 188e1bca3794f324cb756bec0ed5071c9f3f61b7c07f7afef58fa068bc9a9991
Instruction Fuzzy Hash: A5E08631A41211ABE7301FA29F0DB863B7CBF457A1F144808F285C9084D63DC540C750

Function 00FDD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00FDD858
GetDC.USER32(00000000), ref: 00FDD862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00FDD882
ReleaseDC.USER32(?), ref: 00FDD8A3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 87b858ad5f86962938d475e031a34a6ef59be52bd4cbcf7e4afcaf8efe47640f
Instruction ID: 30c12e56c298e8e524cd14fb1f497b515445592817e93a405c24ada1227fe1d5
Opcode Fuzzy Hash: 87b858ad5f86962938d475e031a34a6ef59be52bd4cbcf7e4afcaf8efe47640f
Instruction Fuzzy Hash: 30E09AB5840205EFEF61AFE0D60866DBBB6FB08311F249459F98AE7244C73D9941AF50

Function 00FDD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00FDD86C
GetDC.USER32(00000000), ref: 00FDD876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00FDD882
ReleaseDC.USER32(?), ref: 00FDD8A3

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 0206d9c6c8dc10170b5d6e3b74a4dc91d9ba230bb7081064b3fb7754a2c3eb08
Instruction ID: 6b4b45f5203e5de42b9201613220ecae58db3afaa4afcaaab33a2fba054e76fe
Opcode Fuzzy Hash: 0206d9c6c8dc10170b5d6e3b74a4dc91d9ba230bb7081064b3fb7754a2c3eb08
Instruction Fuzzy Hash: 77E09A75C40204DFEF61AFA0D50866DBBB5BB08311B149449F98AE7244C73DA901AF50

Function 00FF4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00F87620: _wcslen.LIBCMT ref: 00F87625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00FF4ED4

Strings

LPT, xrefs: 00FF4DFB
*, xrefs: 00FF4E10

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 6f831f1d77f8e711e23559f193f279ee660705a926efd1047accb74009b162ad
Instruction ID: d87c3d101ca8eaf5b1002017be61cdf7f7209bc8995414c5716f0f616ad79fc3
Opcode Fuzzy Hash: 6f831f1d77f8e711e23559f193f279ee660705a926efd1047accb74009b162ad
Instruction Fuzzy Hash: 06917F75A002089FDB14DF58C884EBABBF1BF45314F188099E94A9F3A2D735ED85DB90

Function 00FAE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00FAE30D

Strings

pow, xrefs: 00FAE2E5, 00FAE302

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 1c81c14854593933f1ff5f67e09e20ac7a78b525537c82e095600919b075d42f
Instruction ID: 6087ca9f03cd87513822dd25927c845488a11467480c2664b150bdeee4576946
Opcode Fuzzy Hash: 1c81c14854593933f1ff5f67e09e20ac7a78b525537c82e095600919b075d42f
Instruction Fuzzy Hash: 67513CB1E0C30296CB257A15CD017FA3F989F917A0F3449A8E4D54229DEB398C95BF46

Function 00F9E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00F9E1B1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: d41c995dd2d62313cc3a69f1d8bfdba820337f4e3207b8deeea7d2db48803105
Instruction ID: 2b00bc8339b8dac8ff56d7015bbd709b79d4fe519482140a4071289f8f844a9d
Opcode Fuzzy Hash: d41c995dd2d62313cc3a69f1d8bfdba820337f4e3207b8deeea7d2db48803105
Instruction Fuzzy Hash: 3B510475D04246DFEF19EF24C4816FA7BAAEF55320F284056ECA19F2D0D6389D42EB50

Function 00F9F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00F9F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00F9F2BB

Strings

@, xrefs: 00F9F2AF

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: d0beaae2e4fb395e04dc69b03aaf3bfe15c1196438a03a5919aeaa99a23e47b4
Instruction ID: 55de63d69b614b1617bc246e4d6a4f332db285cb990158f4210764d3bdcb9905
Opcode Fuzzy Hash: d0beaae2e4fb395e04dc69b03aaf3bfe15c1196438a03a5919aeaa99a23e47b4
Instruction Fuzzy Hash: 375155714087449BE320BF10EC86BABBBF8FF84304F91884DF2D942195EB758529CB66

Function 01005745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 010057E0
_wcslen.LIBCMT ref: 010057EC

Strings

CALLARGARRAY, xrefs: 010057E6, 010057EB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 05490c93298458cc584a1b5d5392349631cc2ae8d788755bcd4c0c6010f4e5d3
Instruction ID: d455229cc89a2bad135cac22dae38454213d9608564c781ae174aa5473bee450
Opcode Fuzzy Hash: 05490c93298458cc584a1b5d5392349631cc2ae8d788755bcd4c0c6010f4e5d3
Instruction Fuzzy Hash: 38418F71A002099FDB15EFA9CC859BEBBF5FF49310F244069E945A7292E734DA81CF90

Function 00FFD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00FFD130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00FFD13A

Strings

|, xrefs: 00FFD10B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: a21125140564e94a542e26c20a9eff51999de1e284b77785375397f77bd12041
Instruction ID: b050863b847a42075df5c20a46a50e9262f38cbe52b3b4c9bf32ca2c1dea9e24
Opcode Fuzzy Hash: a21125140564e94a542e26c20a9eff51999de1e284b77785375397f77bd12041
Instruction Fuzzy Hash: F7314D71D00209ABDF15EFA4CC85EEEBFBAFF05310F100019F915A6166E735AA16EB64

Function 0101356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 01013621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0101365C

Strings

static, xrefs: 010135BC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 07c883a73749d43f36c40aa2c0c6d79b7fb7662f91b31e709cae780a5c046ed4
Instruction ID: 3fa922f74bc30bb82629d464fc4363954139879d279215f716309ee74e2e05ee
Opcode Fuzzy Hash: 07c883a73749d43f36c40aa2c0c6d79b7fb7662f91b31e709cae780a5c046ed4
Instruction Fuzzy Hash: A6319071100204AEEB219F28DC80EFB73A9FF48764F008619F9A5D7284DA39E891D760

Function 01014537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0101461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01014634

Strings

', xrefs: 0101458E

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 7c866652bc5f17122072f9a8cac4479b122628ce6f5e347891ab0cdcb9369af9
Instruction ID: 12bc9e71bfe5c1951f707c8f292749282640d9102948b2c47fe61ac01e2dac55
Opcode Fuzzy Hash: 7c866652bc5f17122072f9a8cac4479b122628ce6f5e347891ab0cdcb9369af9
Instruction Fuzzy Hash: 0D313674A0020AAFDB14CFA9C980BDA7BF5FB08304F14446AEA44EB356D775A901CF90

Function 010131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0101327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 01013287

Strings

Combobox, xrefs: 01013249

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 066544093de1fac8b66dec529c8236d9235e8b8952f57ad616b47431b0af4efb
Instruction ID: 45825b6d209269330e483828ff5dd467a35b688b2b9c90a6805de35a366ce26f
Opcode Fuzzy Hash: 066544093de1fac8b66dec529c8236d9235e8b8952f57ad616b47431b0af4efb
Instruction Fuzzy Hash: 7F1193713002086FFF66AE58DC80EFB379AFB48364F104125F9549B295D6399C51C760

Function 01013710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00F8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F8604C
Part of subcall function 00F8600E: GetStockObject.GDI32(00000011), ref: 00F86060
Part of subcall function 00F8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F8606A

GetWindowRect.USER32(00000000,?), ref: 0101377A
GetSysColor.USER32(00000012), ref: 01013794

Strings

static, xrefs: 01013757

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 82e1cbcdcd4fa2f0ff9c34133081d3c234b6250698b6a7f34d36dfc57e7a5519
Instruction ID: 807a368f42efb3ba1c3d83e0dc87761fbcc774005998194de07b8da9793319fc
Opcode Fuzzy Hash: 82e1cbcdcd4fa2f0ff9c34133081d3c234b6250698b6a7f34d36dfc57e7a5519
Instruction Fuzzy Hash: 8511267261020AAFEF11DFA8CC45AEA7BF8FB08314F004919F995E6244E739E8509B60

Function 00FFCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00FFCD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00FFCDA6

Strings

<local>, xrefs: 00FFCD66

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 2be19759068d84af4ba3536f5e9c6ce0cd7121d0ceb854aab8d14df6cf39a7fc
Instruction ID: b7af80d14397e94c04ab478398477666d7b9836d99a5ac659fda91b646ea091b
Opcode Fuzzy Hash: 2be19759068d84af4ba3536f5e9c6ce0cd7121d0ceb854aab8d14df6cf39a7fc
Instruction Fuzzy Hash: 3311E37260163DBAD7344A668D44FFFBEA8EF127B4F00422AB26993090D2759840E6F0

Function 01013429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 010134AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 010134BA

Strings

edit, xrefs: 0101348F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 4ed298f10e15dcedeb4c54ebc9b59352eb893863ad3333df4305f4ce959f4ed8
Instruction ID: 61068143d4d21f1175d2cbbf6b9a6f6266f9b7920000a2a4437338c0fea2e53c
Opcode Fuzzy Hash: 4ed298f10e15dcedeb4c54ebc9b59352eb893863ad3333df4305f4ce959f4ed8
Instruction Fuzzy Hash: 0811BF75140208AFEF628E68DC44AFB37AAFB05374F504324FAA19B1D8CB39EC519750

Function 00FE6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

CharUpperBuffW.USER32(?,?,?), ref: 00FE6CB6
_wcslen.LIBCMT ref: 00FE6CC2

Strings

STOP, xrefs: 00FE6CBC, 00FE6CC1

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: ea532bf36f2af582a215b8f7a2a71e8428b48169486b4a7ff0ad58ffb7274a28
Instruction ID: 83c7809fa62554614d7243716b280e24557fe5100a15e56427ddd02a90ea4ee1
Opcode Fuzzy Hash: ea532bf36f2af582a215b8f7a2a71e8428b48169486b4a7ff0ad58ffb7274a28
Instruction Fuzzy Hash: 62010432A0056B8BCB20AEBECC809BF73A6FA757A07500939E852D2181EB35D800E750

Function 00FE1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 00FE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FE3CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00FE1D4C

Strings

ListBox, xrefs: 00FE1D16
ComboBox, xrefs: 00FE1CEB

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 87e1334a3f83a435735c038cbc87c80df1f8af2fb2176c4f41395b52474e97d9
Instruction ID: fbcde08b223ee5afc1b6b10da1038c185832455885a2c175ea4f9a7569c0a3c2
Opcode Fuzzy Hash: 87e1334a3f83a435735c038cbc87c80df1f8af2fb2176c4f41395b52474e97d9
Instruction Fuzzy Hash: 53014C71B01219ABCB14FBA6CC55DFE73A8FF06360B140519F872673C1EA759908A760

Function 00FE1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 00FE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FE3CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00FE1C46

Strings

ListBox, xrefs: 00FE1C10
ComboBox, xrefs: 00FE1BE5

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 9fef2616f5c53b79e67c001643a13899228e60fea116ce72de251dbfa9e7a216
Instruction ID: 598e772f8f6d6a4df5780e2b96174cc2e19380ca7d22c7a1a94f437413ffe2a4
Opcode Fuzzy Hash: 9fef2616f5c53b79e67c001643a13899228e60fea116ce72de251dbfa9e7a216
Instruction Fuzzy Hash: A901F771B811456BCB04FB96CE55EFF73A8AB12340F240029B406B7281EA799E08A7B1

Function 00FE1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 00FE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FE3CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00FE1CC8

Strings

ListBox, xrefs: 00FE1C94
ComboBox, xrefs: 00FE1C69

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 91250d706b6938b5d86958e4cccf8fdcb994ff323d5c914c5dddec69094394b9
Instruction ID: 5e6be0ed9a8074c78110d48cc0e4c0c23dacdf76cf1f5e38eb2d0e6117bd1ed3
Opcode Fuzzy Hash: 91250d706b6938b5d86958e4cccf8fdcb994ff323d5c914c5dddec69094394b9
Instruction Fuzzy Hash: AB01DBB1B8115967CB14F79BCE45AFF73E8AB11340F640015B842B7281EA759F08E771

Function 00FE1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F89CB3: _wcslen.LIBCMT ref: 00F89CBD

Part of subcall function 00FE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00FE3CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00FE1DD3

Strings

ListBox, xrefs: 00FE1DA0
ComboBox, xrefs: 00FE1D75

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 6b60b7af02545df54e9eb4b7cba22f899dcd45380985b106f5dd03415e4367de
Instruction ID: ad7f560c11ba7d88ddbcd529a41cd9c7660722c127538fecb597e92ea679d505
Opcode Fuzzy Hash: 6b60b7af02545df54e9eb4b7cba22f899dcd45380985b106f5dd03415e4367de
Instruction Fuzzy Hash: 17F0F971B4121967D714F7A6CC55BFF73A8BB02350F480919B462672C1EA759908A760

Function 0100747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 01007493
_wcslen.LIBCMT ref: 010074B9

Strings

3, 3, 16, 1, xrefs: 01007483

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: bbe4ad61aae27ef4fc9d11ebf2aa711217e6cb9cc269a02438d2eef2cc615ff3
Instruction ID: 48c0adcd88e427ce8cc2ce670209b61b4a437b59b7d30eaf8e5caf07292383ed
Opcode Fuzzy Hash: bbe4ad61aae27ef4fc9d11ebf2aa711217e6cb9cc269a02438d2eef2cc615ff3
Instruction Fuzzy Hash: BDE02341201250106273127D9CC157F76CDCFCA550B11142BF5C1C1196DFDCEDA153A0

Function 00FE0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00FE0B23

Strings

AutoIt, xrefs: 00FE0B17
Error allocating memory., xrefs: 00FE0B1C

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 906e2b6db6e5dd2117d0881b0466836633e3fa8d953624c26bcc85ea52bf8abf
Instruction ID: ce5acfd8e229a152f1f0d68ee5084d6ba2f77b9a95d96fa4ab87255f76a799e9
Opcode Fuzzy Hash: 906e2b6db6e5dd2117d0881b0466836633e3fa8d953624c26bcc85ea52bf8abf
Instruction Fuzzy Hash: B1E0D83128430837E12436557D43F897A859F06F20F10042AF7D4D94C38EDA689022E9

Function 00FA0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00F9F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00FA0D71,?,?,?,00F8100A), ref: 00F9F7CE

IsDebuggerPresent.KERNEL32(?,?,?,00F8100A), ref: 00FA0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00F8100A), ref: 00FA0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00FA0D7F

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: a0d93d680cbf70060637361140bfcb4489e04f3ff23bb60e07c0ca9aafaef80d
Instruction ID: 6ca1566a4a0af397955617625d061f0e77da6db0c706320868718139926ea5ed
Opcode Fuzzy Hash: a0d93d680cbf70060637361140bfcb4489e04f3ff23bb60e07c0ca9aafaef80d
Instruction Fuzzy Hash: A1E06DB42007018BE7709FB9E5087827BE0AB01B44F00892DE4C6C664ADFBDE4489B91

Function 00FF3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00FF302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00FF3044

Strings

aut, xrefs: 00FF3038

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: c71c915efa12b12f33aa31c8634dbec17fbf9ad74f2ac9e52f706376e1dfc14f
Instruction ID: 1371b06bb7edb29fd39a2945e6834b30491e440fe695bc8c0cc54f9c4ef3c77f
Opcode Fuzzy Hash: c71c915efa12b12f33aa31c8634dbec17fbf9ad74f2ac9e52f706376e1dfc14f
Instruction Fuzzy Hash: 7AD05EB254032867EA30A6A5AD4EFCB3A6CDB05650F0002A1B699D6085EAF9D984CBD0

Function 00FDD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00FDD220

Strings

X64, xrefs: 00FDD2A8
%.3d, xrefs: 00FDD22B

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 1d753c60d717f57a2a47be2e4f49bb01a4c03068c04574788a5ce5dcaa463894
Instruction ID: 53b939b9acc4ea96137d4ec45c7664588f99232dc650c78a82f48d362684dd4b
Opcode Fuzzy Hash: 1d753c60d717f57a2a47be2e4f49bb01a4c03068c04574788a5ce5dcaa463894
Instruction Fuzzy Hash: 91D012F2844109EADF509AD0CC45AF9B37DAB18342F648463F946D1100D628C5087761

Function 01012322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0101232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0101233F

Part of subcall function 00FEE97B: Sleep.KERNEL32 ref: 00FEE9F3

Strings

Shell_TrayWnd, xrefs: 01012325

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 524e5be799054a2ed1b6b993e1e36157b68146397ea633ac93642f694139d8f5
Instruction ID: ae5cd90ef240548137e7dd4677aec76cc3ad977bd6610e4e2305cac113cb3ecb
Opcode Fuzzy Hash: 524e5be799054a2ed1b6b993e1e36157b68146397ea633ac93642f694139d8f5
Instruction Fuzzy Hash: 52D0A9323C0300BBE274A271EC0FFCABA04AB00B00F0009167685AA1C8E8B9A840CB00

Function 01012356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0101236C
PostMessageW.USER32(00000000), ref: 01012373

Part of subcall function 00FEE97B: Sleep.KERNEL32 ref: 00FEE9F3

Strings

Shell_TrayWnd, xrefs: 01012365

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: ac7ac07583f8d5404959ec9e669b1f3bd1fc876badfb26bebaf8fb2bdc437198
Instruction ID: a8d2ad984a93164ed672d201c77713681b3dd222f8011371a6a44e29a77517cb
Opcode Fuzzy Hash: ac7ac07583f8d5404959ec9e669b1f3bd1fc876badfb26bebaf8fb2bdc437198
Instruction Fuzzy Hash: 3FD0A9323C13007BF274A271EC0FFCAB604AB04B00F0009167681AA1C8E8B9A840CB04

Function 00FBBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00FBBE93
GetLastError.KERNEL32 ref: 00FBBEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FBBEFC

Memory Dump Source

Source File: 00000000.00000002.2933798364.0000000000F81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true

Associated: 00000000.00000002.2933778633.0000000000F80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.000000000101C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933884616.0000000001042000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933947924.000000000104C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2933977321.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 41f46096da11a8d5308cc1aafce625fb386628107891241e3ed4241d0d946e9e
Instruction ID: c6d0c852dcd01fb1f0ba13dbafc61a5481f5926d0e71ab6e2c63e878a3eee0b2
Opcode Fuzzy Hash: 41f46096da11a8d5308cc1aafce625fb386628107891241e3ed4241d0d946e9e
Instruction Fuzzy Hash: C841D435A04206AFDF218FE6CC44BFA7BA5EF42320F144169F9599B1A1DBB18D01EF60

Source: global traffic	TCP traffic: 192.168.2.4:49456 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:49291 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\ba39f3ed-e03d-4351-803a-cb86d0c978fe (copy)

C:\Users\user\Downloads\b4a58f00-5063-4b11-b0b5-34b2573cc445.tmp

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7688_1728096733\sets.json

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre