Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1525128
MD5:	feb3d620cdd56c7fbe1c54ae29328327
SHA1:	938774fde226ba51c661ecc5a45200081b0c5d5a
SHA256:	30e8732cac1a2ab649d3aad8a297889cad6eb13754e4607d641a4a610f86ef27
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7144 cmdline: "C:\Users\user\Desktop\file.exe" MD5: FEB3D620CDD56C7FBE1C54AE29328327)

taskkill.exe (PID: 6236 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4548 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4632 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1284 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5596 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 6500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 7144	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: chromecache_89.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_89.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: file.exe, 00000000.00000003.2995170633.000000000173F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2995806750.0000000001742000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_85.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_89.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_89.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_85.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_85.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_89.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_89.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_89.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_89.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_89.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_89.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_89.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_89.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_89.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_89.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_89.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_85.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_89.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_89.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_85.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_89.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_89.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_85.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_85.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_85.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_85.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_85.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_85.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_89.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.1764536815.0000000000FE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_89.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49966 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_0082EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0082ED6A

Source: C:\Users\user\Desktop\file.exe

0_2_0082EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_0081AA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00849576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00849576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1743226618.0000000000872000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_1fca566c-f
Source: file.exe, 00000000.00000000.1743226618.0000000000872000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_5affe1b3-1
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_27d4e204-7
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_c92dadb3-4

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_0081D5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00811201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00811201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_0081E8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8060	0_2_007B8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822046	0_2_00822046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00818298	0_2_00818298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE4FF	0_2_007EE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E676B	0_2_007E676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844873	0_2_00844873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BCAF0	0_2_007BCAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DCAA0	0_2_007DCAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CCC39	0_2_007CCC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6DD9	0_2_007E6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CB119	0_2_007CB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B91C0	0_2_007B91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1394	0_2_007D1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1706	0_2_007D1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D781B	0_2_007D781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C997D	0_2_007C997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B7920	0_2_007B7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D19B0	0_2_007D19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7A4A	0_2_007D7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1C77	0_2_007D1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7CA7	0_2_007D7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E9EEE	0_2_007E9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083BE44	0_2_0083BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1F32	0_2_007D1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007CF9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007D0A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal64.troj.evad.winEXE@46/30@12/7

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008237B5 GetLastError,FormatMessageW,

0_2_008237B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008110BF AdjustTokenPrivileges,CloseHandle,		0_2_008110BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_008116C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_008251CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0083A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0083A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0082648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_007B42A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4416:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1700:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6188:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007B42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D0A76 push ecx; ret

0_2_007D0A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_007CF98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00841C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00841C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-95241

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7220			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1777			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.6 %

Source: C:\Users\user\Desktop\file.exe TID: 7152

Thread sleep time: -72200s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7220 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0081DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008268EE FindFirstFileW,FindClose,	0_2_008268EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_0082698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00829642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0082979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00829B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00825C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007B42DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082EAA2 BlockInput,

0_2_0082EAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_007E2622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007B42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D4CE8 mov eax, dword ptr fs:[00000030h]

0_2_007D4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00810B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00810B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007E2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007D083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D09D5 SetUnhandledExceptionFilter,	0_2_007D09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_007D0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00811201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007F2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_007F2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081B226 SendInput,keybd_event,

0_2_0081B226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_008322DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00810B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00811663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00811663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D0698 cpuid

0_2_007D0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00828195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00828195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0080D27A GetUserNameW,

0_2_0080D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007EBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_007EBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007B42DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 7144, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 7144, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00831204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00831204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00831806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00831806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	172.217.16.206	true	false	unknown
www3.l.google.com	216.58.206.78	true	false	unknown
play.google.com	142.250.181.238	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
youtube.com	142.250.185.238	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/favicon.ico	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	chromecache_89.13.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_89.13.dr	false		unknown
https://play.google/intl/	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_89.13.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_89.13.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_89.13.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_85.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?hl=	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_89.13.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_85.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.16.206	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
216.58.206.78	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.238	youtube.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525128
Start date and time:	2024-10-03 18:15:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal64.troj.evad.winEXE@46/30@12/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 39 Number of non-executed functions: 311
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.133.84, 142.250.181.238, 142.250.185.227, 34.104.35.123, 216.58.206.67, 142.250.185.170, 142.250.184.234, 172.217.23.106, 172.217.18.10, 142.250.186.138, 216.58.212.138, 142.250.185.74, 142.250.185.234, 142.250.186.74, 172.217.16.202, 172.217.18.106, 142.250.185.106, 216.58.206.74, 142.250.185.202, 142.250.185.138, 142.250.186.106, 142.250.186.42, 172.217.16.138, 216.58.206.42, 142.250.186.170, 142.250.181.234, 142.250.184.202, 216.58.212.170, 93.184.221.240, 192.229.221.95, 142.250.185.67, 64.233.184.84, 142.250.185.110
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://u9313450.ct.sendgrid.net/ls/click?upn=u001.ZfA-2BqTl2mXIVteOCc-2BANg-2BtYQAbYWaU-2BKDDWa611GxHig-2BgElXnUy1eAOeNoTI9ToS9WuAxRUdR21lAIsTPE0g-3D-3Dd8kL_bf4JG6rVotaFp8XsYJMcbHq5p6ju5xz6OkJFWJQMhev1YsQkFFV7zJr96yz5256BnjjwP-2FrVNKeomJDukUeXnM2-2FUbrpvrFpNFdN8Hxo-2B8NA1G5PPzQiWnVnq4RPrf4MxseS-2FjeJBGe3OOYXNXxDmns1gfYeFwrIC6tXtQ3KJv23PKABAyqpBB-2FnsXl7BropPMbry14s3UYpaAeg1aJih0NQeQpVSOm5MBDYOXEHCyJCtLrpoW6SuZeJlGeeWyYAhbotSAdFsjwH5JN5fjIYp-2BMzHm9VPykPI2oeKmW91mIcQqO5YJ1dVv925b7N0T1v	Get hash	malicious	Unknown	Browse
	http://reviewnewdocuments.wordpress.com/	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	https://docsend.com/view/ws65kkaar2fwghua	Get hash	malicious	Unknown	Browse
	75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z	Get hash	malicious	Unknown	Browse
	https://ahchoadeegu.homes?u=k8pp605&o=c9ewtnr&t=8845	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	http://bernas-medical-com.powerappsportals.com	Get hash	malicious	Unknown	Browse
	https://links.truthsocial.com/link/113203933939427541	Get hash	malicious	Unknown	Browse
	Activator by URKE v2.5.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
play.google.com	https://u9313450.ct.sendgrid.net/ls/click?upn=u001.ZfA-2BqTl2mXIVteOCc-2BANg-2BtYQAbYWaU-2BKDDWa611GxHig-2BgElXnUy1eAOeNoTI9ToS9WuAxRUdR21lAIsTPE0g-3D-3Dd8kL_bf4JG6rVotaFp8XsYJMcbHq5p6ju5xz6OkJFWJQMhev1YsQkFFV7zJr96yz5256BnjjwP-2FrVNKeomJDukUeXnM2-2FUbrpvrFpNFdN8Hxo-2B8NA1G5PPzQiWnVnq4RPrf4MxseS-2FjeJBGe3OOYXNXxDmns1gfYeFwrIC6tXtQ3KJv23PKABAyqpBB-2FnsXl7BropPMbry14s3UYpaAeg1aJih0NQeQpVSOm5MBDYOXEHCyJCtLrpoW6SuZeJlGeeWyYAhbotSAdFsjwH5JN5fjIYp-2BMzHm9VPykPI2oeKmW91mIcQqO5YJ1dVv925b7N0T1v	Get hash	malicious	Unknown	Browse	142.250.186.174
	file.exe	Get hash	malicious	Credential Flusher	Browse	216.58.212.142
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.78
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.217.18.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.217.16.206
	file.exe	Get hash	malicious	Credential Flusher	Browse	216.58.206.46
	https://docs.google.com/forms/d/e/1FAIpQLSd11N0abxlW-jWhsgCqQSv4dirOC7CnOJxj0NYrOSmFOvEaMg/viewform?usp=pp_url	Get hash	malicious	HTMLPhisher	Browse	142.250.186.174
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.217.18.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.186.46
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.78

ASNs

⊘No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://u9313450.ct.sendgrid.net/ls/click?upn=u001.ZfA-2BqTl2mXIVteOCc-2BANg-2BtYQAbYWaU-2BKDDWa611GxHig-2BgElXnUy1eAOeNoTI9ToS9WuAxRUdR21lAIsTPE0g-3D-3Dd8kL_bf4JG6rVotaFp8XsYJMcbHq5p6ju5xz6OkJFWJQMhev1YsQkFFV7zJr96yz5256BnjjwP-2FrVNKeomJDukUeXnM2-2FUbrpvrFpNFdN8Hxo-2B8NA1G5PPzQiWnVnq4RPrf4MxseS-2FjeJBGe3OOYXNXxDmns1gfYeFwrIC6tXtQ3KJv23PKABAyqpBB-2FnsXl7BropPMbry14s3UYpaAeg1aJih0NQeQpVSOm5MBDYOXEHCyJCtLrpoW6SuZeJlGeeWyYAhbotSAdFsjwH5JN5fjIYp-2BMzHm9VPykPI2oeKmW91mIcQqO5YJ1dVv925b7N0T1v	Get hash	malicious	Unknown	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	http://reviewnewdocuments.wordpress.com/	Get hash	malicious	Unknown	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	https://docsend.com/view/ws65kkaar2fwghua	Get hash	malicious	Unknown	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	0a839761915d.exe	Get hash	malicious	LummaC	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	https://ahchoadeegu.homes?u=k8pp605&o=c9ewtnr&t=8845	Get hash	malicious	Unknown	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	http://bernas-medical-com.powerappsportals.com	Get hash	malicious	Unknown	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	https://links.truthsocial.com/link/113203933939427541	Get hash	malicious	Unknown	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60
	Activator by URKE v2.5.exe	Get hash	malicious	LummaC	Browse	172.202.163.200 4.245.163.56 184.28.90.27 13.107.246.60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.79285433629193
Encrypted:	false
SSDEEP:	6144:S5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:kOeKGSpgu/
MD5:	1C7A58214662CFB8B2B8D16B812B1856
SHA1:	785EA4F246BCAA415B3925F7281FC9AE16DF7682
SHA-256:	E2E174AC09FA66C8550B4DCAA98E32176A3B5FB861353E1E7FA9821C3C08561D
SHA-512:	AF42906BD50592D00B12E5F57E69490D9E82D72AEF853397637D5572E6622D65FBC13D522ABF1E7BFB815699600A1B5BB83F236E8544903567D52E9C6C01311A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlHxjc0Ood9pBm5tn_36XhBkXPrbzg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x20469860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG_Qg1PP-75cLw_ogQnFnTJMeFddQ/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583820839811423
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	feb3d620cdd56c7fbe1c54ae29328327
SHA1:	938774fde226ba51c661ecc5a45200081b0c5d5a
SHA256:	30e8732cac1a2ab649d3aad8a297889cad6eb13754e4607d641a4a610f86ef27
SHA512:	e0f3f8beb34585e00978d386a33ae41a892edd29b77e7a9c2442c1c274934c5f79967851d06f66af4bf713d86a3975630d200c52fb0f653f3a8372325825d705
SSDEEP:	24576:gqDEvCTbMWu7rQYlBQcBiT6rprG8a4OK:gTvC/MTQYxsWR7a4
TLSH:	B4159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FEBE4E [Thu Oct 3 15:54:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F93ECFEBEF3h
jmp 00007F93ECFEB7FFh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F93ECFEB9DDh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F93ECFEB9AAh
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F93ECFEE59Dh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F93ECFEE5E8h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F93ECFEE5D1h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	8b216824b2df68708e384352eb9c55f0	False	0.3166316105769231	data	5.332375934592244	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 18:16:11.004517078 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 3, 2024 18:16:12.189805984 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.189865112 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:12.189934015 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.194423914 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.194441080 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:12.844944954 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:12.845160007 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.845204115 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:12.845772982 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:12.845972061 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.846760035 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:12.846811056 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.848433971 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.848534107 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:12.848547935 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.893898964 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:12.893920898 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:12.941004992 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:13.134985924 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:13.135221958 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:13.135482073 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:13.135529041 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:13.135745049 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:13.327898026 CEST	49731	443	192.168.2.4	142.250.185.238
Oct 3, 2024 18:16:13.327965975 CEST	443	49731	142.250.185.238	192.168.2.4
Oct 3, 2024 18:16:13.345716000 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:13.345805883 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:13.345889091 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:13.346118927 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:13.346143007 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.266396999 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.266742945 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.266805887 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.267936945 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.268040895 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.268955946 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.269038916 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.270556927 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.270641088 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.270945072 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.270962954 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.315772057 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.575162888 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.575330973 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.575366020 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.575440884 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:14.577111959 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.577233076 CEST	49736	443	192.168.2.4	172.217.16.206
Oct 3, 2024 18:16:14.577265978 CEST	443	49736	172.217.16.206	192.168.2.4
Oct 3, 2024 18:16:16.481487989 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:16.481566906 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:16.481640100 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:16.481833935 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:16.481867075 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:16.641568899 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:16.641669989 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:16.641771078 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:16.643246889 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:16.643280029 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.144670963 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:17.145042896 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:17.145102978 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:17.146759987 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:17.147062063 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:17.147819042 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:17.147917986 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:17.190851927 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:17.190911055 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:17.237587929 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:17.316942930 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.320667982 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.326709032 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.326762915 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.327191114 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.367867947 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.458646059 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.503411055 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.644099951 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.644258022 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.644320965 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.645806074 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.645833015 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.645848989 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.645855904 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.800228119 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.800290108 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:17.800431013 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.800723076 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:17.800749063 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:18.472877979 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:18.472965956 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:18.476448059 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:18.476475000 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:18.477382898 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:18.479361057 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:18.523430109 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:18.747590065 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:18.747745037 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:18.747839928 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:18.748555899 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:18.748555899 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 18:16:18.748586893 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:18.748608112 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 18:16:21.698443890 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:21.698545933 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:21.698625088 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:21.698949099 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:21.698983908 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.130594969 CEST	49672	443	192.168.2.4	173.222.162.32
Oct 3, 2024 18:16:22.130685091 CEST	443	49672	173.222.162.32	192.168.2.4
Oct 3, 2024 18:16:22.340605021 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.350147009 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.350171089 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.351664066 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.351739883 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.353871107 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.353923082 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.356832027 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.357106924 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.357114077 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.357219934 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.411411047 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.411426067 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.457334995 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.667355061 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.667517900 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.667598963 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.667627096 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.667655945 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.667682886 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.670206070 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.670265913 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.670296907 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.675538063 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.675597906 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.675611973 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.675637007 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.675687075 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.675699949 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.681565046 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.681622982 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.681634903 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.688050032 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.688107014 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.688119888 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.688141108 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.688188076 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.688199043 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.732510090 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.751497984 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.751555920 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.751579046 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.751638889 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.760397911 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.760458946 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.760485888 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.760538101 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.760562897 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.760613918 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.764691114 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.764753103 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.771226883 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.771289110 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.771308899 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.777009010 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.777067900 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.777085066 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.783468008 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.783528090 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.783541918 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.783993006 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.784054041 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.787444115 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.787444115 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:22.787477016 CEST	443	49756	216.58.206.78	192.168.2.4
Oct 3, 2024 18:16:22.787528038 CEST	49756	443	192.168.2.4	216.58.206.78
Oct 3, 2024 18:16:24.462224960 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:24.462260962 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:24.462398052 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:24.463402033 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:24.463418007 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:24.627908945 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:24.671457052 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:24.898178101 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:24.898308039 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:24.898405075 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:24.898473024 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:24.898493052 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:24.898519993 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:24.898561001 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:24.898777008 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:24.898833990 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:24.911020994 CEST	49741	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:16:24.911061049 CEST	443	49741	142.250.185.132	192.168.2.4
Oct 3, 2024 18:16:25.147536993 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:25.147603989 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:25.150512934 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:25.150530100 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:25.150928020 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:25.191787004 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:25.882014036 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:25.927401066 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104053974 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104120970 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104145050 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104214907 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:26.104216099 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:26.104233027 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104244947 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104311943 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:26.104335070 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104460955 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:26.104468107 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104481936 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.104522943 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:26.859304905 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:26.859306097 CEST	49769	443	192.168.2.4	172.202.163.200
Oct 3, 2024 18:16:26.859333992 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:26.859347105 CEST	443	49769	172.202.163.200	192.168.2.4
Oct 3, 2024 18:16:58.996618032 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:58.996687889 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:58.996766090 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:58.997046947 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:58.997102022 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.642244101 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.642513990 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.645915985 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.645946026 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.646477938 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.653837919 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.699405909 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.757448912 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.757517099 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.757563114 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.757607937 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.757680893 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.757725000 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.757747889 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.839792013 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.839853048 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.840075016 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.840135098 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.840384007 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.841525078 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.841581106 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.841731071 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.841747046 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.841804028 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.926063061 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.926129103 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.926156044 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.926172972 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.926198959 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.926217079 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.927481890 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.927545071 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.927556038 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.927577019 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.927608967 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.927651882 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.928206921 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.928260088 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.928283930 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.928294897 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.928322077 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.928340912 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.951503992 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.951565981 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.951575994 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.951597929 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:16:59.951627016 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:16:59.951649904 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.013020039 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.013051033 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.013098001 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.013119936 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.013144016 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.013163090 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.013788939 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.013833046 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.013868093 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.013880968 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.013905048 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.013927937 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.014925957 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.014952898 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.014996052 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.015007019 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.015031099 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.015054941 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.015811920 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.015834093 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.015873909 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.015886068 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.015911102 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.015937090 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.016921997 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.016952991 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.016990900 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.017003059 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.017028093 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.017045975 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.017220974 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.017267942 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.017321110 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.017884016 CEST	49784	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.017915010 CEST	443	49784	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.046221972 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.046314001 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.046621084 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.047328949 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.047432899 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.047507048 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.047610044 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.047643900 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.048715115 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.048765898 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.048825026 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.048829079 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.048852921 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.048907995 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.048922062 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.049396038 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.049487114 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.049546957 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.049705982 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.049729109 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.050249100 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.050337076 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.050409079 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.050508976 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.050529003 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.691709042 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.693960905 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.699199915 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.699325085 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.707845926 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.707900047 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.711319923 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.711333990 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.712857962 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.712918043 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.713566065 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.713579893 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.714394093 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.714452982 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.714751959 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.714804888 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.714961052 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.715017080 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.716861963 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.716878891 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.731018066 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.731482983 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.731542110 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.731931925 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.731983900 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.808936119 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.808990002 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.809114933 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.809215069 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.809288979 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.809603930 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.809604883 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.809658051 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.809678078 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.809685946 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.809732914 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.809807062 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.809849024 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.810195923 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.810195923 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.810197115 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.811055899 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.811199903 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.811269999 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.811806917 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.811806917 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.811872959 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.811908960 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.813648939 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.813731909 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.813745022 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.813833952 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.813834906 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.813896894 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.813955069 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.813976049 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.814034939 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.814069033 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.814116001 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.814169884 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.814224005 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.814361095 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.814368963 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.815002918 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.815059900 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.815123081 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.815165997 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.815200090 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.815224886 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.815252066 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.815289021 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.815289021 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.815319061 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.815340996 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.817100048 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.817184925 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.817418098 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.817418098 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.817548037 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.899524927 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.899714947 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.899912119 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.899913073 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.899913073 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.901535034 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.901618004 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:00.901719093 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.901798010 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:00.901822090 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.035693884 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.035770893 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.118897915 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.118958950 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.460201025 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.462227106 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.462274075 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.462680101 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.462687016 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.485305071 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.486056089 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.486085892 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.486330986 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.486356974 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.487258911 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.487343073 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.487751007 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.487807989 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.487859011 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.487917900 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.488111973 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.488126993 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.488137007 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.488157988 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.540258884 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.540916920 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.540999889 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.541102886 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.541117907 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.570832014 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.570975065 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.571146965 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.571192980 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.571213961 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.571254015 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.571265936 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.573899984 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.573925018 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.574137926 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.574137926 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.574204922 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.584887028 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.585038900 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.585108995 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.585352898 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.585354090 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.585386038 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.585403919 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.587156057 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.587193012 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.587260962 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.587379932 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.587397099 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.589251041 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.589436054 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.589500904 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.589575052 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.589576006 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.589622974 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.589648962 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.591182947 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.591239929 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.591269970 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.591361046 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.591425896 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.591486931 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.591509104 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.591509104 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.591516018 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.591588974 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.591624975 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.593281031 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.593363047 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.593445063 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.593533039 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.593555927 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.643093109 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.643162966 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.643462896 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.644469976 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.644469976 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.644535065 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.644570112 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.645194054 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.645207882 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:01.645262957 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.645344973 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:01.645350933 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.236413002 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.237149954 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.237194061 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.237729073 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.237755060 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.241286993 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.241705894 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.241765976 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.242053986 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.242108107 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.250169039 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.250405073 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.250463963 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.250791073 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.250844002 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.269035101 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.269433975 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.269448996 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.269882917 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.269887924 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.308952093 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.309289932 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.309309006 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.309607029 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.309612989 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.337812901 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.337905884 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.337971926 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.338093996 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.338118076 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.338131905 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.338140965 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.341032982 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.341128111 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.341403008 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.341403961 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.341533899 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.342065096 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.342215061 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.342391014 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.342391968 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.342391968 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.344091892 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.344177961 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.344268084 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.344377041 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.344394922 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.353684902 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.353833914 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.354043007 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.354043007 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.354043961 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.355618000 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.355638981 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.355715036 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.355829954 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.355839968 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.375104904 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.375269890 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.375329018 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.375350952 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.375365019 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.375375032 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.375379086 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.377151012 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.377235889 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.377345085 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.377424955 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.377448082 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.409579992 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.409734011 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.409989119 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.410037994 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.410047054 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.410057068 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.410062075 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.411951065 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.412034035 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.412138939 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.412239075 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.412261009 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.643796921 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.643831015 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:02.659401894 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:02.659430981 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.000854969 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.005654097 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.005702019 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.006098986 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.006113052 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.011059999 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.011706114 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.011766911 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.011903048 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.011931896 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.039052963 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.062357903 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.062417030 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.062716007 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.062769890 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.089231968 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.104571104 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.104753017 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.104842901 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.110444069 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.114209890 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.114377975 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.114566088 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.121298075 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.121359110 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.121742010 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.121794939 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.121936083 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.121937037 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.122004032 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.122039080 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.122636080 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.122672081 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.122699022 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.122715950 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.123316050 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.123331070 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.123678923 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.123688936 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.128086090 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.128176928 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.128249884 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.130614042 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.130647898 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.136404991 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.136425972 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.136503935 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.156985998 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.157013893 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.160923958 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.161077976 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.161292076 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.161292076 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.161292076 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.163372993 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.163475990 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.163805962 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.163805962 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.163934946 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.223160028 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.223325014 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.223800898 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.223886967 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.223886967 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.223929882 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.223959923 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.226274967 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.226357937 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.226455927 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.226546049 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.226568937 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.447875977 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:03.447962046 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:03.448051929 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:03.448498011 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:03.448592901 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:03.477097034 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.477161884 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.508527040 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.508682013 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.509213924 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.509991884 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.510025978 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.510055065 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.510068893 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.512625933 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.512662888 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.512722015 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.512854099 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.512859106 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.801522017 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.802391052 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.802448034 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.803112984 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.803126097 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.830940962 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.831290960 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.831321955 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.831835985 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.831845999 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.845936060 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.846415997 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.846474886 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.846631050 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.846647978 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.893774986 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.894555092 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.894639969 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.895163059 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.895216942 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.900625944 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.900777102 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.900837898 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.900892973 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.900928974 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.900954008 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.900970936 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.903898001 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.903983116 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.904082060 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.904184103 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.904205084 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.947603941 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.947772980 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.947841883 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.947875977 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.947894096 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.947916985 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.947927952 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.949924946 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.950009108 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.950093031 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.950229883 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.950252056 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.955583096 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.955743074 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.955924034 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.955924034 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.955924034 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.958158970 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.958193064 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.958250999 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.958347082 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.958352089 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.993699074 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.993824959 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.994107008 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.994107008 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.994107008 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.995642900 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.995651007 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:03.995716095 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.995837927 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:03.995841026 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.170578957 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.171073914 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.171096087 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.171364069 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.171369076 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.256560087 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.256623983 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.261368990 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.261452913 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.263495922 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.263510942 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.263916016 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.272532940 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.302768946 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.302830935 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.315406084 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.624191999 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.624375105 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.624475956 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.624555111 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.624571085 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.624612093 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.624618053 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.627676964 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.627765894 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.627873898 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.628593922 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.628673077 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.630150080 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.630213976 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.630316973 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.630378008 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.630484104 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.631130934 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.631304979 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.631366014 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.631447077 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.631459951 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.631506920 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.635246992 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.635246992 CEST	49809	443	192.168.2.4	4.245.163.56
Oct 3, 2024 18:17:04.635313988 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.635350943 CEST	443	49809	4.245.163.56	192.168.2.4
Oct 3, 2024 18:17:04.813807964 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.814389944 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.814409971 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.814846992 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.814851046 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.816308975 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.816713095 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.816795111 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.817235947 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.817289114 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.912542105 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.912674904 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.914319992 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.914472103 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.914486885 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.914504051 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.914509058 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.917474031 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.917541027 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.917893887 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.918028116 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.918044090 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.918482065 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.918637991 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.920142889 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.920142889 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.920142889 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.921744108 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.921825886 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:04.922065020 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.922065020 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:04.922194004 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.226072073 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.226134062 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.275944948 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.276797056 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.276879072 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.277321100 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.277374029 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.375802994 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.375965118 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.376204014 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.377991915 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.377991915 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.378057957 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.378089905 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.381046057 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.381131887 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.381263018 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.381387949 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.381421089 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.584934950 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.585305929 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.592573881 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.592609882 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.592890024 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.592900991 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.593106031 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.593163013 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.596219063 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.596236944 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.708281040 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.708440065 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.708523035 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.708571911 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.708571911 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.708600044 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.708621979 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.709084988 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.709247112 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.709507942 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.709507942 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.709507942 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.711731911 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.711769104 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.711775064 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.711837053 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.711862087 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.711965084 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.711976051 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:05.711988926 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.712119102 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:05.712136984 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.019504070 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.019565105 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.200098038 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.201030016 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.201056957 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.201325893 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.201345921 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.209481955 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.210061073 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.210119963 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.210184097 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.210199118 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.364059925 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.364214897 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.364276886 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.364485979 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.364501953 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.364510059 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.364515066 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.367084980 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.367172956 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.367270947 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.367499113 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.367518902 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.369844913 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.369920015 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.369988918 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.370148897 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.370148897 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.370202065 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.370230913 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.372287989 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.372370958 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.372648001 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.372648001 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.372775078 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.374659061 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.375763893 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.375818014 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.376178026 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.376190901 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.485877991 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.485944986 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.486452103 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.487066984 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.487066984 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.487132072 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.487171888 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.488785028 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.488873005 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.488966942 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.489083052 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.489101887 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.642294884 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.642864943 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.642903090 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.643317938 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.643322945 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.645062923 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.645342112 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.645401001 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.645617008 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.645632029 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.747890949 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.748027086 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.748092890 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.748172998 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.748217106 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.748246908 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.748262882 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.749793053 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.749938965 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.750003099 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.750086069 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.750086069 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.750128984 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.750154018 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.751224041 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.751267910 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.751334906 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.751487017 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.751522064 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.752185106 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.752268076 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:06.752347946 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.752459049 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:06.752509117 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.010230064 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.010826111 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.010885000 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.011173010 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.011189938 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.047445059 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.048037052 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.048105001 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.048162937 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.048177958 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.111190081 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.111345053 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.111520052 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.111520052 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.111520052 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.114218950 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.114334106 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.114444971 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.114540100 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.114559889 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.138426065 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.138761044 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.138829947 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.139226913 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.139240980 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.150260925 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.150414944 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.150623083 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.150624037 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.151324987 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.151407003 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.152126074 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.152167082 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.152245045 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.152348042 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.152359009 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.237124920 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.237281084 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.237411022 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.237550974 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.237569094 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.237616062 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.237627983 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.239643097 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.239705086 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.239779949 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.239883900 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.239902973 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.412776947 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.412838936 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.413724899 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.414664984 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.414747000 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.414937019 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.414952040 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.445004940 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.445708036 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.445797920 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.445967913 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.445982933 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.515490055 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.515647888 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.515727043 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.515810966 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.515810966 CEST	49824	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.515852928 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.515877962 CEST	443	49824	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.518353939 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.518383026 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.518594980 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.518594980 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.518639088 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.551903009 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.552051067 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.552117109 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.552197933 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.552197933 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.552237988 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.552267075 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.554219961 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.554250956 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.554414988 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.554414988 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.554462910 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.784540892 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.832437992 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.833547115 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.839848042 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.839899063 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.840338945 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.840390921 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.840728998 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.840770006 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.841329098 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.841336012 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.884346008 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.890156031 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.890233040 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.895792961 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.895813942 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.946368933 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.946513891 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.946573973 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.946590900 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.946706057 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.947002888 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.949135065 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.949135065 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.949178934 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.949204922 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.952008963 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.952008963 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.952075005 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.952107906 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.956186056 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.956249952 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.956331015 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.956995010 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.957042933 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.957072973 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.957079887 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:07.957168102 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.957235098 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:07.957256079 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.338675022 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.338826895 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.339000940 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.339085102 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.339086056 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.339128971 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.339157104 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.341572046 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.341613054 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.341690063 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.341820002 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.341825962 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.458062887 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.458991051 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.459049940 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.459371090 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.459453106 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.553575039 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.553952932 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.554033995 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.554409981 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.554464102 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.559552908 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.559714079 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.559781075 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.559838057 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.559838057 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.559870005 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.559895039 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.561975002 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.562010050 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.562068939 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.562220097 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.562230110 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.637331963 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.637974977 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.638034105 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.638411999 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.638463974 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.643304110 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.643747091 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.643806934 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.644164085 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.644217968 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.652616978 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.652754068 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.652961969 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.652962923 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.652962923 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.655009031 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.655095100 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.655380011 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.655380011 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.655489922 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.738976955 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.739130974 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.739197016 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.739278078 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.739278078 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.739324093 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.739351034 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.741611004 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.741692066 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.741771936 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.741949081 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.741981030 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.745330095 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.745474100 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.745541096 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.745620012 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.745620966 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.745661974 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.745690107 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.747298002 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.747330904 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.747407913 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.747503042 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.747517109 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:08.958868980 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:08.958930969 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.014852047 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.031080961 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.031110048 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.031537056 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.031541109 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.131144047 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.131299973 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.131503105 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.131503105 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.131503105 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.134223938 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.134262085 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.134335995 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.134454966 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.134462118 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.238127947 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.238466024 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.238473892 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.239177942 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.239182949 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.339806080 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.341429949 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.341583014 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.341634989 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.344779968 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.344842911 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.345287085 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.345340967 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.345366001 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.345379114 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.345386982 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.345391989 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.350445986 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.350529909 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.350606918 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.353718996 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.353795052 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.398243904 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.398672104 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.398747921 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.399096012 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.399111032 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.405926943 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.406172037 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.406189919 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.406485081 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.406491041 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.443022013 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.443036079 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.446397066 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.446554899 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.446635962 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.446757078 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.446757078 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.446799994 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.446827888 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.449029922 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.449110985 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.449186087 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.449300051 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.449323893 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.497165918 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.497322083 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.497395992 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.497472048 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.497472048 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.497514009 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.497545004 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.499898911 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.499974012 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.500046015 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.500179052 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.500205040 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.506892920 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.507044077 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.507098913 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.507121086 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.507134914 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.507145882 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.507152081 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.508853912 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.508877039 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.509083033 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.509083986 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.509125948 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.781640053 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.782124996 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.782149076 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.782628059 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.782634020 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.881618977 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.881769896 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.881830931 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.881910086 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.881927013 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.881936073 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.881942034 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.884762049 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.884848118 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:09.884947062 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.885106087 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:09.885126114 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.006860018 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.010626078 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.010700941 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.011099100 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.011115074 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.088967085 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.089633942 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.089720011 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.090084076 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.090138912 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.113115072 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.113274097 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.113363981 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.114278078 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.114322901 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.114351988 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.114367962 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.116911888 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.116945028 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.117146015 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.117146015 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.117204905 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.173887014 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.174412966 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.174468040 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.174710989 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.174725056 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.187665939 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.187799931 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.187992096 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.187992096 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.187992096 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.188834906 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.189197063 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.189230919 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.189598083 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.189609051 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.221927881 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.222060919 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.222156048 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.224095106 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.224136114 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.277458906 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.277616024 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.277735949 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.292793036 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.292947054 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.293073893 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.306207895 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.306207895 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.306238890 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.306272030 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.314949036 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.314960957 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.315006971 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.315021038 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.386146069 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.386198997 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.386332035 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.412429094 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.412516117 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.412563086 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.412606955 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.412610054 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.413666010 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.413744926 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.491532087 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.491595984 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.553687096 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.554172993 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.554255009 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.554500103 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.554514885 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.653218985 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.653395891 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.653575897 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.653577089 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.653577089 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.655814886 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.655841112 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.655909061 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.656017065 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.656021118 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.797765017 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.798398018 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.798477888 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.798852921 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.798906088 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.896015882 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.896555901 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.896606922 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.896855116 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.896869898 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.903932095 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.904079914 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.904299974 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.904299974 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.904299974 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.906862974 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.906950951 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.907226086 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.907227039 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.907345057 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:10.957160950 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:10.957222939 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.000350952 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.000489950 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.000574112 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.000627041 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.000627041 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.000658035 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.000679016 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.002557993 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.002640963 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.002736092 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.002842903 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.002896070 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.207004070 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.207066059 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.404866934 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.405574083 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.405591011 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.405673981 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.405828953 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.405881882 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.405965090 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.406018019 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.406266928 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.406280041 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.504916906 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.505070925 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.505294085 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.505294085 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.505294085 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.508135080 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.508167028 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.508241892 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.508435011 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.508443117 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.510802984 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.510950089 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.511013031 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.511069059 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.511069059 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.511096001 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.511120081 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.512876034 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.512908936 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.512969971 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.513072968 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.513077974 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.596575022 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.596982956 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.597019911 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.597501040 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.597507954 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.604317904 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.604571104 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.604588032 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.604876041 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.604881048 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.645417929 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.645921946 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.645953894 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.646070957 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.646080017 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.700457096 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.700613022 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.700795889 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.700795889 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.701273918 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.701335907 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.702601910 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.702687025 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.702795982 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.702904940 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.702930927 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.710587978 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.710737944 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.710804939 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.710827112 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.710839033 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.710865974 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.710870981 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.712677956 CEST	49854	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.712762117 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.712847948 CEST	49854	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.712960005 CEST	49854	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.712980986 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.744318008 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.744461060 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.744628906 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.744628906 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.744628906 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.746162891 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.746192932 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.746257067 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.746351957 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.746357918 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.816318035 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.816359043 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:11.972673893 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:11.972703934 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.149599075 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.150116920 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.150140047 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.150561094 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.150566101 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.166985989 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.167289019 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.167311907 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.167617083 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.167620897 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.248533964 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.248689890 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.248754978 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.248820066 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.248836040 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.248845100 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.248850107 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.251693964 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.251776934 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.252075911 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.252077103 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.252192020 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.267608881 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.267782927 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.267893076 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.267893076 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.267893076 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.270066977 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.270148039 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.270251036 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.270353079 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.270378113 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.369158030 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.369657993 CEST	49854	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.369716883 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.370043039 CEST	49854	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.370096922 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.398058891 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.398489952 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.398549080 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.398735046 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.398750067 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.402311087 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.402710915 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.402730942 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.403045893 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.403052092 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.472481012 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.472553968 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.472626925 CEST	49854	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.479300022 CEST	49854	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.479300022 CEST	49854	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.479366064 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.479401112 CEST	443	49854	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.481942892 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.481987953 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.482055902 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.482196093 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.482209921 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.501848936 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.502016068 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.502077103 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.502132893 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.502151012 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.502163887 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.502170086 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.504429102 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.504451990 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.504508018 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.504657984 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.504663944 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.505889893 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.506042957 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.506241083 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.506241083 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.506241083 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.508287907 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.508374929 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.508481026 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.508563042 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.508585930 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.581923008 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.581933975 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.722723961 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.722784996 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.893121958 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.901772976 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.901855946 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.902232885 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.902287006 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.909873009 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.910871029 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.910948038 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.911381006 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.911412954 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.997898102 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.998040915 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.998094082 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.998229980 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.998245001 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:12.998256922 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:12.998264074 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.001363993 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.001447916 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.001538992 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.001683950 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.001719952 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.011749983 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.011893034 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.011955023 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.011970043 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.011976004 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.012006998 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.012012005 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.014079094 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.014127016 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.014173985 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.014332056 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.014353037 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.104760885 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.105144024 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.105163097 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.105521917 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.105526924 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.135018110 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.135449886 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.135461092 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.135912895 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.135919094 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.159415960 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.159807920 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.159866095 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.160130024 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.160182953 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.212063074 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.212214947 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.212287903 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.212308884 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.212320089 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.212330103 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.212336063 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.214425087 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.214508057 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.214620113 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.214699984 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.214719057 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.259912014 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.260066032 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.260266066 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.260266066 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.260266066 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.262697935 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.262795925 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.262888908 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.263005972 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.263025045 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.566226006 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.566287994 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.577423096 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.579700947 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.579793930 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.579844952 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.579874992 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.579902887 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.579909086 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.582679033 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.582775116 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.582855940 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.582987070 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.583008051 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.642184973 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.642728090 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.642811060 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.643030882 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.643044949 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.683815956 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.684161901 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.684191942 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.684504986 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.684510946 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.741580009 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.741641045 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.741772890 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.742003918 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.742132902 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.742134094 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.742134094 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.744278908 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.744364023 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.744601965 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.744602919 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.744728088 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.786813021 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.786964893 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.787149906 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.787190914 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.787211895 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.787224054 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.787231922 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.789275885 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.789359093 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.789575100 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.789575100 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.789694071 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.856424093 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.856796980 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.856877089 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.857330084 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.857345104 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.906212091 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.906507969 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.906569004 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.906956911 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.906970024 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.954896927 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.955059052 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.955154896 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.955156088 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.955233097 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.955269098 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.957957029 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.958004951 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:13.958080053 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.958213091 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:13.958220959 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.046753883 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.046808958 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.046941042 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.046961069 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.047120094 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.047173977 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.047214985 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.047246933 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.047261953 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.049448013 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.049487114 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.049557924 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.049669981 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.049678087 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.050483942 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.050544977 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.238293886 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.238713026 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.238785982 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.239258051 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.239273071 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.338834047 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.338891029 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.339011908 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.339122057 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.339360952 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.339360952 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.341159105 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.341200113 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.342489004 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.342575073 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.342798948 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.342907906 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.342937946 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.418606043 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.419478893 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.419537067 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.420075893 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.420092106 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.430126905 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.430706978 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.430763960 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.431214094 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.431227922 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.832767010 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.832839012 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.832900047 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.832973003 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.833009005 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.833095074 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.833169937 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.833169937 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.833323002 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.833323002 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.833365917 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.833395958 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.833535910 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.833535910 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.833600998 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.833636999 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.838753939 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.838839054 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.838978052 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.839024067 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.839255095 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.839302063 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.839302063 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.839337111 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.839353085 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.839519024 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.839536905 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.839811087 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.839839935 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.840249062 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.840255022 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.948966026 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.949120045 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.949179888 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.949268103 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.949280024 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.949300051 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.949305058 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.952178955 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.952224970 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:14.952303886 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.952467918 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:14.952478886 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.026055098 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.026581049 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.026659012 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.027020931 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.027035952 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.030150890 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.030455112 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.030479908 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.030797958 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.030802011 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.124214888 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.124953985 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.125190020 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.125190973 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.125190973 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.127242088 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.127434969 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.127513885 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.128196001 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.128282070 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.128313065 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.128313065 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.128365993 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.128388882 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.128408909 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.131242037 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.131278038 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.132484913 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.132549047 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.132616997 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.132720947 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.132740974 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.426192999 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.426255941 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.510138035 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.513887882 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.513921022 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.514322042 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.514328003 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.597326994 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.597959042 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.597970963 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.598341942 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.598346949 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.613845110 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.613996983 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.614080906 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.614161015 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.614180088 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.614217997 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.614226103 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.618293047 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.618343115 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.618418932 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.618568897 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.618580103 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.696933985 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.697088957 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.697153091 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.697218895 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.697227001 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.697247028 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.697252035 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.699573994 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.699589014 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.699662924 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.699827909 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.699832916 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.788995028 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.789594889 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.789685011 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.790189028 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.790241957 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.828903913 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.829735041 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.829816103 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.830355883 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.830410957 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.891064882 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.891163111 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.891236067 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.891320944 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.891364098 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.891398907 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.891415119 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.894248962 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.894284010 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.894345045 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.894458055 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.894465923 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.948488951 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.948640108 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.948813915 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.948813915 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.949148893 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.949209929 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.953665972 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.953754902 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:15.953840971 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.954108953 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:15.954129934 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.308366060 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.308917046 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.308938980 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.309268951 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.309274912 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.387717962 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.388181925 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.388196945 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.388586998 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.388592005 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.412604094 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.412760019 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.412822008 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.413007975 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.413007975 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.413024902 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.413034916 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.415648937 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.415734053 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.415828943 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.415952921 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.415972948 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.492011070 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.492139101 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.492222071 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.492273092 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.492281914 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.492290974 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.492297888 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.494301081 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.494385004 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.494493008 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.494575024 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.494596958 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.524729013 CEST	49883	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:17:16.524812937 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:16.525139093 CEST	49883	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:17:16.525140047 CEST	49883	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:17:16.525274038 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:16.586534977 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.586958885 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.587028980 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.587158918 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.587173939 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.602669001 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.602968931 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.602998018 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.603313923 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.603326082 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.687819958 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.687891006 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.687992096 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.688046932 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.688185930 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.688185930 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.688185930 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.690499067 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.690593004 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.690687895 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.690807104 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.690829992 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.703442097 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.703593969 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.703655005 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.703711987 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.703711987 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.703738928 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.703763962 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.705677032 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.705761909 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.705845118 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.705961943 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.705996990 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:16.988454103 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:16.988516092 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.059289932 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.059942007 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.060018063 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.060317039 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.060329914 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.142101049 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.142481089 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.142560959 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.142808914 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.142822981 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.163502932 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.163803101 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.163873911 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.163979053 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.163979053 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.163979053 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.163979053 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.166529894 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.166613102 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.166712999 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.166829109 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.166851997 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.169109106 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:17.169352055 CEST	49883	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:17:17.169369936 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:17.170042992 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:17.170336962 CEST	49883	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:17:17.170420885 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:17.222548962 CEST	49883	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:17:17.242791891 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.243102074 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.243468046 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.243468046 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.243468046 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.245430946 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.245516062 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.245620012 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.245721102 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.245743036 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.351881027 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.352344036 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.352422953 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.352963924 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.352978945 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.378597975 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.378912926 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.378963947 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.379244089 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.379256964 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.451030016 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.451186895 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.451252937 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.451329947 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.451366901 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.451419115 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.451435089 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.454440117 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.454483032 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.454555035 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.454719067 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.454731941 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.472342014 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.472404003 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.481427908 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.482099056 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.482276917 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.482350111 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.482351065 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.482391119 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.482426882 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.484460115 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.484540939 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.484637022 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.484729052 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.484747887 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.550435066 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.550496101 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.837192059 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.840229034 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.840286970 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.843322039 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.843374968 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.898462057 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.900718927 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.900794029 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.901081085 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.901093960 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.952900887 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.952970982 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.953068018 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.953169107 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.953169107 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.953257084 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.953257084 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.953295946 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.953326941 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.956142902 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.956226110 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.956317902 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.956423044 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:17.956444979 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.999746084 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.999908924 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:17.999970913 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.000035048 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.000035048 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.000087023 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.000108004 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.002127886 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.002176046 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.002248049 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.002345085 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.002357960 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.149867058 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.150711060 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.150772095 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.151032925 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.151050091 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.163609028 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.164105892 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.164161921 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.164427042 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.164441109 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.254898071 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.255054951 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.255131960 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.255340099 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.255398989 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.255435944 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.255451918 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.258408070 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.258496046 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.258580923 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.258719921 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.258738995 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.271559000 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.271714926 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.271959066 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.272072077 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.272110939 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.272170067 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.272186041 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.274485111 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.274568081 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.274682045 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.274801970 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.274825096 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.964700937 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.965270042 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.965347052 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.965466022 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.965697050 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.965712070 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.965771914 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.965847015 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:18.966140032 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:18.966152906 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.066629887 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.066706896 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.066773891 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.066800117 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.066829920 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.066879988 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.067892075 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.067925930 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.067955017 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.067969084 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.068332911 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.068464041 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.068525076 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.069097042 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.069097042 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.069139957 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.069169998 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.072962999 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.073045015 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.073144913 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.073642969 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.073738098 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.073761940 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.073797941 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.073820114 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.073885918 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.073909044 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.185355902 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.185834885 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.185856104 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.186268091 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.186283112 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.293174982 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.293325901 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.293514013 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.293514013 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.293514013 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.296133995 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.296219110 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.296329975 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.296663046 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.296721935 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.597886086 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.597948074 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.618094921 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.618908882 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.618988037 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.619338036 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.619352102 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.718919992 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.718995094 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.719094038 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.719166994 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.719264030 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.719698906 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.719739914 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.719769001 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.719784975 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.722414017 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.722460032 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.722546101 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.722912073 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.722929001 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.794111013 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.794822931 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.794864893 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.795192003 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.795440912 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.795454025 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.795475960 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.795552969 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.795906067 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.795918941 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.892613888 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.892765999 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.892885923 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.893630028 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.893809080 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.893862963 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.894524097 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.894542933 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.898169041 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.898169041 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.898211002 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.898237944 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.907233000 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.907258034 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.907310963 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.908128023 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.908212900 CEST	443	49899	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.908294916 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.908298969 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.908310890 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.908708096 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.908786058 CEST	443	49899	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.958982944 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.972913027 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.975224018 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.975306988 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.975713015 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.975765944 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.975986958 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.976069927 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:19.976353884 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:19.976407051 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.083992958 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.084073067 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.084176064 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.084287882 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.084287882 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.090150118 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.090151072 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.090217113 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.090265036 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.092746973 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.092829943 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.092931986 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.093053102 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.093076944 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.099086046 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.099236965 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.099322081 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.119343996 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.119343996 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.119410038 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.119446039 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.122128010 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.122174025 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.122237921 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.122374058 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.122384071 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.384533882 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.385092974 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.385116100 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.385576010 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.385581970 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.484612942 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.484782934 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.484831095 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.484956026 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.484971046 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.484980106 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.484985113 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.487651110 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.487682104 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.487754107 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.487879038 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.487891912 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.549696922 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.550506115 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.550525904 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.550924063 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.550928116 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.563534021 CEST	443	49899	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.564275026 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.564333916 CEST	443	49899	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.564456940 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.564482927 CEST	443	49899	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.647430897 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.647696018 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.647808075 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.648096085 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.648106098 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.648122072 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.648127079 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.650410891 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.650496006 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.650796890 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.650798082 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.650927067 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.678678989 CEST	443	49899	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.681585073 CEST	443	49899	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.681850910 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.681850910 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.681850910 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.683686018 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.683768988 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.683860064 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.684111118 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.684191942 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.760818005 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.761147022 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.761158943 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.761532068 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.761535883 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.762130022 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.762550116 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.762609005 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.762702942 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.762718916 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.863349915 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.863554001 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.863697052 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.864397049 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.864397049 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.864408970 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.864414930 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.866878033 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.866970062 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.867270947 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.867271900 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.867412090 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.867419958 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.867448092 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.867496014 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.867624044 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.867624044 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.867711067 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.867711067 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.867750883 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.867784023 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.869776011 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.869858980 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.869952917 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.870090008 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.870107889 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:20.910306931 CEST	49899	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:20.910367966 CEST	443	49899	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.148787975 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.149312019 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.149322987 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.149736881 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.149740934 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.248323917 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.248486996 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.248553038 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.248653889 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.248666048 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.248673916 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.248680115 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.251207113 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.251291037 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.251403093 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.251488924 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.251513004 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.331243038 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.332267046 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.332324982 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.332643986 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.332698107 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.339827061 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.340486050 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.340547085 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:21.340847969 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:21.340903044 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.416496992 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.416524887 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.416579962 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.416733027 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.416760921 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.416791916 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.416862965 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.416928053 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.416928053 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.416934013 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.416928053 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.416934013 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.416979074 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.417010069 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.419609070 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.419639111 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.419656038 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.419729948 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.419790030 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.419883013 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.419898987 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.419917107 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.419949055 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.419965029 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.421895981 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.422228098 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.422275066 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.422599077 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.422610998 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.426342964 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.426728010 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.426759005 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.427078009 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.427088976 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.524422884 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.524589062 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.524705887 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.525504112 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.525547981 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.525576115 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.525590897 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.528749943 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.528800011 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.528891087 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.529009104 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.529020071 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.544183016 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.544868946 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.544949055 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.544986010 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.544986010 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.545002937 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.545021057 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.546778917 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.546822071 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.547035933 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.547035933 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.547100067 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.617816925 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.618314981 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.618396044 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.618716955 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.618771076 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.720890999 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.721097946 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.721297979 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.721298933 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.721298933 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.722434998 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.722497940 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.724196911 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.724224091 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:22.724289894 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.724436045 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:22.724440098 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.034976959 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.035038948 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.065721035 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.066520929 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.066562891 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.066926003 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.066952944 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.088263988 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.088738918 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.088810921 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.089085102 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.089097977 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.164453030 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.164696932 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.164897919 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.164899111 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.164899111 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.168112993 CEST	49913	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.168198109 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.168500900 CEST	49913	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.168502092 CEST	49913	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.168628931 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.175950050 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.176239014 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.176312923 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.176574945 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.176589012 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.185168028 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.185601950 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.185642004 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.185919046 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.185945988 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.190260887 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.190423012 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.190485001 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.190505028 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.190534115 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.190593958 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.191060066 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.191093922 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.191121101 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.191134930 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.193413973 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.193497896 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.193589926 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.193850994 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.193909883 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.275543928 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.275613070 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.275727034 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.275759935 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.275816917 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.276004076 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.276050091 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.276170015 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.276185989 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.278642893 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.278680086 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.278755903 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.278913021 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.278918982 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.285785913 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.285868883 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.286016941 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.286016941 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.286016941 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.287869930 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.287909031 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.287985086 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.288100004 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.288106918 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.366650105 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.367010117 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.367032051 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.367376089 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.367381096 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.471925974 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.471957922 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.582062006 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.582096100 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.582139015 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.582140923 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.582180023 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.582581043 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.582592010 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.582604885 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.582611084 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.585710049 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.585752964 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.585992098 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.588140011 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.588221073 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.596788883 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.596811056 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.815186024 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.815723896 CEST	49913	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.815798998 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.816250086 CEST	49913	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.816303968 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.847979069 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.848453045 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.848511934 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.848643064 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.848658085 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.914628983 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.915354967 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.915441036 CEST	49913	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.915518045 CEST	49913	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.915518045 CEST	49913	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.915560007 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.915606976 CEST	443	49913	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.918628931 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.918658018 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.918720007 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.918874979 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.918880939 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.923540115 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.923964977 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.923996925 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.924418926 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.924424887 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.950213909 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.950284958 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.950403929 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.950496912 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.950498104 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.950587034 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.950587034 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.950627089 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.950658083 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.953178883 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.953262091 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.953325987 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.953455925 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.953475952 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.955456972 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.955859900 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.955868006 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:23.956401110 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:23.956410885 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.174293041 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.174443007 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.174499989 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.174587011 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.174602032 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.174616098 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.174622059 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.177923918 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.177943945 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.177999973 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.178220034 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.178225994 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.267031908 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.267107010 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.267178059 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.267190933 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.267220020 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.267267942 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.267364979 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.267380953 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.267393112 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.267396927 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.270349979 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.270381927 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.270453930 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.270643950 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.270653009 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.358366013 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.358928919 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.358987093 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.359498978 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.359551907 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.458646059 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.458813906 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.458895922 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.458950996 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.458950996 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.458981991 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.459006071 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.461361885 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.461447001 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.461541891 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.461664915 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.461684942 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.614278078 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.642816067 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.642833948 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.643718958 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.643723011 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.743113041 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.743684053 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.743758917 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.768572092 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.768594027 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.768630028 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.768635988 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.807673931 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.817945957 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.818032026 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.821851015 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.821903944 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.821909904 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.825547934 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.825561047 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.826141119 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.826145887 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.837497950 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.841511011 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.841519117 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.842061996 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.842067003 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.863935947 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.864018917 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.864346027 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.864346027 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.864473104 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.917306900 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.917509079 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.917742968 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.926939011 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.927014112 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.927099943 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.927117109 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.927138090 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.928235054 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.945290089 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.945287943 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.945287943 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.945323944 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.945342064 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.945348978 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.945354939 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.945389986 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.948091984 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.948163986 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.948215961 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.948419094 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.948426008 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.948446989 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.948451042 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.948857069 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.948896885 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.948947906 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.950270891 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.950278044 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.950438023 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.950468063 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.950479031 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.950918913 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.951003075 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.951049089 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.951060057 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:24.951098919 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.951220989 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:24.951245070 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.134880066 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.135503054 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.135561943 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.135993958 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.136049032 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.235313892 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.235879898 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.236042023 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.236224890 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.236226082 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.236226082 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.238717079 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.238805056 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.239346027 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.239707947 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.239743948 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.516880035 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.517843962 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.517927885 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.518403053 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.518455982 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.550544024 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.550606966 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.591056108 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.591506958 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.591523886 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.592078924 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.592084885 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.598922014 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.600604057 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.600684881 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.600955963 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.601011038 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.626513004 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.626621008 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.626972914 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.626972914 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.626972914 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.629966974 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.630018950 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.630076885 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.630089045 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.630337954 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.630351067 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.630848885 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.630863905 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.631433964 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.631438971 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.690768003 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.690923929 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.691003084 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.691126108 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.691139936 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.691157103 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.691164017 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.693844080 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.693929911 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.694003105 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.694180012 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.694202900 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.700081110 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.700149059 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.700251102 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.700349092 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.700349092 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.700436115 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.700436115 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.700478077 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.700511932 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.702143908 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.702229977 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.703821898 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.703924894 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.703944921 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.740935087 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.741022110 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.741136074 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.741161108 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.741170883 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.741183996 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.741189957 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.743299007 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.743381977 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.743484020 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.743592024 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.743613958 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.881033897 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.881591082 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.881669998 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.882107019 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.882119894 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.930577993 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.930640936 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.985011101 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.985826969 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.985907078 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.985971928 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.985971928 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.986010075 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.986032009 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.989435911 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.989490032 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:25.989557981 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.989691019 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:25.989706039 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.287154913 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.293201923 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.293201923 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.293263912 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.293307066 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.337649107 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.339412928 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.339471102 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.340004921 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.340018034 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.347454071 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.349507093 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.349565983 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.350035906 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.350089073 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.389404058 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.389483929 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.389600039 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.389684916 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.389837027 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.389837027 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.389872074 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.389894009 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.392911911 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.392946959 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.393027067 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.393167973 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.393173933 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.419996023 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.420562029 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.420620918 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.421092033 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.421144962 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.435806036 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.435969114 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.436038017 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.436358929 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.436358929 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.436392069 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.436414003 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.439114094 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.439198017 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.439295053 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.439450026 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.439470053 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.447653055 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.447808027 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.448029041 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.448029041 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.448029041 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.450325966 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.450408936 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.450503111 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.450628042 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.450648069 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.551903009 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.552731037 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.553009033 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.553009033 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.553009033 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.554881096 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.554908037 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.555088997 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.555088997 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.555121899 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.567047119 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.568339109 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.568417072 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.568964958 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.568978071 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.675647020 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.676265955 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.676453114 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.676453114 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.676453114 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.678643942 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.678680897 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.678740025 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.678877115 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.678881884 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.753317118 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.753381014 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.866132021 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.866194963 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:26.990567923 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:26.990618944 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.065076113 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.065573931 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.065597057 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.067315102 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.067321062 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.075284004 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:27.075468063 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:27.075690031 CEST	49883	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:17:27.138717890 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.139233112 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.139292955 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.139659882 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.139713049 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.146924973 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.147239923 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.147260904 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.147710085 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.147762060 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.164264917 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.164789915 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.164855003 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.164892912 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.164910078 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.164921045 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.164930105 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.167505026 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.167593002 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.167697906 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.168057919 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.168117046 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.196768045 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.197105885 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.197118044 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.197479963 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.197485924 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.243887901 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.244065046 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.244133949 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.244236946 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.244236946 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.244280100 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.244306087 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.248785973 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.248869896 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.248996973 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.249347925 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.249428988 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.256820917 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.256975889 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.257148027 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.270503044 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.270503044 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.270566940 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.270602942 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.273586035 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.273654938 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.273722887 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.273859978 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.273866892 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.515338898 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.515465975 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.515547991 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.515567064 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.515587091 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.515639067 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.515753031 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.515763998 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.515778065 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.515784025 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.521428108 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.530205965 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.530225992 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.530632019 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.530636072 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.532100916 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.532185078 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.532265902 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.532388926 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.532419920 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.632091999 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.632293940 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.632349014 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.632384062 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.632395029 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.632402897 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.632406950 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.635119915 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.635188103 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:27.635270119 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.635433912 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:27.635449886 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.059782982 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.059802055 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.060446978 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.060534000 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.060568094 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.060599089 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.060973883 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.060992002 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.061115980 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.061125994 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.158376932 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.158598900 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.158670902 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.158746958 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.158747911 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.158791065 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.158821106 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.162026882 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.162178040 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.162305117 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.163451910 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.163453102 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.163535118 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.163547039 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.163582087 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.163626909 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.163702965 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.163840055 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.163858891 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.165958881 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.166044950 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.166135073 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.166284084 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.166310072 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.242885113 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.243360996 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.243447065 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.243834972 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.243887901 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.249452114 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.249785900 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.249805927 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.250276089 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.250281096 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.288713932 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.289180040 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.289251089 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.289613962 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.289628983 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.341594934 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.341691017 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.341773033 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.341799021 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.341854095 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.341905117 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.341905117 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.341947079 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.341978073 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.344152927 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.344238043 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.344336987 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.344444036 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.344465017 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.352941036 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.352996111 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.353053093 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.353075027 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.353132963 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.353173971 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.353246927 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.353264093 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.353276014 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.353280067 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.355917931 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.356023073 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.356112957 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.359206915 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.359247923 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.389255047 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.389327049 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.389441967 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.389499903 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.389549017 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.389549017 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.389592886 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.392087936 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.392122984 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.392215014 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.392369986 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.392383099 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.968516111 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.969048977 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.969142914 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.969465017 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.969479084 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.973746061 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.974212885 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.974294901 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.974600077 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.974653006 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.988559008 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.988972902 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.989053965 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:28.989322901 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:28.989376068 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.024163961 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.024499893 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.024591923 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.024920940 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.024934053 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.045495987 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.046084881 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.046122074 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.046439886 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.046449900 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.077119112 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.077198982 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.077295065 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.077416897 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.077416897 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.077503920 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.077503920 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.077543974 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.077574968 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.080521107 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.080604076 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.080954075 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.080955029 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.081063986 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.088331938 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.088496923 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.088685989 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.088685989 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.088685989 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.090459108 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.090512991 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.090595007 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.090637922 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.090692997 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.090697050 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.090761900 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.090761900 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.090801954 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.090816975 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.090825081 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.090841055 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.092515945 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.092576027 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.092658043 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.092782021 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.092806101 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.124623060 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.124679089 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.124809980 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.124830008 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.124876022 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.124912977 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.124936104 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.124960899 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.124973059 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.126605988 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.126626015 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.126703978 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.126817942 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.126840115 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.146899939 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.146971941 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.147034883 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.147094011 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.147252083 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.147252083 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.147252083 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.147275925 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.149005890 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.149091005 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.149182081 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.149307013 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.149327993 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.393986940 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.394049883 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.456269026 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.456341028 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.733836889 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.734499931 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.734581947 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.734982014 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.735034943 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.746676922 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.747114897 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.747174025 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.747447968 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.747467041 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.760761976 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.761105061 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.761181116 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.761535883 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.761548996 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.794363022 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.794874907 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.794958115 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.795274019 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.795327902 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.806371927 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.806772947 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.806806087 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.806999922 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.807010889 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.833321095 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.833925962 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.834146023 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.834146023 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.834146023 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.836832047 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.836915016 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.837196112 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.837196112 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.837315083 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.849184036 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.849261045 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.849366903 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.849430084 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.849431038 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.849515915 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.849515915 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.849555969 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.849586964 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.851500034 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.851587057 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.851674080 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.851809978 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.851829052 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.863374949 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.863545895 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.863614082 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.863670111 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.863670111 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.863703012 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.863723993 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.865622044 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.865641117 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.865715027 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.865832090 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.865843058 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.893587112 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.893868923 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.893990040 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.894186020 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.894186974 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.894186974 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.894186974 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.895752907 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.895811081 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.895884991 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.895983934 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.895998955 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.910687923 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.911361933 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.911469936 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.911469936 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.911506891 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.911520004 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.913149118 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.913178921 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:29.913245916 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.913360119 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:29.913364887 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.143884897 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.143946886 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.206475973 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.206536055 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.492301941 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.492860079 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.492921114 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.493295908 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.493309021 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.494210005 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.494606972 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.494666100 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.494738102 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.494754076 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.518930912 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.519282103 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.519298077 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.519700050 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.519710064 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.559803963 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.560533047 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.560591936 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.560920000 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.560973883 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.581561089 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.582200050 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.582220078 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.582370043 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.582374096 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.593487024 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.593883991 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.594113111 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.594113111 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.594113111 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.595506907 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.595577002 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.595652103 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.595684052 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.595742941 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.595796108 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.595796108 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.595837116 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.595861912 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.596954107 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.597038031 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.597327948 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.597327948 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.597457886 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.597796917 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.597840071 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.597912073 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.598001957 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.598014116 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.619751930 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.619916916 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.619982958 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.620032072 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.620033026 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.620049953 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.620069981 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.621961117 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.621994972 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.622060061 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.622195959 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.622204065 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.659965038 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.660044909 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.660151005 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.660243988 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.660243988 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.660243988 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.660243988 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.662566900 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.662592888 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.662637949 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.663103104 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.663115978 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.689269066 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.690090895 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.690145016 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.690187931 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.690203905 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.690211058 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.690216064 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.692672014 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.692756891 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.692825079 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.692961931 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.692981958 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.896991014 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.897052050 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:30.973380089 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:30.973442078 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.254281044 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.255625963 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.255707979 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.256093025 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.256145954 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.258989096 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.259283066 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.259296894 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.259587049 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.259591103 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.264938116 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.265259981 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.265317917 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.265590906 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.265604973 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.333630085 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.333920956 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.333936930 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.334278107 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.334285021 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.346678019 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.346971035 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.347024918 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.347453117 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.347503901 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.356528997 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.357033014 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.357253075 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.357254028 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.357254028 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.359909058 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.359991074 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.360104084 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.360219002 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.360244036 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:31.660501957 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:31.660564899 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.406994104 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.407094002 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.407125950 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.407311916 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.407326937 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.407402039 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.407464981 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.407480955 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.407529116 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.407535076 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.407535076 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.407578945 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.407630920 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.407648087 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408082962 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408252001 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408251047 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408319950 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408328056 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.408382893 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.408443928 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408485889 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408548117 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.408622980 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.408638000 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408655882 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.408662081 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408818007 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.408818007 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.408884048 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.408919096 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.411930084 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.411947966 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.412034988 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.412797928 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.412882090 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.412972927 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.413043976 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.413130999 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.413223028 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.413237095 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.413249016 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.413326979 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.413356066 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.413502932 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.413583040 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.413638115 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.413691998 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:32.413770914 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.414012909 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:32.414026022 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.404532909 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.404959917 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.405180931 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.405194044 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.405396938 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.405479908 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.405700922 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.405705929 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.405924082 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.405977964 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.419714928 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.420294046 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.420352936 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.420671940 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.420725107 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.421099901 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.421598911 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.421658039 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.421963930 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.422015905 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.434041977 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.434304953 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.434377909 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.434606075 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.434619904 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.504204988 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.504384995 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.504446030 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.504483938 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.504497051 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.504507065 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.504512072 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.505740881 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.505892038 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.506093979 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.506515026 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.506515026 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.506562948 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.506592989 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.507985115 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.508065939 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.508142948 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.508528948 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.508558989 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.509329081 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.509412050 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.509499073 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.509589911 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.509607077 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.522581100 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.523454905 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.523523092 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.523544073 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.523633003 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.524307966 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.524471045 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.524673939 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.524760008 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.524760008 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.524801016 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.524801016 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.524801016 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.524832964 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.524867058 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.524899006 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.527004957 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.527004957 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.527097940 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.527144909 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.527183056 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.527250051 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.527321100 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.527344942 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.527370930 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.527380943 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.538224936 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.538430929 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.538496971 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.538516998 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.538551092 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.538605928 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.538660049 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.538660049 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.538685083 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.538705111 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.540345907 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.540376902 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:33.540452957 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.540568113 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:33.540601015 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.125052929 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.125699043 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.125722885 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.126076937 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.126080990 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.145240068 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.145764112 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.145813942 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.146059990 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.146074057 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.149924040 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.150247097 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.150253057 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.150680065 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.150685072 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.198271990 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.199074984 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.199134111 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.199985981 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.200040102 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.220033884 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.220598936 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.220657110 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.220963001 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.220980883 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.223843098 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.223917007 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.224005938 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.224024057 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.224076986 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.224277973 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.224322081 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.224350929 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.224366903 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.227185011 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.227272987 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.227380037 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.227463007 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.227484941 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.245197058 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.245255947 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.245307922 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.245320082 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.245475054 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.245517969 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.245562077 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.245610952 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.245626926 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.247692108 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.247729063 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.247807026 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.247946978 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.247953892 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.253467083 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.253619909 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.253674030 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.253703117 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.253705978 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.253714085 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.253716946 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.257076025 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.257086992 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.257150888 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.257302999 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.257308960 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.298253059 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.298284054 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.298579931 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.298630953 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.298701048 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.298701048 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.298701048 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.302444935 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.302527905 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.302618980 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.302911997 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.302992105 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.323137045 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.323189974 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.323255062 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.323287010 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.323425055 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.323426008 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.323447943 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.323494911 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.325292110 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.325376034 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.325479984 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.325561047 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.325582027 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.612628937 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.612694025 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.867726088 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.868459940 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.868546963 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.869082928 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.869137049 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.899097919 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.899703026 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.899736881 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.900319099 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.900325060 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.927731037 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.928090096 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.928103924 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.928600073 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.928606033 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.959861040 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.960381985 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.960464001 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.960768938 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.960822105 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.968595028 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.968790054 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.968863010 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.968957901 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.968997955 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.969047070 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.969063044 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.972275972 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.972309113 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.972374916 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.972503901 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.972507954 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.996687889 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.997237921 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.997318983 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:34.997653961 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:34.997706890 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.001158953 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.002243042 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.002300024 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.002341032 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.002363920 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.002377987 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.002386093 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.006340981 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.006350040 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.006403923 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.007014990 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.007025957 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.047966957 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.048068047 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.048115969 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.048130035 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.048204899 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.048206091 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.048224926 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.048255920 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.048264980 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.048274040 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.052042961 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.052129984 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.052216053 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.052527905 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.052583933 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.062185049 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.062259912 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.062393904 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.062423944 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.062491894 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.062531948 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.062531948 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.062572956 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.062603951 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.064923048 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.065006018 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.065100908 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.065237999 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.065263987 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.099112034 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.099273920 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.099466085 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.099467039 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.099467039 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.101416111 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.101439953 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.101495981 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.101592064 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.101598024 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.410379887 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.410444021 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.642807961 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.646123886 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.646147013 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.646682978 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.646686077 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.691979885 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.693546057 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.693576097 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.694434881 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.695050001 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.695075989 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.695570946 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.695585966 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.696280956 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.696285963 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.739264011 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.740339994 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.740397930 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.740874052 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.740958929 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.748017073 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.748086929 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.748152971 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.748183966 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.748202085 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.748265028 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.748462915 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.748476982 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.748488903 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.748496056 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.751708984 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.751756907 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:35.751853943 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.752012968 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:35.752022982 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.147845984 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.147857904 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.147960901 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.148049116 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.148082972 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.148114920 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.148144960 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.148175001 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.148202896 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.148233891 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.148397923 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.148603916 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.151058912 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.151077032 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.151087999 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.151093006 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.153589964 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.155447006 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.155493975 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.163378954 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.163386106 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.167434931 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.167434931 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.167501926 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.167537928 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.170887947 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.170887947 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.170953035 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.170990944 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.177740097 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.177830935 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.177937984 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.178414106 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.178450108 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.180471897 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.180556059 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.180639982 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.180741072 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.180758953 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.181452036 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.181477070 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.181526899 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.181648970 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.181658030 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.262693882 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.262864113 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.262939930 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.268800020 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.268826008 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.268840075 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.268846989 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.280946016 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.280976057 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.281044960 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.281378031 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.281385899 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.815867901 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.816833973 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.816857100 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.817895889 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.817900896 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.824098110 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.824541092 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.824570894 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.824893951 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.824902058 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.834474087 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.835036039 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.835118055 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.835800886 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.835853100 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.848856926 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.849374056 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.849455118 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.849679947 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.849695921 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.917725086 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.917819023 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.917876005 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.917891979 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.917926073 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.917977095 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.918015003 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.918015003 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.918032885 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.918041945 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.920460939 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.920547962 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.920835018 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.920944929 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.920974970 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.923948050 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.924101114 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.924159050 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.924216986 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.924232960 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.924246073 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.924252987 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.927006006 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.927093983 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.927176952 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.927356958 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.927381039 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.952439070 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.952595949 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.952785969 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.952871084 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.952871084 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.952913046 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.952940941 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.954663992 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.954778910 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.954879999 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.954952002 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.954952002 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.955120087 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.955121040 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.955172062 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.955204010 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.956140041 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.956223965 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.956314087 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.956743956 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.956823111 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.957576990 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.957632065 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.957715988 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.957825899 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.957838058 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.966286898 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.966834068 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.966852903 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:36.967353106 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:36.967359066 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.073416948 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.073592901 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.073678017 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.073848963 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.073863983 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.073874950 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.073879957 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.076196909 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.076261997 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.076354027 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.076678991 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.076708078 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.597601891 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.598221064 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.598278046 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.598843098 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.598895073 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.614706039 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.615262032 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.615324020 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.615849972 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.615864038 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.622364998 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.622837067 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.622869015 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.623153925 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.623182058 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.629302025 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.629628897 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.629714966 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.630732059 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.630784988 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.713496923 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.713574886 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.713748932 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.714104891 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.714104891 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.714174032 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.714211941 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.716975927 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.717082024 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.717190981 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.717402935 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.717427015 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.720653057 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.720840931 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.720927954 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.721009970 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.721054077 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.721081018 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.721097946 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.723432064 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.723521948 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.723625898 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.723896980 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.723957062 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.730389118 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.730417013 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.730467081 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.730568886 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.730568886 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.730803967 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.730803967 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.730837107 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.730854034 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.732383966 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.732819080 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.732841015 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.733074903 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.733197927 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.733216047 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.733242989 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.733278036 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.733607054 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.733689070 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.735825062 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.735896111 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.735965967 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.736026049 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.736068010 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.736130953 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.736179113 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.736179113 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.736212015 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.736236095 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.738521099 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.738547087 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.738631964 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.738786936 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.738797903 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.862380028 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.862557888 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.862683058 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.862942934 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.862984896 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.863035917 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.863049030 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.866028070 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.866069078 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:37.866159916 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.866362095 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:37.866373062 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.290050983 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.293673992 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.293756962 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.294105053 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.294122934 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.357300043 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.360102892 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.360152960 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.360752106 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.360766888 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.393021107 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.393099070 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.393210888 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.393342018 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.393572092 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.393572092 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.393572092 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.393613100 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.396301031 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.396425009 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.396524906 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.396641970 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.396670103 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.418376923 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.419785023 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.419872046 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.420156956 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.420209885 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.429577112 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.429852009 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.429864883 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.430171967 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.430176973 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.478702068 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.478924990 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.479115009 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.481538057 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.481580019 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.481606960 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.481625080 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.501662970 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.501749992 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.502003908 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.502130032 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.502161026 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.536417007 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.536669016 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.536951065 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.566179037 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.566251993 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.566373110 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.566370010 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.566440105 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.573573112 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.575076103 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.575076103 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.575109959 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.575130939 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.577023983 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.577069044 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.577662945 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.577668905 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.577850103 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.577851057 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.577882051 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.577903032 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.581026077 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.581062078 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.581139088 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.581427097 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.581437111 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.588885069 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.588927984 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.589013100 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.589210987 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.589219093 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.678076029 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.678251982 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.678421974 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.682570934 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.682636023 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.686908007 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.686908007 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.686922073 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.686932087 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.699451923 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.699537039 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:38.699626923 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.699911118 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:38.699970961 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.386049032 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.386667967 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.386693001 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.387329102 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.387336016 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.388317108 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.388643980 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.388658047 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.389102936 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.389107943 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.491698027 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.492717028 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.492805958 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.492865086 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.492865086 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.492899895 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.492924929 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.494894981 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.495081902 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.495152950 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.495197058 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.495197058 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.495213985 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.495235920 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.496072054 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.496161938 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.496445894 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.496445894 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.496573925 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.497291088 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.497338057 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.497392893 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.497478962 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.497488976 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.576302052 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.576747894 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.576787949 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.576901913 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.577208042 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.577214956 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.577219009 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.577244997 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.577769041 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.577775955 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.577982903 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.578418970 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.578500032 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.578563929 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.578577995 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.674947977 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.675111055 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.675321102 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.675390959 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.675421953 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.675438881 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.675445080 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.678814888 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.678905010 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.678989887 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679059029 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679153919 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679162979 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679236889 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679236889 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679266930 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679299116 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679326057 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679326057 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679368973 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679398060 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679502010 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679568052 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679614067 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679641962 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679673910 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679718018 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679740906 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679758072 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679758072 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.679766893 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.679774046 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.681536913 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.681627035 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.681710005 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.681731939 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.681756973 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.681817055 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.681879044 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.681896925 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.681922913 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:39.681931973 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:39.785455942 CEST	49883	443	192.168.2.4	142.250.185.132
Oct 3, 2024 18:17:39.785491943 CEST	443	49883	142.250.185.132	192.168.2.4
Oct 3, 2024 18:17:40.138427019 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.138993025 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.139020920 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.139713049 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.139719963 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.143192053 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.143600941 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.143631935 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.144154072 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.144161940 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.237912893 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.237981081 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.238049030 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.238065004 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.238086939 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.238135099 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.238858938 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.238873005 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.238883972 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.238889933 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.242409945 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.242502928 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.242608070 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.242784977 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.242805004 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.270684958 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.270872116 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.270952940 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.271020889 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.271022081 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.271054983 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.271076918 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.273627996 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.273715019 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.273823023 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.273962975 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.273983002 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.324831009 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.325329065 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.325402021 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.325759888 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.325911045 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.325927019 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.326173067 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.326200008 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.326657057 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.326667070 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.346641064 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.347117901 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.347202063 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.347712994 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.347764969 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.423934937 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.423959970 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.424128056 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.424233913 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.424340963 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.424365997 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.424413919 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.424444914 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.424444914 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.424465895 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.450547934 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.450690985 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.450901985 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.460381985 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.460381985 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.460455894 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.460486889 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.462836027 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.462836027 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.462902069 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.462930918 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.465809107 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.465873957 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.465956926 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.466625929 CEST	50014	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.466658115 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.466727972 CEST	50014	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.466849089 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.466934919 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.466972113 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.466996908 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.467008114 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.467093945 CEST	50014	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.467113972 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.467189074 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.467225075 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.913126945 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.914083958 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.914129972 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.914716959 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.914743900 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.959063053 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.959717035 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.959760904 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:40.960302114 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:40.960309029 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.029639959 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.029653072 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.029683113 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.029750109 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.029759884 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.029822111 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.029853106 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.030155897 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.030158997 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.030158997 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.030185938 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.030190945 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.030201912 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.030203104 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.030210972 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.033402920 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.034060001 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.034070015 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.034090042 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.034102917 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.034168005 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.034279108 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.034291983 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.034318924 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.034378052 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.034470081 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.034487009 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.034799099 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.034816980 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.034915924 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.034921885 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.035116911 CEST	50014	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.035125017 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.035629034 CEST	50014	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.035634041 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.038400888 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.038786888 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.038805008 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.039333105 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.039339066 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.134772062 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.134938002 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.135020971 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.135171890 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.135190964 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.135205030 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.135211945 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.138816118 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.138911963 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.139012098 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.139260054 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.139296055 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.139324903 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.139411926 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.139472961 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.139586926 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.139586926 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.139611959 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.139632940 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.142194033 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.142246008 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.142339945 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.142520905 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.142538071 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.301753998 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.301934958 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.302018881 CEST	50014	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.302335978 CEST	50014	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.302362919 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.302433968 CEST	50014	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.302445889 CEST	443	50014	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.305483103 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.305573940 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:42.305670977 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.305831909 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:42.305850029 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.008383989 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.008856058 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.008959055 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.008992910 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.009438038 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.009447098 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.009722948 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.009740114 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.009743929 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.009784937 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.010380983 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.010390997 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.010732889 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.010763884 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.011239052 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.011245966 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.011835098 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.011843920 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.012449026 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.012454987 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.107908964 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.108125925 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.108185053 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.108302116 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.108324051 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.108338118 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.108345032 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.108592033 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.108634949 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.108748913 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.108799934 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.108805895 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.108855009 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.109111071 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.109175920 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.109807014 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.109839916 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.109858990 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.109869003 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.110466003 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.110496044 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.110515118 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.110523939 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.113517046 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.113557100 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.113616943 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.114247084 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.114281893 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.114340067 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.114496946 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.114567995 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.114615917 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.114696026 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.114716053 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.114780903 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.114801884 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.115376949 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.115421057 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.115474939 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.115557909 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.115571022 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.115588903 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.115600109 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.115613937 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.115618944 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.117296934 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.117367029 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.117443085 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.117546082 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.117578030 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.196568966 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.197187901 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.197269917 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.197937012 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.197958946 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.298945904 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.299288988 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.299357891 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.299514055 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.299514055 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.299534082 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.299545050 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.302707911 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.302753925 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.302839994 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.303025007 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.303040981 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.982908964 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.983673096 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.983707905 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.984340906 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.984349012 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.990840912 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.990854979 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.991247892 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.991265059 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.991363049 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.991405010 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.991714001 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.991720915 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:43.991904020 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:43.991910934 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.000185013 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.000860929 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.000900984 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.001569986 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.001581907 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.006736040 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.007232904 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.007313013 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.007807016 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.007822037 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.097527981 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.097681046 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.097754002 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.097914934 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.097938061 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.097950935 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.097958088 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.101706028 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.101727962 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.101785898 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.101856947 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.102056980 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.102077007 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.102277040 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.102339983 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.102415085 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.102420092 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.102435112 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.102440119 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.103482962 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.103605986 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.103656054 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.103671074 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.103722095 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.103745937 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.103748083 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.103769064 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.103784084 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.103790998 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.103991032 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.104029894 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.104036093 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.104073048 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.104123116 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.104145050 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.104160070 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.104166985 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.106024027 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.106062889 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.106110096 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.106309891 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.106323957 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.108037949 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.108103991 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.108155012 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.108222008 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.108243942 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.108299971 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.108335018 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.108361959 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.108457088 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.108479023 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.112047911 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.112396955 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.112461090 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.112556934 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.112556934 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.112601042 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.112627983 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.115305901 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.115317106 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.115366936 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.115482092 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.115489006 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.740988016 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.741585016 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.741606951 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.742228031 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.742235899 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.752340078 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.752623081 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.752640009 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.753067017 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.753072023 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.755625010 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.756066084 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.756092072 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.756520987 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.756525040 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.766655922 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.767010927 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.767026901 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.767492056 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.767496109 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.774663925 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.774952888 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.774965048 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.775302887 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.775306940 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.840545893 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.840681076 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.840786934 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.840876102 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.840894938 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.840912104 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.840919018 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.843776941 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.843826056 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.843888044 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.844034910 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.844053984 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.851855993 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.851902008 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.851943970 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.852154970 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.852175951 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.852189064 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.852195024 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.854418993 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.854460001 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.854532003 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.854636908 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.854648113 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.867377043 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.867454052 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.867510080 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.867594957 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.867613077 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.867635012 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.867640972 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.869962931 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.869973898 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.870034933 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.870167971 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.870177031 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.882615089 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.883863926 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.883908987 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.883909941 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.883955956 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.883989096 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.883999109 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.884012938 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.884017944 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.885966063 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.885979891 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.886039019 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.886142015 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.886156082 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.951960087 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.951987028 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.952060938 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.952168941 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.952380896 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.952380896 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.953191042 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.953203917 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.955355883 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.955423117 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:44.955507040 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.955698967 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:44.955719948 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.646437883 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.647456884 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.647519112 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.648057938 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.648073912 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.651773930 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.652296066 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.652375937 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.652709007 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.652725935 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.694116116 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.694587946 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.694613934 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.695132971 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.695143938 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.744160891 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.744667053 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.744726896 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.745125055 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.745138884 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.747426033 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.747684002 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.747740984 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.748147011 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.748157024 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.754601955 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.754652977 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.754717112 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.754744053 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.754954100 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.754987001 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.755008936 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.755430937 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.755532026 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.755589008 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.757389069 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.757553101 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.757612944 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.757658005 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.757682085 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.757697105 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.757705927 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.757972002 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.758018017 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.758101940 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.758285999 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.758301020 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.760041952 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.760051966 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.760123014 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.760240078 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.760251045 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.828875065 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.828934908 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.829090118 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.829096079 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.829161882 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.829200983 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.829243898 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.829273939 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.829288960 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.831228018 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.831262112 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.831317902 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.831418991 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.831428051 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.852018118 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.852047920 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.852106094 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.852145910 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.852205038 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.852360010 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.852444887 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.852469921 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.852485895 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.852497101 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.854861021 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.854887962 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.854970932 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.855071068 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.855081081 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.867939949 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.867986917 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.868108988 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.868163109 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.868235111 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.868235111 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.868235111 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.870307922 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.870343924 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:45.870404005 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.870518923 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:45.870533943 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:46.175587893 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:46.175638914 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.110661983 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.112669945 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.113097906 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.113176107 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.114192963 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.114212036 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.114862919 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.114886045 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.115446091 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.115454912 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.116693974 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.117239952 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.117260933 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.117666960 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.117791891 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.117799044 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.118086100 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.118164062 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.118571997 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.118585110 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.212186098 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.212327003 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.212408066 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.212563992 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.212606907 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.214920044 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.215012074 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.215073109 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.216087103 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.216109037 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.216134071 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.216149092 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.218251944 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.218301058 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.218367100 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.219788074 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.219830990 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.219846964 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.219911098 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.219945908 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.219999075 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.220237970 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.220251083 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.220370054 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.220383883 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.220534086 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.220549107 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.220562935 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.220568895 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.221257925 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.221457958 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.221535921 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.221615076 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.221659899 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.221687078 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.221703053 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.226043940 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.226089001 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.226154089 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.226340055 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.226358891 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.227020979 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.227051020 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.227116108 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.231722116 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.231735945 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.559942007 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.560798883 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.560828924 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.561594009 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.561605930 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.658473969 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.658585072 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.658687115 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.658715010 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.658860922 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.658865929 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.658883095 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.658932924 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.659118891 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.659132004 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.659142971 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.659147978 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.663496971 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.663536072 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.663639069 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.663861990 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.663882017 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.868712902 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.869467974 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.869493961 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.870033026 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.870038033 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.870197058 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.870631933 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.870668888 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.871198893 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.871203899 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.881980896 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.882688999 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.882730007 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.883253098 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.883256912 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.902359009 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.902806044 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.902842999 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.903422117 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.903429031 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.969866991 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.969926119 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.970019102 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.970048904 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.970084906 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.970143080 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.970390081 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.970406055 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.970415115 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.970421076 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.972943068 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.973012924 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.973056078 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.973098040 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.973119974 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.973141909 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.973171949 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.976074934 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.976125002 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.976243019 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.976398945 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.976408958 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.985346079 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.985373974 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.985562086 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.985591888 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.985701084 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.985719919 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.985727072 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.985877991 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.985920906 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.986011982 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.989063025 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.989150047 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:47.989252090 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.991651058 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:47.991683960 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.053498983 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.053531885 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.053560019 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.053648949 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.053687096 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.053715944 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.053751945 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.058296919 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.058392048 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.058406115 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.058475018 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.058528900 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.061358929 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.061373949 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.061384916 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.061392069 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.065593958 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.065640926 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.065746069 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.065929890 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.065943956 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.128577948 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.128612041 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.128643990 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.128654003 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.128668070 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.128717899 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.131084919 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.131102085 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.131114006 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.131120920 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.136457920 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.136491060 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.136543989 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.137664080 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.137680054 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.330323935 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.330946922 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.330967903 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.331490040 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.331496000 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.430362940 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.430418968 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.430500984 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.430512905 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.430558920 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.430742979 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.430845976 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.430891991 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.430913925 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.430924892 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.430932999 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.430938959 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.430942059 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.434480906 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.434526920 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.434608936 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.434808016 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.434819937 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.616260052 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.617083073 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.617158890 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.617616892 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.617630959 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.664904118 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.665653944 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.665682077 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.666171074 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.666177034 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.715538979 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.715569973 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.715665102 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.715728998 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.716029882 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.716029882 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.716065884 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.716093063 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.720534086 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.720585108 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.720675945 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.720854998 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.720871925 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.746283054 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.746855021 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.746952057 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.747456074 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.747483015 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.770049095 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.770320892 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.770385981 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.770570040 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.770595074 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.770608902 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.770617008 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.774386883 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.774483919 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.774579048 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.774756908 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.774794102 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.778125048 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.778584003 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.778616905 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.779293060 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.779299021 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.853374958 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.853451967 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.853537083 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.853945017 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.853945017 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.853984118 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.854002953 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.857646942 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.857744932 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.857888937 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.858127117 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.858165979 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.878137112 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.878308058 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.878392935 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.878474951 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.878474951 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.878519058 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.878545046 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.881588936 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.881683111 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:48.881799936 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.882025957 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:48.882057905 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.145947933 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.146619081 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.146703959 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.147278070 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.147293091 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.464710951 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.464962959 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.465060949 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.465153933 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.465198994 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.465231895 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.465249062 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.469253063 CEST	50056	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.469305038 CEST	443	50056	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.469410896 CEST	50056	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.469616890 CEST	50056	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.469633102 CEST	443	50056	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.558482885 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.559231997 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.559281111 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.559871912 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.559885025 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.561438084 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.561774015 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.561806917 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.562243938 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.562253952 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.572230101 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.572654963 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.572710991 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.573122025 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.573134899 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.659580946 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.659652948 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.659780025 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.660324097 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.660536051 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.660540104 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.660583019 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.660613060 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.660613060 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.660634041 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.662420034 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.662441969 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.662463903 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.662475109 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.681345940 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.681633949 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.681710005 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.681735992 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.681809902 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.681879997 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.681925058 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.681957006 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.681972980 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.776207924 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.776815891 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.776853085 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.777472973 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.777489901 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.874963045 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.875184059 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.875323057 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.898169994 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.898246050 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:49.898286104 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:49.898303986 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:50.071125984 CEST	443	50056	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:50.102935076 CEST	50056	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:50.102972984 CEST	443	50056	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:50.103424072 CEST	50056	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:50.103441000 CEST	443	50056	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:51.238280058 CEST	443	50056	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:51.238465071 CEST	443	50056	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:51.238621950 CEST	50056	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:51.238663912 CEST	50056	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:51.238663912 CEST	50056	443	192.168.2.4	13.107.246.60
Oct 3, 2024 18:17:51.238684893 CEST	443	50056	13.107.246.60	192.168.2.4
Oct 3, 2024 18:17:51.238698006 CEST	443	50056	13.107.246.60	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 18:16:11.963056087 CEST	49457	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:11.963228941 CEST	63819	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:12.180543900 CEST	53	52083	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:12.180609941 CEST	53	58169	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:12.180632114 CEST	53	63819	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:12.180711985 CEST	53	49457	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:13.334887981 CEST	59471	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:13.335280895 CEST	57707	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:13.343482971 CEST	53	59471	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:13.345201015 CEST	53	57707	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:13.346112967 CEST	53	54399	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:16.473275900 CEST	59714	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:16.473428011 CEST	55147	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:16.480211973 CEST	53	59714	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:16.480947971 CEST	53	55147	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:19.097579002 CEST	53	57327	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:21.689418077 CEST	53819	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:21.689616919 CEST	54555	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:21.696762085 CEST	53	53819	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:21.697999001 CEST	53	54555	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:22.803365946 CEST	51720	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:22.803757906 CEST	53402	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:16:22.810522079 CEST	53	51720	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:22.810568094 CEST	53	53402	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:23.102128983 CEST	138	138	192.168.2.4	192.168.2.255
Oct 3, 2024 18:16:24.419287920 CEST	53	59134	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:30.459474087 CEST	53	61636	1.1.1.1	192.168.2.4
Oct 3, 2024 18:16:49.357407093 CEST	53	63592	1.1.1.1	192.168.2.4
Oct 3, 2024 18:17:11.811007977 CEST	53	57050	1.1.1.1	192.168.2.4
Oct 3, 2024 18:17:12.027327061 CEST	53	59214	1.1.1.1	192.168.2.4
Oct 3, 2024 18:17:23.843159914 CEST	53	60067	1.1.1.1	192.168.2.4
Oct 3, 2024 18:17:25.396888971 CEST	50300	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:17:25.397017002 CEST	64330	53	192.168.2.4	1.1.1.1
Oct 3, 2024 18:17:25.403696060 CEST	53	50300	1.1.1.1	192.168.2.4
Oct 3, 2024 18:17:25.405019999 CEST	53	64330	1.1.1.1	192.168.2.4
Oct 3, 2024 18:17:39.793378115 CEST	53	59328	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2024 18:16:11.963056087 CEST	192.168.2.4	1.1.1.1	0x14fb	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:11.963228941 CEST	192.168.2.4	1.1.1.1	0xbfc4	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 3, 2024 18:16:13.334887981 CEST	192.168.2.4	1.1.1.1	0x3c89	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.335280895 CEST	192.168.2.4	1.1.1.1	0x6435	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 3, 2024 18:16:16.473275900 CEST	192.168.2.4	1.1.1.1	0xf45a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:16.473428011 CEST	192.168.2.4	1.1.1.1	0x3972	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 3, 2024 18:16:21.689418077 CEST	192.168.2.4	1.1.1.1	0x50d0	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:21.689616919 CEST	192.168.2.4	1.1.1.1	0x179d	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 3, 2024 18:16:22.803365946 CEST	192.168.2.4	1.1.1.1	0x7ae3	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:22.803757906 CEST	192.168.2.4	1.1.1.1	0x7659	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 3, 2024 18:17:25.396888971 CEST	192.168.2.4	1.1.1.1	0xdb8e	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:17:25.397017002 CEST	192.168.2.4	1.1.1.1	0x13d8	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 3, 2024 18:16:12.180632114 CEST	1.1.1.1	192.168.2.4	0xbfc4	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 3, 2024 18:16:12.180711985 CEST	1.1.1.1	192.168.2.4	0x14fb	No error (0)	youtube.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.343482971 CEST	1.1.1.1	192.168.2.4	0x3c89	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:13.345201015 CEST	1.1.1.1	192.168.2.4	0x6435	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 18:16:13.345201015 CEST	1.1.1.1	192.168.2.4	0x6435	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 3, 2024 18:16:16.480211973 CEST	1.1.1.1	192.168.2.4	0xf45a	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:16.480947971 CEST	1.1.1.1	192.168.2.4	0x3972	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 3, 2024 18:16:21.696762085 CEST	1.1.1.1	192.168.2.4	0x50d0	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 18:16:21.696762085 CEST	1.1.1.1	192.168.2.4	0x50d0	No error (0)	www3.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:16:21.697999001 CEST	1.1.1.1	192.168.2.4	0x179d	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 18:16:22.810522079 CEST	1.1.1.1	192.168.2.4	0x7ae3	No error (0)	play.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 3, 2024 18:17:25.403696060 CEST	1.1.1.1	192.168.2.4	0xdb8e	No error (0)	play.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

accounts.youtube.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	142.250.185.238	443	6884	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:16:12 UTC	851	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 16:16:13 UTC	1704	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Thu, 03 Oct 2024 16:16:13 GMT Date: Thu, 03 Oct 2024 16:16:13 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Content-Security-Policy: require-trusted-types-for 'script' Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Server: ESF Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	172.217.16.206	443	6884	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:16:14 UTC	869	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 16:16:14 UTC	2634	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 03 Oct 2024 16:16:14 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Content-Security-Policy: require-trusted-types-for 'script' Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Thu, 03-Oct-2024 16:46:14 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=qusGJk9XSP4; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=oqY5ICC8iFg; Domain=.youtube.com; Expires=Tue, 01-Apr-2025 16:16:14 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgMQ%3D%3D; Domain=.youtube.com; Expires=Tue, 01-Apr-2025 16:16:14 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:16:17 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-03 16:16:17 UTC	465	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=1719 Date: Thu, 03 Oct 2024 16:16:17 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:16:18 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-03 16:16:18 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25938 Date: Thu, 03 Oct 2024 16:16:18 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-03 16:16:18 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49756	216.58.206.78	443	6884	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:16:22 UTC	1217	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1075052270&timestamp=1727972180607 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 16:16:22 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: script-src 'report-sample' 'nonce-hgHrG9d5O2hRoFZyPg5swA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 03 Oct 2024 16:16:22 GMT Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmJw0JBikPj6kkkNiJ3SZ7AGAHHSv_OsBUB8ufsS63UgVu25xGoMxEUSV1gbgFiIh-Na2-_tbAILdv5tZVLSS8ovjM9MSc0rySypTMnPTczMS87Pz85MLS5OLSpLLYo3MjAyMbA0MtIzsIgvMAAA3bQtiA" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 37 36 32 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 68 67 48 72 47 39 64 35 4f 32 68 52 6f 46 5a 79 50 67 35 73 77 41 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 7620<html><head><script nonce="hgHrG9d5O2hRoFZyPg5swA">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 63 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ca:k,error:l});return e}},tb=function(a){var b=h
2024-10-03 16:16:22 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	142.250.185.132	443	6884	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:16:24 UTC	1017	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 16:16:24 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 03 Oct 2024 15:43:02 GMT Expires: Fri, 11 Oct 2024 15:43:02 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 2002 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-03 16:16:24 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-03 16:16:24 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-03 16:16:24 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-03 16:16:24 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-03 16:16:24 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49769	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:16:25 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UMfhhdA2rltUCLe&MD=zTzhemOD HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-03 16:16:26 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 5f1fbec8-322e-44a0-8f22-8959663d3cfe MS-RequestId: 4afc12e2-452b-477f-b19e-11d64393fe1d MS-CV: ouUHMu0S8Uq/W3/E.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 03 Oct 2024 16:16:25 GMT Connection: close Content-Length: 24490
2024-10-03 16:16:26 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-03 16:16:26 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49784	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:16:59 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:16:59 UTC	561	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:16:59 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT ETag: "0x8DCE1521DF74B57" x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161659Z-15767c5fc55whfstvfw43u8fp40000000bag00000000req1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:16:59 UTC	15823	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-03 16:16:59 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <S T="1" F="0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L>
2024-10-03 16:16:59 UTC	16384	IN	Data Raw: 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d Data Ascii: <S T="3" /> </T> <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-
2024-10-03 16:16:59 UTC	16384	IN	Data Raw: 6e 74 73 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a Data Ascii: nts" /> </C> <C T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" />
2024-10-03 16:16:59 UTC	16384	IN	Data Raw: 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: </S> <C T="U32" I="0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32"
2024-10-03 16:16:59 UTC	16384	IN	Data Raw: 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 Data Ascii: _Count"> <C> <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S
2024-10-03 16:16:59 UTC	16384	IN	Data Raw: 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 Data Ascii: <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3"
2024-10-03 16:17:00 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 Data Ascii: </L> <R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false
2024-10-03 16:17:00 UTC	16384	IN	Data Raw: 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: T="B" /> </R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" />
2024-10-03 16:17:00 UTC	16384	IN	Data Raw: 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: O> </F> <F T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49787	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:00 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:00 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:00 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161700Z-15767c5fc55lghvzbxktxfqntw0000000az000000000am7r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:00 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49788	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:00 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:00 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:00 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 39d43082-801e-00ac-658c-15fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161700Z-15767c5fc55sdcjq8ksxt4n9mc00000000f0000000006zeu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:00 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49789	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:00 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:00 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:00 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161700Z-15767c5fc55fdfx81a30vtr1fw0000000bng000000009ehv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:00 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49785	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:00 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:00 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:00 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 1cc2ff82-e01e-0071-478c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161700Z-15767c5fc55gq5fmm10nm5qqr80000000bag00000000n17z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:00 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49786	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:00 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:00 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:00 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: b9d87bc4-001e-008d-138c-15d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161700Z-15767c5fc55sdcjq8ksxt4n9mc00000000eg000000007qhw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:00 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49792	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:01 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:01 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161701Z-15767c5fc55xsgnlxyxy40f4m00000000b4g00000000hg2m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:01 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49790	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:01 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:01 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161701Z-15767c5fc55fdfx81a30vtr1fw0000000bg000000000vcgk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:01 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49791	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:01 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:01 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161701Z-15767c5fc55d6fcl6x6bw8cpdc0000000b1g00000000yttp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:01 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49793	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:01 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:01 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:01 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 3a0dc1eb-601e-0032-608c-15eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161701Z-15767c5fc55kg97hfq5uqyxxaw0000000b8g00000000fk01 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:01 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49794	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:01 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:01 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161701Z-15767c5fc55tsfp92w7yna557w0000000b5g00000000vnn5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:01 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49795	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:02 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:02 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161702Z-15767c5fc55lghvzbxktxfqntw0000000awg00000000pk2w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:02 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49798	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:02 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:02 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: e0871f45-901e-00a0-0d8c-156a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161702Z-15767c5fc55qdcd62bsn50hd6s0000000b1g00000000f117 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:02 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49797	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:02 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:02 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161702Z-15767c5fc55lghvzbxktxfqntw0000000ayg00000000d5q4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:02 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49796	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:02 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:02 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161702Z-15767c5fc55jdxmppy6cmd24bn00000003hg000000007rp3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:02 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49799	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:02 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:02 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 023e3944-a01e-003d-708c-1598d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161702Z-15767c5fc55whfstvfw43u8fp40000000b8g000000010adk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:02 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49801	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: c54fb296-901e-008f-528c-1567a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161702Z-15767c5fc552g4w83buhsr3htc0000000bc0000000001auv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49800	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: a68dfe67-f01e-0052-588c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161703Z-15767c5fc5546rn6ch9zv310e0000000046g00000000k4d0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49803	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: dc68ccfc-201e-006e-438c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161703Z-15767c5fc55qdcd62bsn50hd6s0000000b2000000000dk2d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49804	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 79ade187-001e-0065-788c-150b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161703Z-15767c5fc55gq5fmm10nm5qqr80000000bcg00000000c1wf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49802	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161703Z-15767c5fc55sdcjq8ksxt4n9mc00000000hg000000007kpm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49805	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 0da94923-701e-0097-168c-15b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161703Z-15767c5fc55sdcjq8ksxt4n9mc00000000p0000000004yt2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49806	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 8e9c869d-201e-000c-4b8c-1579c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161703Z-15767c5fc55ncqdn59ub6rndq00000000azg000000008bqx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49807	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161703Z-15767c5fc55gq5fmm10nm5qqr80000000bf000000000305e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49808	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:03 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:03 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 09e6f7ee-001e-0034-548c-15dd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161703Z-15767c5fc55rg5b7sh1vuv8t7n0000000bn000000000a0pc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:03 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49810	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:04 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:04 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161704Z-15767c5fc55gq5fmm10nm5qqr80000000bd000000000axaq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:04 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49809	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:04 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UMfhhdA2rltUCLe&MD=zTzhemOD HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-03 16:17:04 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 99b99cd4-66e3-436f-ac79-0aa5819143ed MS-RequestId: bbfefeea-f047-4ae7-b3d9-7e4ae3d7cf12 MS-CV: Rss7KmH5pESJUyix.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 03 Oct 2024 16:17:04 GMT Connection: close Content-Length: 30005
2024-10-03 16:17:04 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-03 16:17:04 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49814	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:04 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161704Z-15767c5fc55qdcd62bsn50hd6s0000000b4g000000003c3q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49811	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:04 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:04 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161704Z-15767c5fc55w69c2zvnrz0gmgw0000000bm0000000001h2w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:04 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49815	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:05 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:05 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 831ef799-b01e-0098-7b8c-15cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161705Z-15767c5fc5546rn6ch9zv310e0000000046000000000nxau x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:05 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49816	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:05 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:05 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161705Z-15767c5fc55w69c2zvnrz0gmgw0000000bk0000000005qm4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:05 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49817	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:05 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:05 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 4b0a3852-c01e-00ad-3b8c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161705Z-15767c5fc55gs96cphvgp5f5vc0000000b2000000000xaur x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:05 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49813	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:06 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:06 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 75493038-e01e-00aa-508c-15ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161706Z-15767c5fc55fdfx81a30vtr1fw0000000bqg000000000mz0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:06 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49812	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:06 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:06 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 6a901ce3-301e-005d-708c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161706Z-15767c5fc55fdfx81a30vtr1fw0000000bqg000000000mz1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:06 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49818	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:06 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:06 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:06 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: eccf174e-001e-0079-238c-1512e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161706Z-15767c5fc554wklc0x4mc5pq0w0000000bgg00000000u16a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:06 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49820	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:06 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:06 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: bb2e28bd-501e-0016-0b8c-15181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161706Z-15767c5fc554w2fgapsyvy8ua00000000as000000000gw8f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:06 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49819	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:06 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:06 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 76615707-c01e-0082-6a8c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161706Z-15767c5fc55472x4k7dmphmadg0000000b00000000006py0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:06 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49822	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:07 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:07 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 0dcb6c6d-e01e-0003-668c-150fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161707Z-15767c5fc55sdcjq8ksxt4n9mc00000000eg000000007qwx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:07 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49821	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:07 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:07 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161707Z-15767c5fc55lghvzbxktxfqntw0000000aug00000000xuxq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:07 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49823	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:07 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:07 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161707Z-15767c5fc554wklc0x4mc5pq0w0000000bhg00000000p98q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:07 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49824	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:07 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:07 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161707Z-15767c5fc554l9xf959gp9cb1s00000005f0000000009a2w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:07 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49825	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:07 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:07 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 772ea1ab-e01e-003c-188c-15c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161707Z-15767c5fc55w69c2zvnrz0gmgw0000000bgg00000000amf5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:07 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49826	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:07 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:07 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 3a0dcc46-601e-0032-6c8c-15eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161707Z-15767c5fc55xsgnlxyxy40f4m00000000b8g0000000021we x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:07 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49827	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:07 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:07 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161707Z-15767c5fc55fdfx81a30vtr1fw0000000bqg000000000n2d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:07 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49828	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:07 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:07 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161707Z-15767c5fc5546rn6ch9zv310e0000000048g00000000a6t1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:08 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49829	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:08 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:08 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161708Z-15767c5fc55v7j95gq2uzq37a00000000bc000000000xvep x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:08 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49830	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:08 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:08 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 75858473-001e-000b-318c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161708Z-15767c5fc55rg5b7sh1vuv8t7n0000000bgg00000000smsu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:08 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49831	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:08 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:08 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:08 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: b9a197f6-401e-0078-3b8c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161708Z-15767c5fc554w2fgapsyvy8ua00000000au0000000008d86 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:08 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49832	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:08 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:08 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:08 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 76252b1b-c01e-0066-488c-15a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161708Z-15767c5fc55472x4k7dmphmadg0000000aug00000000xfue x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:08 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49833	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:09 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:09 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161709Z-15767c5fc55lghvzbxktxfqntw0000000av000000000w9tv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:09 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49834	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:09 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:09 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 2f8443ca-b01e-0070-308c-151cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161709Z-15767c5fc55jdxmppy6cmd24bn00000003m00000000020gg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:09 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49835	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:09 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:09 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161709Z-15767c5fc55qdcd62bsn50hd6s0000000b4g000000003cba x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:09 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49836	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:09 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:09 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161709Z-15767c5fc55dtdv4d4saq7t47n0000000b2000000000cg1m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:09 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49837	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:09 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:09 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161709Z-15767c5fc55n4msds84xh4z67w00000004v000000000z10v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:09 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49838	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:09 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:09 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161709Z-15767c5fc55472x4k7dmphmadg0000000b1g00000000182t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:09 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49839	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:10 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:10 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161710Z-15767c5fc55xsgnlxyxy40f4m00000000b7g000000005ryq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:10 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49840	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:10 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:10 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: cce0beff-001e-0082-398c-155880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161710Z-15767c5fc55jdxmppy6cmd24bn00000003e000000000q8bw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:10 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49841	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:10 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:10 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: dc68dac5-201e-006e-298c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161710Z-15767c5fc55whfstvfw43u8fp40000000bc000000000hfbm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:10 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49842	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:10 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:10 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: be018b72-401e-0035-7e8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161710Z-15767c5fc55d6fcl6x6bw8cpdc0000000b6g00000000996f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:10 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49843	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:10 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:10 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 4da5c699-a01e-0070-198c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161710Z-15767c5fc55rg5b7sh1vuv8t7n0000000bmg00000000cprp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:10 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49844	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:10 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:10 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161710Z-15767c5fc55rg5b7sh1vuv8t7n0000000bh000000000sc8d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:10 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49845	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:10 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:10 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 801e2bd2-b01e-0021-6a8c-15cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161710Z-15767c5fc55dtdv4d4saq7t47n0000000axg00000000y13z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:10 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49847	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:11 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:11 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 285c7e33-c01e-008e-718c-157381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161711Z-15767c5fc55852fxfeh7csa2dn0000000b6g00000000a2qf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:11 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49846	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:11 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:11 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161711Z-15767c5fc552g4w83buhsr3htc0000000bc0000000001bbm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:11 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49849	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:11 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:11 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161711Z-15767c5fc55sdcjq8ksxt4n9mc00000000h0000000006ymb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:11 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49848	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:11 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:11 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 04c46130-501e-0064-028c-151f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161711Z-15767c5fc55472x4k7dmphmadg0000000aw000000000scwm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:11 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49850	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:11 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:11 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 15fe14b4-a01e-0002-638c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161711Z-15767c5fc55w69c2zvnrz0gmgw0000000bgg00000000amp7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:11 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49851	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:12 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:12 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 4da5c882-a01e-0070-628c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161712Z-15767c5fc55w69c2zvnrz0gmgw0000000bm0000000001hvn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:12 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49852	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:12 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:12 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 15fe1592-a01e-0002-378c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161712Z-15767c5fc55n4msds84xh4z67w00000004wg00000000r7x3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:12 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49854	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:12 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:12 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 9bed6e8e-001e-0046-5b8c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161712Z-15767c5fc55w69c2zvnrz0gmgw0000000bbg000000010zxy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:12 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49853	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:12 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:12 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: b9a19b13-401e-0078-148c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161712Z-15767c5fc55n4msds84xh4z67w00000004zg00000000aew0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:12 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49855	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:12 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:12 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:12 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: e08726cd-901e-00a0-738c-156a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161712Z-15767c5fc55jdxmppy6cmd24bn00000003fg00000000fs8r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:12 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49857	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:12 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:12 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161712Z-15767c5fc55w69c2zvnrz0gmgw0000000bk0000000005qwx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:12 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49858	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:12 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:13 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:12 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161712Z-15767c5fc55n4msds84xh4z67w00000004w000000000t4eh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:13 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49860	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:13 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:13 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 4a2177bf-401e-00a3-638c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161713Z-15767c5fc554l9xf959gp9cb1s00000005d000000000hu9h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:13 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49859	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:13 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:13 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: d59d44fd-601e-003e-698c-153248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161713Z-15767c5fc55gs96cphvgp5f5vc0000000b700000000089km x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:13 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49861	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:13 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:13 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 4da5cae8-a01e-0070-0e8c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161713Z-15767c5fc55852fxfeh7csa2dn0000000b70000000008y74 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:13 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49862	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:13 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:13 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:13 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 1cc30b66-e01e-0071-368c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161713Z-15767c5fc554wklc0x4mc5pq0w0000000bqg000000000hg9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:13 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49863	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:13 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:13 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 8e9c9a52-201e-000c-6b8c-1579c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161713Z-15767c5fc5546rn6ch9zv310e0000000047000000000gxbz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:13 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49864	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:13 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:13 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 0da9586c-701e-0097-318c-15b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161713Z-15767c5fc55ncqdn59ub6rndq00000000azg000000008c6g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:13 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49865	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:13 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:14 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:13 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: b9a19cb7-401e-0078-068c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161713Z-15767c5fc55jdxmppy6cmd24bn00000003f000000000k322 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:14 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49866	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:14 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:14 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:14 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 1cc30bd5-e01e-0071-1a8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161714Z-15767c5fc552g4w83buhsr3htc0000000b9g00000000bgn7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:14 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49867	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:14 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:14 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:14 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 82f8c3b9-c01e-0014-418c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161714Z-15767c5fc554w2fgapsyvy8ua00000000ap000000000w31s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:14 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49868	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:14 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:14 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:14 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: 09e7054a-001e-0034-1b8c-15dd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161714Z-15767c5fc55rv8zjq9dg0musxg0000000b5000000000y4x0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:14 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49869	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:14 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:14 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:14 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: b23951fc-501e-005b-2a8c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161714Z-15767c5fc55gq5fmm10nm5qqr80000000b9000000000u37q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:14 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49871	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:15 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:15 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:15 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 7afec079-601e-000d-468c-152618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161715Z-15767c5fc554l9xf959gp9cb1s00000005c000000000neuf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:15 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49870	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:15 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:15 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:15 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: b9a19e00-401e-0078-388c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161715Z-15767c5fc55gs96cphvgp5f5vc0000000b5g00000000fukp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:15 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49873	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:15 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:15 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:15 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: a68e09c4-f01e-0052-148c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161715Z-15767c5fc55tsfp92w7yna557w0000000b7000000000p81w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:15 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49874	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:15 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:15 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:15 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 6a90313a-301e-005d-1a8c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161715Z-15767c5fc55tsfp92w7yna557w0000000bag0000000072hz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:15 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49875	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:15 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:15 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:15 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 1392789d-401e-0047-0e8c-158597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161715Z-15767c5fc55tsfp92w7yna557w0000000b5g00000000vpvf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:15 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49876	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:15 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:15 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:15 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: a76247f8-001e-00a2-558c-15d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161715Z-15767c5fc55kg97hfq5uqyxxaw0000000b5g00000000tfr5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:15 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49877	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:16 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:16 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:16 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161716Z-15767c5fc55472x4k7dmphmadg0000000b00000000006qc4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:16 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49878	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:16 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:16 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:16 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 92784c80-801e-002a-088c-1531dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161716Z-15767c5fc55tsfp92w7yna557w0000000ba0000000008xpz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:16 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49879	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:16 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:16 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:16 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161716Z-15767c5fc55qdcd62bsn50hd6s0000000b3g0000000075e2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:16 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49880	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:16 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:16 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:16 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: c825d9ef-901e-007b-278c-15ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161716Z-15767c5fc55xsgnlxyxy40f4m00000000b5000000000ff7v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:16 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49881	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:17 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:17 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:17 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 6a90350a-301e-005d-348c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161717Z-15767c5fc55jdxmppy6cmd24bn00000003m00000000021av x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:17 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49882	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:17 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:17 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:17 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: ed356ac5-101e-0046-2b8c-1591b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161717Z-15767c5fc554w2fgapsyvy8ua00000000ar000000000n6gs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:17 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49884	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:17 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:17 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:17 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 76616de5-c01e-0082-6f8c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161717Z-15767c5fc55qdcd62bsn50hd6s0000000az000000000ut8r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:17 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49885	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:17 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:17 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:17 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 29534450-901e-0064-768c-15e8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161717Z-15767c5fc55gq5fmm10nm5qqr80000000beg000000004umh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:17 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49886	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:17 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:17 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:17 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 6ec2e3f4-801e-007b-208c-15e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161717Z-15767c5fc55ncqdn59ub6rndq00000000au000000000z9sc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49887	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:17 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:17 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:17 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 0da95f5c-701e-0097-318c-15b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161717Z-15767c5fc55tsfp92w7yna557w0000000b8g00000000gd96 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:17 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49888	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:18 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:18 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:18 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161718Z-15767c5fc552g4w83buhsr3htc0000000b7000000000r71z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:18 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49889	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:18 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:18 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:18 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8be9c1e7-301e-0052-678c-1565d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161718Z-15767c5fc55d6fcl6x6bw8cpdc0000000b7g0000000054gt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:18 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49890	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:18 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:19 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:18 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: dc68e902-201e-006e-0d8c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161718Z-15767c5fc55rv8zjq9dg0musxg0000000b5000000000y56q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:19 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49891	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:18 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:19 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:18 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 21dfe39b-001e-0049-468c-155bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161718Z-15767c5fc55sdcjq8ksxt4n9mc00000000f00000000070h5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:19 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49893	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:19 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:19 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:19 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: ba3c7a68-301e-0099-698c-156683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161719Z-15767c5fc55n4msds84xh4z67w00000004xg00000000mu7p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:19 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49892	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:19 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:19 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:19 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 82f8cc24-c01e-0014-3a8c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161719Z-15767c5fc55852fxfeh7csa2dn0000000b80000000003yk6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:19 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49895	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:19 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:19 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:19 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 76253f94-c01e-0066-328c-15a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161719Z-15767c5fc55dtdv4d4saq7t47n0000000b300000000089r9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:19 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49894	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:19 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:19 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:19 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 023e591f-a01e-003d-618c-1598d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161719Z-15767c5fc55dtdv4d4saq7t47n0000000b3g000000006q4v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:19 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49872	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:19 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:20 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:20 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 3ef81e2a-f01e-001f-3f8c-155dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161720Z-15767c5fc55rg5b7sh1vuv8t7n0000000bq0000000002bat x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:20 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49896	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:19 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:20 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:20 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 819d4321-f01e-0020-6e8c-15956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161720Z-15767c5fc55ncqdn59ub6rndq00000000b00000000006ctt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:20 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49897	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:20 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:20 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:20 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: fb0d4061-601e-0050-198c-152c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161720Z-15767c5fc55rg5b7sh1vuv8t7n0000000bng00000000887g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:20 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49898	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:20 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:20 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:20 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161720Z-15767c5fc55w69c2zvnrz0gmgw0000000bcg00000000wfx1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:20 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49899	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:20 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:20 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:20 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 831f1653-b01e-0098-198c-15cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161720Z-15767c5fc55dtdv4d4saq7t47n0000000ay000000000wy4s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:20 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49901	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:20 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:20 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:20 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: a7582d38-101e-0028-528c-158f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161720Z-15767c5fc55jdxmppy6cmd24bn00000003mg000000000bbk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:20 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49900	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:20 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:20 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:20 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 89fd357a-501e-008f-758c-159054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161720Z-15767c5fc55jdxmppy6cmd24bn00000003d000000000u9d1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:20 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49902	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:21 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:21 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:21 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: a68e0dd8-f01e-0052-1d8c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161721Z-15767c5fc55kg97hfq5uqyxxaw0000000b7000000000n0up x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:21 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49904	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:21 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:22 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:21 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: b2395a75-501e-005b-038c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161721Z-15767c5fc55852fxfeh7csa2dn0000000b4000000000r2rv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:22 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49903	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:21 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:22 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:21 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 757cff4f-401e-000a-528c-154a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161721Z-15767c5fc55gs96cphvgp5f5vc0000000b3000000000tx89 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:22 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49906	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:22 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:22 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:22 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 7baaa16d-b01e-0097-4d8c-154f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161722Z-15767c5fc55tsfp92w7yna557w0000000b7g00000000n78p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:22 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49905	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:22 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:22 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:22 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 9bed7ce1-001e-0046-4f8c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161722Z-15767c5fc55jdxmppy6cmd24bn00000003e000000000q90a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:22 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49907	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:22 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:22 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:22 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 819d44cb-f01e-0020-6f8c-15956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161722Z-15767c5fc55whfstvfw43u8fp40000000bag00000000rfwe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:22 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49908	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:23 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:23 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 9c5056bf-f01e-0003-548c-154453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161723Z-15767c5fc55rv8zjq9dg0musxg0000000b5000000000y5f0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:23 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49909	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:23 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:23 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 89fd37a1-501e-008f-6d8c-159054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161723Z-15767c5fc55xsgnlxyxy40f4m00000000b1g00000000xx31 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:23 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49910	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:23 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:23 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 42bb1403-701e-005c-578c-15bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161723Z-15767c5fc55472x4k7dmphmadg0000000azg000000008fey x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:23 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49911	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:23 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:23 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: be019976-401e-0035-5d8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161723Z-15767c5fc554wklc0x4mc5pq0w0000000bm000000000e0xa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:23 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49912	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:23 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:23 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 56c891cb-f01e-0085-428c-1588ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161723Z-15767c5fc55sdcjq8ksxt4n9mc00000000h0000000006z4y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:23 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49913	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:23 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:23 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161723Z-15767c5fc55w69c2zvnrz0gmgw0000000be000000000r8bg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:23 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49914	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:23 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:23 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 5f7380a8-801e-0015-7b8c-15f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161723Z-15767c5fc55lghvzbxktxfqntw0000000azg000000009t7y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:23 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49915	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:24 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:23 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: b612907a-401e-008c-278c-1586c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161723Z-15767c5fc55kg97hfq5uqyxxaw0000000b5000000000vap1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:24 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49916	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:23 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:24 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:24 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 2d1829d7-b01e-001e-738c-150214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161724Z-15767c5fc5546rn6ch9zv310e0000000043g00000000y3w3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:24 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49917	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:24 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:24 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:24 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: be019a9f-401e-0035-518c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161724Z-15767c5fc55tsfp92w7yna557w0000000b4g000000010vcg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:24 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49919	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:24 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:24 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:24 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 36a1620f-001e-0028-0f8c-15c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161724Z-15767c5fc55lghvzbxktxfqntw0000000b20000000001u44 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:24 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49920	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:24 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:24 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:24 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: e360128a-801e-0083-498c-15f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161724Z-15767c5fc55fdfx81a30vtr1fw0000000bm000000000etux x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:24 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49921	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:24 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:24 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:24 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 4b0a4db7-c01e-00ad-2d8c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161724Z-15767c5fc55v7j95gq2uzq37a00000000bf000000000htmg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:24 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49922	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:24 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:24 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:24 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: 1cc313a1-e01e-0071-4b8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161724Z-15767c5fc55d6fcl6x6bw8cpdc0000000b5g00000000duqu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:24 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49923	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:25 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:25 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:25 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 4b0a4edd-c01e-00ad-438c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161725Z-15767c5fc55tsfp92w7yna557w0000000b5g00000000vqn6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:25 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49924	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:25 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:25 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:25 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: 0dcb9a48-e01e-0003-1c8c-150fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161725Z-15767c5fc55d6fcl6x6bw8cpdc0000000b1g00000000yvht x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:25 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49925	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:25 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:25 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:25 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: 4a218e36-401e-00a3-268c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161725Z-15767c5fc55qdcd62bsn50hd6s0000000b50000000001dx0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:25 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49927	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:25 UTC	192	OUT	GET /rules/rule703451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:25 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:25 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC438CF" x-ms-request-id: eccf31ce-001e-0079-3e8c-1512e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161725Z-15767c5fc554w2fgapsyvy8ua00000000ang00000000y677 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:25 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49926	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:25 UTC	192	OUT	GET /rules/rule700150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:25 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:25 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE54CA33F" x-ms-request-id: f1c85a61-d01e-007a-188c-15f38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161725Z-15767c5fc55472x4k7dmphmadg0000000azg000000008fn5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:25 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49928	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:25 UTC	192	OUT	GET /rules/rule703450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:25 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:25 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6669CA7" x-ms-request-id: b9a1a970-401e-0078-528c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161725Z-15767c5fc55kg97hfq5uqyxxaw0000000b6000000000r4e1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-03 16:17:25 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49931	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 16:17:26 UTC	192	OUT	GET /rules/rule700901v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-03 16:17:26 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:17:26 GMT Content-Type: text/xml Content-Length: 1408 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1038EF2" x-ms-request-id: f40770c2-201e-0000-318c-15a537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241003T161726Z-15767c5fc55whfstvfw43u8fp40000000bb000000000psxd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-03 16:17:26 UTC	1408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Target ID:	0
Start time:	12:16:07
Start date:	03/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7b0000
File size:	919'040 bytes
MD5 hash:	FEB3D620CDD56C7FBE1C54AE29328327
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:16:07
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x970000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	12:16:07
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	12:16:07
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x970000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:16:07
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	12:16:08
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x970000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:16:08
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:16:08
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x970000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:16:08
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:16:08
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x970000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:16:08
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	12:16:09
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	12:16:10
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	12:16:21
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	12:16:21
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1956,i,17900587416320745061,351214968976735119,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.9%
Total number of Nodes:	1607
Total number of Limit Nodes:	64

Executed Functions

Function 007B42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 007B430D

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

GetCurrentProcess.KERNEL32(?,0084CB64,00000000,?,?), ref: 007B4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 007B4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 007B4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007B4466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 007B4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 007B447B
GetSystemInfo.KERNEL32(?,?,?), ref: 007B44A0

Strings

|O, xrefs: 007F36F8
kernel32.dll, xrefs: 007B444F
GetNativeSystemInfo, xrefs: 007B4460

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 31c10f58583c204bf89f278d7d2773f985706a9e11b57451ca549c14679100e9
Instruction ID: 61ec2583f1aaf40ba2d2d5b8f74cc5127ade140d97c6b80256baa2f274d974ae
Opcode Fuzzy Hash: 31c10f58583c204bf89f278d7d2773f985706a9e11b57451ca549c14679100e9
Instruction Fuzzy Hash: A7A1737690A2C4DFCF12D76D7C8D6E67FAC7B26740B184899D18193B23DE6C460ACB21

Function 007B42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,007B50AA,?,?,00000000,00000000), ref: 007B42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007B50AA,?,?,00000000,00000000), ref: 007B42C9
LoadResource.KERNEL32(?,00000000,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20), ref: 007F35BE
SizeofResource.KERNEL32(?,00000000,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20), ref: 007F35D3
LockResource.KERNEL32(007B50AA,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20,?), ref: 007F35E6

Strings

SCRIPT, xrefs: 007B42BF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: cf4bbba20324b258387833fd08b62981aea744ae5bb7e1d5baaf0f0c933de58b
Instruction ID: 9dc274f03fe5e6c1ad48d25770722103672931bd6b9fee83b357adfcf5360853
Opcode Fuzzy Hash: cf4bbba20324b258387833fd08b62981aea744ae5bb7e1d5baaf0f0c933de58b
Instruction Fuzzy Hash: 41117C75201700BFEB218FA5DC49FA77BBDFBC6B51F104169B412D6260DBB1D800D620

Function 007F2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 007B2B6B

Part of subcall function 007B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00881418,?,007B2E7F,?,?,?,00000000), ref: 007B3A78

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00872224), ref: 007F2C10
ShellExecuteW.SHELL32(00000000,?,?,00872224), ref: 007F2C17

Strings

runas, xrefs: 007F2C0B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 2694e82f5ba4045dbc9d9f64798f5717c707d6bab01aa909cc4224f7c2f580bd
Instruction ID: 7ac80b73e449079be8b94949505e84ee727149f2b9ca01b8cbae699e9eb4802c
Opcode Fuzzy Hash: 2694e82f5ba4045dbc9d9f64798f5717c707d6bab01aa909cc4224f7c2f580bd
Instruction Fuzzy Hash: 1611D571209305EAC704FF60D859BEEBBA9AB91700F44042DF256431A3DF2C898AC712

Function 0083A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0083A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 0083A6BA

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Process32NextW.KERNEL32(00000000,?), ref: 0083A79C
CloseHandle.KERNELBASE(00000000), ref: 0083A7AB

Part of subcall function 007CCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,007F3303,?), ref: 007CCE8A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: b836cd6ace204ea59cfb14b6be409f65f59ec5a4f58a017f2e7934811dbb0a88
Instruction ID: f8582203b07980ea2a3d63e398105691cbf7a9e247aae5b9f8a1441f5ff7c530
Opcode Fuzzy Hash: b836cd6ace204ea59cfb14b6be409f65f59ec5a4f58a017f2e7934811dbb0a88
Instruction Fuzzy Hash: 2E51F975508300AFD714EF24C88AAABBBE8FF89754F40892DF695D7251EB34D904CB92

Function 0081DBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,007F5222), ref: 0081DBCE
GetFileAttributesW.KERNELBASE(?), ref: 0081DBDD
FindFirstFileW.KERNEL32(?,?), ref: 0081DBEE
FindClose.KERNEL32(00000000), ref: 0081DBFA

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 3d48c97496f11d05d3582c45ee4bc749237b0d9ad5c021e5b7f5f790f585a59f
Instruction ID: 36c2b104dfb7976c156c182724837bb5210a72e3bfd13ab95c398a7b0f847fa2
Opcode Fuzzy Hash: 3d48c97496f11d05d3582c45ee4bc749237b0d9ad5c021e5b7f5f790f585a59f
Instruction Fuzzy Hash: BAF0A038811A245782206B78AC0D9EA376CFF02334B104B02F936C22E0FBF05994C6D5

Function 007D4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000,?,007E28E9), ref: 007D4D09
TerminateProcess.KERNEL32(00000000,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000,?,007E28E9), ref: 007D4D10
ExitProcess.KERNEL32 ref: 007D4D22

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: dce429a0df2e16f58f25ba3119464e8b76d42070d0f0f1a3e67919aedbaa87bb
Instruction ID: a2c2ab1ec915e69465f933999e2f24e945c0cb0d0ed57f2f6f8fe7142d9bc3c6
Opcode Fuzzy Hash: dce429a0df2e16f58f25ba3119464e8b76d42070d0f0f1a3e67919aedbaa87bb
Instruction Fuzzy Hash: 8CE0B635101588ABCF61AF64DD0DA583B7EFB46785B144015FD058B222CB39DD42CA90

Function 0083AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 0083B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083B1D4
_wcslen.LIBCMT ref: 0083B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083B236
_wcslen.LIBCMT ref: 0083B332

Part of subcall function 008205A7: GetStdHandle.KERNEL32(000000F6), ref: 008205C6

_wcslen.LIBCMT ref: 0083B34B
_wcslen.LIBCMT ref: 0083B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0083B3B6
GetLastError.KERNEL32(00000000), ref: 0083B407
CloseHandle.KERNEL32(?), ref: 0083B439
CloseHandle.KERNEL32(00000000), ref: 0083B44A
CloseHandle.KERNEL32(00000000), ref: 0083B45C
CloseHandle.KERNEL32(00000000), ref: 0083B46E
CloseHandle.KERNEL32(?), ref: 0083B4E3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 230adcc91a068a44d8dc80fca3fc6cab5d8e81137f9015f1bb7613c248007a66
Instruction ID: bfba125c42c2d90b8d22faba33be38814aadcdcf8a012eabf3d6b031a481c1b6
Opcode Fuzzy Hash: 230adcc91a068a44d8dc80fca3fc6cab5d8e81137f9015f1bb7613c248007a66
Instruction Fuzzy Hash: A9F17871608200DFC724EF24C895B6ABBE5FF85314F14855DF99A8B2A2DB35EC40CB92

Function 007BD730 Relevance: 21.6, APIs: 14, Instructions: 625sleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 007BD807
timeGetTime.WINMM ref: 007BDA07
Sleep.KERNELBASE(0000000A), ref: 007BDBB1
Sleep.KERNEL32(0000000A), ref: 00802B76

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Sleep$InputStateTimetime
String ID:
API String ID: 2764417729-0
Opcode ID: bca6950407a01a4529a3a603c2322ec31c301eef10c0668b6367b1fd33ca1abe
Instruction ID: 4125d85a3dc46137871eff63ddfb2b394bf8149a8ea515fa9fc83bf85e5de62c
Opcode Fuzzy Hash: bca6950407a01a4529a3a603c2322ec31c301eef10c0668b6367b1fd33ca1abe
Instruction Fuzzy Hash: 6342F170608241DFDB78CF28C898BAABBA5FF45314F14855DE456C7291EBB8EC44CB92

Function 007B2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 007B2D07
RegisterClassExW.USER32(00000030), ref: 007B2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007B2D42
InitCommonControlsEx.COMCTL32(?), ref: 007B2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007B2D6F
LoadIconW.USER32(000000A9), ref: 007B2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007B2D94

Strings

+, xrefs: 007B2CF0
TaskbarCreated, xrefs: 007B2D37
0, xrefs: 007B2CE9
AutoIt v3 GUI, xrefs: 007B2D23

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 5c9c7066c3ee1da42398b0de6f60ee8415a81a220b1ad89d780fe10640f7be95
Instruction ID: 8879d03ee50ffe2237a71d7ec4411db2416d1c514cb5eaa59a6f2174bf05b97b
Opcode Fuzzy Hash: 5c9c7066c3ee1da42398b0de6f60ee8415a81a220b1ad89d780fe10640f7be95
Instruction Fuzzy Hash: F421BFB5912318AFDF40DFA8EC89BDDBFB8FB09700F00811AE611A62A0DBB55545CF91

Function 007F065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007F039A: CreateFileW.KERNELBASE(00000000,00000000,?,007F0704,?,?,00000000,?,007F0704,00000000,0000000C), ref: 007F03B7

GetLastError.KERNEL32 ref: 007F076F
__dosmaperr.LIBCMT ref: 007F0776
GetFileType.KERNELBASE(00000000), ref: 007F0782
GetLastError.KERNEL32 ref: 007F078C
__dosmaperr.LIBCMT ref: 007F0795
CloseHandle.KERNEL32(00000000), ref: 007F07B5
CloseHandle.KERNEL32(?), ref: 007F08FF
GetLastError.KERNEL32 ref: 007F0931
__dosmaperr.LIBCMT ref: 007F0938

Strings

H, xrefs: 007F08BD

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: d4680d2a229a141b0ed13f6f578cfc159a766640b16e3c78f19a6708fe1e7274
Instruction ID: 8a588d23177dece8688b7e48c3c2da8e2802d26e9bc10e0f19c3715b25a87639
Opcode Fuzzy Hash: d4680d2a229a141b0ed13f6f578cfc159a766640b16e3c78f19a6708fe1e7274
Instruction Fuzzy Hash: 00A12136A001088FDF19EF68D855BBE7BA0AB06320F14419EF9159F3D2DB399912CB91

Function 007B344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00881418,?,007B2E7F,?,?,?,00000000), ref: 007B3A78

Part of subcall function 007B3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007B3379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007B356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007F318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007F31CE
RegCloseKey.ADVAPI32(?), ref: 007F3210
_wcslen.LIBCMT ref: 007F3277
_wcslen.LIBCMT ref: 007F3286

Strings

Software\AutoIt v3\AutoIt, xrefs: 007B3560
\, xrefs: 007F328C
Include, xrefs: 007F3184, 007F31C5
\Include\, xrefs: 007B3527

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 9a636b756947fba5c2e75dd64258a8ce1ba7e49f0183d785d84f2727e2b5991d
Instruction ID: 1236ad3a734e0ee10517d16f7ea4996bb8f5b3dd570e88656f6d5a9256f23afd
Opcode Fuzzy Hash: 9a636b756947fba5c2e75dd64258a8ce1ba7e49f0183d785d84f2727e2b5991d
Instruction Fuzzy Hash: FD716A71405305EEC314EF69EC95AABBBE8FF85740B40042EF655C3271EB389A48CB62

Function 007B2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 007B2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 007B2B9D
LoadIconW.USER32(00000063), ref: 007B2BB3
LoadIconW.USER32(000000A4), ref: 007B2BC5
LoadIconW.USER32(000000A2), ref: 007B2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007B2BEF
RegisterClassExW.USER32(?), ref: 007B2C40

Part of subcall function 007B2CD4: GetSysColorBrush.USER32(0000000F), ref: 007B2D07
Part of subcall function 007B2CD4: RegisterClassExW.USER32(00000030), ref: 007B2D31
Part of subcall function 007B2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007B2D42
Part of subcall function 007B2CD4: InitCommonControlsEx.COMCTL32(?), ref: 007B2D5F
Part of subcall function 007B2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007B2D6F
Part of subcall function 007B2CD4: LoadIconW.USER32(000000A9), ref: 007B2D85
Part of subcall function 007B2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007B2D94

Strings

0, xrefs: 007B2C0F
AutoIt v3, xrefs: 007B2C2F
#, xrefs: 007B2C16

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: d36d145775cf70a54cd6a93cdd3c0554e2b37fddffb127c3d916665bce99116b
Instruction ID: e1a53c659e09ba698b868a48229e5b1025f05cc04d19d0575434c9adc7912632
Opcode Fuzzy Hash: d36d145775cf70a54cd6a93cdd3c0554e2b37fddffb127c3d916665bce99116b
Instruction Fuzzy Hash: 03211874E01318ABDF109FA9EC59BA97FB8FB48B50F00402AE600A67A0DBB90541CF90

Function 007B3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,007B316A,?,?), ref: 007B31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,007B316A,?,?), ref: 007B3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007B3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,007B316A,?,?), ref: 007B3232
CreatePopupMenu.USER32 ref: 007B3246
PostQuitMessage.USER32(00000000), ref: 007B3267

Strings

TaskbarCreated, xrefs: 007B322D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 1259b21afa4a67701613f79caa8e3dd8923d90c87be23ebc42326a5417029e3a
Instruction ID: 5be5e475e4282f107cdbd0c368ab8e9007d225c3a477824adee4ca5d5b6b3240
Opcode Fuzzy Hash: 1259b21afa4a67701613f79caa8e3dd8923d90c87be23ebc42326a5417029e3a
Instruction Fuzzy Hash: C541DF3524060CABDF146BACDC1EBF93A5DFB06340F040125FA02C62A2DF7D9E8297A1

Function 007B1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007B1459
CoUninitialize.COMBASE ref: 007B14F8
UnregisterHotKey.USER32(?), ref: 007B16DD
DestroyWindow.USER32(?), ref: 007F24B9
FreeLibrary.KERNEL32(?), ref: 007F251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 007F254B

Strings

close all, xrefs: 007B1454

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 127190c25ec09b04c43add0718a6203979f3e6f4831d690662f3734253f1fce6
Instruction ID: cc7d8b2197844ac0e58605ec304b2ea3c3872b41510639b8d0aa08ce5ba6b43c
Opcode Fuzzy Hash: 127190c25ec09b04c43add0718a6203979f3e6f4831d690662f3734253f1fce6
Instruction Fuzzy Hash: C8D15E31702212DFCB29DF14C4A9B69F7A5BF05700F9441ADE54AAB352DB38AD22CF51

Function 007B2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007B2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007B2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,007B1CAD,?), ref: 007B2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,007B1CAD,?), ref: 007B2CCF

Strings

edit, xrefs: 007B2CAC
AutoIt v3, xrefs: 007B2C89, 007B2C8E, 007B2C8F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: f8a239ab4a8b37928b49ee257c92cae3bc18d85d01d30a449f6b0c38a79a9260
Instruction ID: 60fda538a2e8d333e4d7b47389421d17f7ca04c3680a8707d71cbaa5833db533
Opcode Fuzzy Hash: f8a239ab4a8b37928b49ee257c92cae3bc18d85d01d30a449f6b0c38a79a9260
Instruction Fuzzy Hash: 43F0DA755413947AEB71171BAC0CEB72EBDF7C7F50B00005AF900A26A0CA791852DBB0

Function 007B3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B83

Strings

Control Panel\Mouse, xrefs: 007B3B3E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: aaec3f81ff09898a84b9ad4fe0d4ea5fcafb8922b79fe6c25e47f39e2e0a5db9
Instruction ID: 9d38b0f5344b554f51f5e0ab528a7cd7a5a17e3e46a56bf46c7cab4f0add6402
Opcode Fuzzy Hash: aaec3f81ff09898a84b9ad4fe0d4ea5fcafb8922b79fe6c25e47f39e2e0a5db9
Instruction Fuzzy Hash: 63112AB5511208FFDB208FA5DC44AEFB7BCEF05744B104559A805D7114E6359E809760

Function 007B3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007F33A2

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 007B3A04

Strings

Line: , xrefs: 007F33EB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: b219c1129509365c63f19b04f35ea8d8f7d2bb6dbb4f070d5462fa94264963ec
Instruction ID: c2d9a5d3c2a3724d77f4dce91b8d5b7178161273fced04ebf02d287a016a00d4
Opcode Fuzzy Hash: b219c1129509365c63f19b04f35ea8d8f7d2bb6dbb4f070d5462fa94264963ec
Instruction Fuzzy Hash: 8831A571408304AAD725EB14DC49BEBB7ECBF40714F10451AF59993291EF7CAA89C7C2

Function 007CFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 007D0668

Part of subcall function 007D32A4: RaiseException.KERNEL32(?,?,?,007D068A,?,00881444,?,?,?,?,?,?,007D068A,007B1129,00878738,007B1129), ref: 007D3304

__CxxThrowException@8.LIBVCRUNTIME ref: 007D0685

Strings

Unknown exception, xrefs: 007D0692

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 1b916e7b150b9fe86b26d457ef1e31c6348c94ded555e2787d1db855c06a2be8
Instruction ID: 2ba0eed18da7c6e991da94069f5c0a75968269e1c7b7ba0a096af79c6d66e1cc
Opcode Fuzzy Hash: 1b916e7b150b9fe86b26d457ef1e31c6348c94ded555e2787d1db855c06a2be8
Instruction Fuzzy Hash: 27F0F42490020DF38B04B664E84EE5D777CAE00350B60803AB929D6795EF38EA2585C0

Function 007B10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007B1BF4
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 007B1BFC
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007B1C07
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007B1C12
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 007B1C1A
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 007B1C22

Part of subcall function 007B1B4A: RegisterWindowMessageW.USER32(00000004,?,007B12C4), ref: 007B1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007B136A
OleInitialize.OLE32 ref: 007B1388
CloseHandle.KERNEL32(00000000,00000000), ref: 007F24AB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: c0dae7988f3bfd3e9336ec9da35489214642f4a51d118ac9ff2bba423e50abd2
Instruction ID: 2a8378fe63216dd94af72982eb9a9d8d69743d40b6effe0dad25e46b102256fe
Opcode Fuzzy Hash: c0dae7988f3bfd3e9336ec9da35489214642f4a51d118ac9ff2bba423e50abd2
Instruction Fuzzy Hash: 1871A7B49122009ECB84EFBDE95EA953AEDFB88344794823AD10AC7262EF344447CF45

Function 0081C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 007B3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0081C259
KillTimer.USER32(?,00000001,?,?), ref: 0081C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0081C270

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 964d78b3f0c26f7d178fcfe11abdc4de4b65d45201251040ef2b621ed2325d75
Instruction ID: 90a0d2653d503d4944459ea0177ef50b17e8cbcacc58fcd4569eec99e69304b6
Opcode Fuzzy Hash: 964d78b3f0c26f7d178fcfe11abdc4de4b65d45201251040ef2b621ed2325d75
Instruction Fuzzy Hash: D1318170944344AFEB629F648859BEABBECFF16308F00049AD59AD7241C7746AC5CB51

Function 007E86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,007E85CC,?,00878CC8,0000000C), ref: 007E8704
GetLastError.KERNEL32(?,007E85CC,?,00878CC8,0000000C), ref: 007E870E
__dosmaperr.LIBCMT ref: 007E8739

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: f5644c105a932bab965377306b92cbbe992053e6d738618300ba1049150bd1f2
Instruction ID: 35639846571ea60e7556ceb2e599b3bc1fa38c7882d36c369d90a3c6c1a8ddcb
Opcode Fuzzy Hash: f5644c105a932bab965377306b92cbbe992053e6d738618300ba1049150bd1f2
Instruction Fuzzy Hash: 61018E326072E056C2E06376694977E67494B8E77CF390119F81C8B1D3DEACCC81C252

Function 007BDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 007BDB7B
DispatchMessageW.USER32(?), ref: 007BDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007BDB9F
Sleep.KERNELBASE(0000000A), ref: 007BDBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00801CC9

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 813e0a7861990b16c54a5dac34dcf60ee2ce7a60d1a0886368226fcc9a72a924
Instruction ID: e4f47c47336a62e1463a136132c0c43af8a71ea40d637dfeaaf6e5361819339e
Opcode Fuzzy Hash: 813e0a7861990b16c54a5dac34dcf60ee2ce7a60d1a0886368226fcc9a72a924
Instruction Fuzzy Hash: 2CF05E306453409BEB70CBA48C4DFEA73ACFB45310F104628E61AC30C0EB349848CB25

Function 007C1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 007C17F6

Strings

CALL, xrefs: 007C17C6

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 95b5cfb3c321b925622788916e1e918f0556e4f1756cde5ebda6e75a6550a79f
Instruction ID: cafe3a304a03d0293577203725c671af39c01d09fbb21efc5572f62f5c856d8b
Opcode Fuzzy Hash: 95b5cfb3c321b925622788916e1e918f0556e4f1756cde5ebda6e75a6550a79f
Instruction Fuzzy Hash: 22226870608241DFC714DF14C894F2ABBE1FF86314F64896DE4968B3A2D739E961CB92

Function 007B2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 007F2C8C

Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2

Part of subcall function 007B2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007B2DC4

Strings

X, xrefs: 007F2C5A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: dd658ede7d605a0d6f10dc25efd02c48eacab03035d2efcaf562261b1b1f4ee4
Instruction ID: 10f3d2c0e7e985bb5eb1991a23a38f256f952c6aee1e8d1ada9d2b0d514219f7
Opcode Fuzzy Hash: dd658ede7d605a0d6f10dc25efd02c48eacab03035d2efcaf562261b1b1f4ee4
Instruction Fuzzy Hash: 68218471A002589ACB419F94C8497EE7BF8AF49704F108059E505A7345EBB89A8A8F61

Function 007B3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B3908

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: e3db5b9feb45201bc3323ffaae4b3365c3d8f94a2cd7344bbd0d8adb601a5007
Instruction ID: df33565e570c24ec0ab75f2d69afd495e636fc64f8d39664cf9192ee67be9680
Opcode Fuzzy Hash: e3db5b9feb45201bc3323ffaae4b3365c3d8f94a2cd7344bbd0d8adb601a5007
Instruction Fuzzy Hash: 4E314B705047019FD761DF28D8897D7BBE8FB49708F00092EF59987250E779AA85CB52

Function 007CF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 007CF661

Part of subcall function 007BD730: GetInputState.USER32 ref: 007BD807

Sleep.KERNEL32(00000000), ref: 0080F2DE

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 4970ad3803d86da19200ac83d54c2a3d649c6730887acee500e343d1fe9a05a0
Instruction ID: dcbc74672a9ec7867914542cb0cd79649f38e54f84843ab70401282a19d0b591
Opcode Fuzzy Hash: 4970ad3803d86da19200ac83d54c2a3d649c6730887acee500e343d1fe9a05a0
Instruction Fuzzy Hash: 5EF08C352402059FD360EF69D849BAAB7E8FF4A760F004029E85AC72A1DBB0A800CB91

Function 007BB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 007BBB4E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 4e5b91e8dcbe0bf839e167d67805089ac1d639b59a0447535a095a5e766b14a9
Instruction ID: b61a0e4967b36d6e5eed055d0dabfac11e5c01df28b6a3ad162aba888f144e4a
Opcode Fuzzy Hash: 4e5b91e8dcbe0bf839e167d67805089ac1d639b59a0447535a095a5e766b14a9
Instruction Fuzzy Hash: 19327974A00209DFDB24CF58C898BBAB7B9FF44314F158059ED05AB3A1D7B8AD81CB91

Function 007B4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 007B4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E9C
Part of subcall function 007B4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4EAE
Part of subcall function 007B4E90: FreeLibrary.KERNEL32(00000000,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EFD

Part of subcall function 007B4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E62
Part of subcall function 007B4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4E74
Part of subcall function 007B4E59: FreeLibrary.KERNEL32(00000000,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E87

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 635c82eb9184576e9e06d0f7ea5f5b9d0bdf1cb7005edcea2c48a96de9a469ef
Instruction ID: f39bb18074390a2396b92a63e87437c692f9dd7d5700f41b38081963b2b192de
Opcode Fuzzy Hash: 635c82eb9184576e9e06d0f7ea5f5b9d0bdf1cb7005edcea2c48a96de9a469ef
Instruction Fuzzy Hash: 23119132610219EADB14BB64DC0ABFD77A5AF40B10F148429F542AB2D2EEB8DA459B50

Function 007E8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 007E8440

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 48cd4ce9dd3c3a9c8f2d37773703f26335cc45b27659d5aeb0d35d79e37b44f7
Instruction ID: 19c8dad1ae945c52cf00985d9f9c5ca92f61fca66a11f58615c14e53e089d38f
Opcode Fuzzy Hash: 48cd4ce9dd3c3a9c8f2d37773703f26335cc45b27659d5aeb0d35d79e37b44f7
Instruction Fuzzy Hash: B711487190414AEFCB05DF59E94099A7BF4FF49310F104059F808AB352DA30EA11CBA5

Function 008429BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,008414B5,?), ref: 00842A01

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 197c6ac877f379f4469aad7fbb9f9998bcca2c92f44cbaf9d17cc01aa4356c15
Instruction ID: 4baf832ab76b574415e9c4253fb31989b335eda15a79f9c739858e3fdf2947e3
Opcode Fuzzy Hash: 197c6ac877f379f4469aad7fbb9f9998bcca2c92f44cbaf9d17cc01aa4356c15
Instruction Fuzzy Hash: 0301B136308A669FD324CA2CC454F223B92FF85318FA98469E447CB251DB32EC42C7A0

Function 007DE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: ea18de7b83e1c395e7701adc6edcabc862f7046c42db6bf5be5b3a23b2ee40f7
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 35F02D32511A14D6C7323A668C0DB5A33BC9F52334F10071BF525973D2DB7CE80285A6

Function 007E3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9cdb24ab57ee2d66a88d578fc3cb559b09a81f302ffec679f242f051037c038a
Instruction ID: 9fac118bfbabbf2e9f875c06f57fba4abcd4b713562dcc3be7837c1025fb3c69
Opcode Fuzzy Hash: 9cdb24ab57ee2d66a88d578fc3cb559b09a81f302ffec679f242f051037c038a
Instruction Fuzzy Hash: 26E065321032A4ABE63126A79D0DB9A3759AB867B0F190123BC1597691DB2DDD0182F1

Function 007B4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4F6D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 39da7279b185725aab6ba2d80a57a8d5b1770773a7b243db8621b95d806bdb3d
Instruction ID: db4ad80747efecfdadd3329c095c3d8defde3b3c0a65fe3ae13450e5a87b7cef
Opcode Fuzzy Hash: 39da7279b185725aab6ba2d80a57a8d5b1770773a7b243db8621b95d806bdb3d
Instruction Fuzzy Hash: D4F03971505752CFDB349F64D494AA2BBF4FF14329328897EE1EA83622C7399844DF10

Function 00842A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00842A66

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: bc16820ddcb84ba01555ec3130c46b2af1c2690d292e770a64fcdfacf2741547
Instruction ID: c4f0fd63e50531927838350c05c88da9c8d21f7c9227c472f61e0e0ade09186d
Opcode Fuzzy Hash: bc16820ddcb84ba01555ec3130c46b2af1c2690d292e770a64fcdfacf2741547
Instruction Fuzzy Hash: BCE04F7635412EAAC754EA34EC849FAB75CFF61399750453ABC16C3140DB309A9686A0

Function 007B30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 007B314E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 62e9eec14f0dde55a2f273c9b18f82b81c6839c8a2e3b72a52ec1084ff2faaa9
Instruction ID: d3a3a4d931ad5432b3029dbc190efe177d839bb227aeda24295183e75ee7da3d
Opcode Fuzzy Hash: 62e9eec14f0dde55a2f273c9b18f82b81c6839c8a2e3b72a52ec1084ff2faaa9
Instruction Fuzzy Hash: 99F037709143189FEB529B28DC4A7D57BBCB701708F0000E5A54896292DB785789CF51

Function 007B2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007B2DC4

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 6cf9934e50a66d46a1edf6523045a476b49e83081b569989b97c762570c74d9f
Instruction ID: b3f7c9bbff3f365484ad9ca56525ff18cf532009276b01c8933a953149444733
Opcode Fuzzy Hash: 6cf9934e50a66d46a1edf6523045a476b49e83081b569989b97c762570c74d9f
Instruction Fuzzy Hash: 29E0CD766011249BC71092589C09FEA77EDDFC8790F040071FE09D7248DAA4AD80C550

Function 007B2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007B3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B3908

Part of subcall function 007BD730: GetInputState.USER32 ref: 007BD807

SetCurrentDirectoryW.KERNEL32(?), ref: 007B2B6B

Part of subcall function 007B30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 007B314E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 239cf67fbfeae930ab4691ac15a90aec66e9909731f19716ef892bece4d87d15
Instruction ID: b560895cf7c5647bce0ec895f962b894b6cb2d3b75af866a4e33fb29ee46d7d2
Opcode Fuzzy Hash: 239cf67fbfeae930ab4691ac15a90aec66e9909731f19716ef892bece4d87d15
Instruction Fuzzy Hash: 27E0863130424486CA04BBB4985E7EDA75EABD1751F40153EF24283163DE2D498A8352

Function 007F039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,007F0704,?,?,00000000,?,007F0704,00000000,0000000C), ref: 007F03B7

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 863bca47567c81481c8770c676942e9efd103e18faa43f2b984bc456a4368d84
Instruction ID: 754634fb71f6034882e362a0cc5cb08bfc37607b2adb99d32f34c98cb0075d29
Opcode Fuzzy Hash: 863bca47567c81481c8770c676942e9efd103e18faa43f2b984bc456a4368d84
Instruction Fuzzy Hash: FDD06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000BE1856020C732E821EB90

Function 007B1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 007B1CBC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: be112453b1a50494ff87e7b10596b1d32751c5e35702e2d38d76967e7903fee9
Instruction ID: 0d648e9656b78ef6b0d63044c8c3925663222103df78edc5e0dfa631605da1d8
Opcode Fuzzy Hash: be112453b1a50494ff87e7b10596b1d32751c5e35702e2d38d76967e7903fee9
Instruction Fuzzy Hash: 02C0923A2C0304AFF6548B88FC4EF547768B348B00F048001F709A96E3C7A22820EB50

Non-executed Functions

Function 00849576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0084961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0084965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0084969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008496C9
SendMessageW.USER32 ref: 008496F2
GetKeyState.USER32(00000011), ref: 0084978B
GetKeyState.USER32(00000009), ref: 00849798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008497AE
GetKeyState.USER32(00000010), ref: 008497B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008497E9
SendMessageW.USER32 ref: 00849810
SendMessageW.USER32(?,00001030,?,00847E95), ref: 00849918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0084992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00849941
SetCapture.USER32(?), ref: 0084994A
ClientToScreen.USER32(?,?), ref: 008499AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008499BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008499D6
ReleaseCapture.USER32 ref: 008499E1
GetCursorPos.USER32(?), ref: 00849A19
ScreenToClient.USER32(?,?), ref: 00849A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00849A80
SendMessageW.USER32 ref: 00849AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00849AEB
SendMessageW.USER32 ref: 00849B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00849B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00849B4A
GetCursorPos.USER32(?), ref: 00849B68
ScreenToClient.USER32(?,?), ref: 00849B75
GetParent.USER32(?), ref: 00849B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00849BFA
SendMessageW.USER32 ref: 00849C2B
ClientToScreen.USER32(?,?), ref: 00849C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00849CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00849CDE
SendMessageW.USER32 ref: 00849D01
ClientToScreen.USER32(?,?), ref: 00849D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00849D82

Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952

GetWindowLongW.USER32(?,000000F0), ref: 00849E05

Strings

@GUI_DRAGID, xrefs: 0084997D
F, xrefs: 00849D07

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 1e8a45da8b3bab601a96c25d6e683745d0a36805c0cca96be036a90e457de754
Instruction ID: a2b2a6dc32ec33dfe7574b9e76dc95a8f42d96c71219bd29a2cc688098abe6ca
Opcode Fuzzy Hash: 1e8a45da8b3bab601a96c25d6e683745d0a36805c0cca96be036a90e457de754
Instruction Fuzzy Hash: 0E427834204209AFDB60CF68CC88EABBBE9FF59314F114619F699C72A1E731A850CF51

Function 00844873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008448F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00844908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00844927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0084494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0084495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0084497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008449AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008449D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00844A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00844A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00844A7E
IsMenu.USER32(?), ref: 00844A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00844AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00844B20
GetWindowLongW.USER32(?,000000F0), ref: 00844B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00844BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00844C82
wsprintfW.USER32 ref: 00844CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00844CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00844CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00844D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00844D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00844D5A

Strings

%d/%02d/%02d, xrefs: 00844CA8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: c7001fa924dbed8776ac438ab7a34a32543d59433d6359c4e68698e4f511d6c6
Instruction ID: 2d76dbcbfb1c467eaede8a8a6eebf3288cd8e3f7bdd12fba6de3ce3e65db71d8
Opcode Fuzzy Hash: c7001fa924dbed8776ac438ab7a34a32543d59433d6359c4e68698e4f511d6c6
Instruction Fuzzy Hash: 4B12ED71A00618ABEB249F28CC49FAE7BF8FF45714F105129F916EB2E1DB789941CB50

Function 007CF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 007CF998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0080F474
IsIconic.USER32(00000000), ref: 0080F47D
ShowWindow.USER32(00000000,00000009), ref: 0080F48A
SetForegroundWindow.USER32(00000000), ref: 0080F494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0080F4AA
GetCurrentThreadId.KERNEL32 ref: 0080F4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0080F4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 0080F4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 0080F4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0080F4DE
SetForegroundWindow.USER32(00000000), ref: 0080F4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F4F6
keybd_event.USER32(00000012,00000000), ref: 0080F501
MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F50B
keybd_event.USER32(00000012,00000000), ref: 0080F510
MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F519
keybd_event.USER32(00000012,00000000), ref: 0080F51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F528
keybd_event.USER32(00000012,00000000), ref: 0080F52D
SetForegroundWindow.USER32(00000000), ref: 0080F530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 0080F557

Strings

Shell_TrayWnd, xrefs: 0080F46F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 41aaca6f352644f508968b125e64c89777d2f0a14f8677a0544ec519bbcc793c
Instruction ID: 8f1286e31ad4cc59d2319fa426ea0de351e031c5736c12bdc7ecc7a262a87d08
Opcode Fuzzy Hash: 41aaca6f352644f508968b125e64c89777d2f0a14f8677a0544ec519bbcc793c
Instruction Fuzzy Hash: BC315E75A41218BBEB706BB55C4AFBF7E6CFB45B50F114029FA05E61D2C6B06D00EAA0

Function 00811201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 008116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
Part of subcall function 008116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
Part of subcall function 008116C3: GetLastError.KERNEL32 ref: 0081174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00811286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008112A8
CloseHandle.KERNEL32(?), ref: 008112B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008112D1
GetProcessWindowStation.USER32 ref: 008112EA
SetProcessWindowStation.USER32(00000000), ref: 008112F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00811310

Part of subcall function 008110BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008111FC), ref: 008110D4
Part of subcall function 008110BF: CloseHandle.KERNEL32(?,?,008111FC), ref: 008110E9

Strings

winsta0, xrefs: 008112CC
default, xrefs: 0081130B
, xrefs: 0081125A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: c801a8b4b328a57a589f3a9a78510020c1a86f2eff867fc82439f94e02073dca
Instruction ID: c7241843eba24ea5ca14d90ddefd302ada9300f71624874dfec6e8beff8b884e
Opcode Fuzzy Hash: c801a8b4b328a57a589f3a9a78510020c1a86f2eff867fc82439f94e02073dca
Instruction Fuzzy Hash: 9F818D71900209ABDF109FA8DC4DBEE7BBEFF05B04F144129FA10E62A0D7758984CB25

Function 00810B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
Part of subcall function 008110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
Part of subcall function 008110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
Part of subcall function 008110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00810BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00810C00
GetLengthSid.ADVAPI32(?), ref: 00810C17
GetAce.ADVAPI32(?,00000000,?), ref: 00810C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00810C6D
GetLengthSid.ADVAPI32(?), ref: 00810C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00810C8C
HeapAlloc.KERNEL32(00000000), ref: 00810C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00810CB4
CopySid.ADVAPI32(00000000), ref: 00810CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00810CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00810D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00810D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D45
HeapFree.KERNEL32(00000000), ref: 00810D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D55
HeapFree.KERNEL32(00000000), ref: 00810D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D65
HeapFree.KERNEL32(00000000), ref: 00810D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00810D78
HeapFree.KERNEL32(00000000), ref: 00810D7F

Part of subcall function 00811193: GetProcessHeap.KERNEL32(00000008,00810BB1,?,00000000,?,00810BB1,?), ref: 008111A1
Part of subcall function 00811193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00810BB1,?), ref: 008111A8
Part of subcall function 00811193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00810BB1,?), ref: 008111B7

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: d1799a26887fade3429e3cdb037bee204b548328eb4c2cd62acf4434b849098c
Instruction ID: 8b09cbb75c6769ae384a2d5dc96db1eb726c9f5735e92be48380aaf8011057e9
Opcode Fuzzy Hash: d1799a26887fade3429e3cdb037bee204b548328eb4c2cd62acf4434b849098c
Instruction Fuzzy Hash: A4715CB690120AABDF10DFA4EC48BEEBBBCFF05300F144615E915E6191D7B5A985CFA0

Function 0082EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(0084CC08), ref: 0082EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 0082EB37
GetClipboardData.USER32(0000000D), ref: 0082EB43
CloseClipboard.USER32 ref: 0082EB4F
GlobalLock.KERNEL32(00000000), ref: 0082EB87
CloseClipboard.USER32 ref: 0082EB91
GlobalUnlock.KERNEL32(00000000), ref: 0082EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 0082EBC9
GetClipboardData.USER32(00000001), ref: 0082EBD1
GlobalLock.KERNEL32(00000000), ref: 0082EBE2
GlobalUnlock.KERNEL32(00000000), ref: 0082EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 0082EC38
GetClipboardData.USER32(0000000F), ref: 0082EC44
GlobalLock.KERNEL32(00000000), ref: 0082EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0082EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0082EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0082ECD2
GlobalUnlock.KERNEL32(00000000), ref: 0082ECF3
CountClipboardFormats.USER32 ref: 0082ED14
CloseClipboard.USER32 ref: 0082ED59

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 1d98e9f0f2eff1943ea2fc5d60627db7539f5ec9868f9768dbc750fd3e35d347
Instruction ID: 70d26ad48a605bd91c8d96eeaf04639676e02377722b521ce965b4de1a8722eb
Opcode Fuzzy Hash: 1d98e9f0f2eff1943ea2fc5d60627db7539f5ec9868f9768dbc750fd3e35d347
Instruction Fuzzy Hash: 3C61EE38204301AFD300EF24E888F6ABBA8FF85714F14441DF956D72A2CB75E985CB66

Function 0082698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 008269BE
FindClose.KERNEL32(00000000), ref: 00826A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00826A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00826A75

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00826AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00826ADF

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00826B6A
%4d, xrefs: 00826BB1
%02d, xrefs: 00826C00, 00826C0A, 00826C5A, 00826CAA, 00826CFA, 00826D4A
%03d, xrefs: 00826DA2
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00826B32

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: daa5dd59ef565ac3564eae9c7c897fad44d51b0add3f2f8fc8d83dd560099b59
Instruction ID: ed90acc4aeb2a21a10b72b3fc399f026b19da73d77c2113dcdb23d7b4317ce26
Opcode Fuzzy Hash: daa5dd59ef565ac3564eae9c7c897fad44d51b0add3f2f8fc8d83dd560099b59
Instruction Fuzzy Hash: FCD15172508350EFC314EBA4D885EABB7ECBF88704F04491DF699D6191EB78DA44CB62

Function 00829642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00829663
GetFileAttributesW.KERNEL32(?), ref: 008296A1
SetFileAttributesW.KERNEL32(?,?), ref: 008296BB
FindNextFileW.KERNEL32(00000000,?), ref: 008296D3
FindClose.KERNEL32(00000000), ref: 008296DE
FindFirstFileW.KERNEL32(*.*,?), ref: 008296FA
SetCurrentDirectoryW.KERNEL32(?), ref: 0082974A
SetCurrentDirectoryW.KERNEL32(00876B7C), ref: 00829768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00829772
FindClose.KERNEL32(00000000), ref: 0082977F
FindClose.KERNEL32(00000000), ref: 0082978F

Strings

*.*, xrefs: 008296F5

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: dd0f80fcafb6b06a82d5abcade86095e01ae9253bfbadce2d238f0f4904a830e
Instruction ID: a4eabb6f3b957525a1e0d0f1fca76b82c4190295822f59410e6870ee7d641fc0
Opcode Fuzzy Hash: dd0f80fcafb6b06a82d5abcade86095e01ae9253bfbadce2d238f0f4904a830e
Instruction Fuzzy Hash: 4A31D3365016296FDB10AFB4EC48ADE77BCFF0A320F144156F955E2190EB74DD84CA14

Function 0082979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 008297BE
FindNextFileW.KERNEL32(00000000,?), ref: 00829819
FindClose.KERNEL32(00000000), ref: 00829824
FindFirstFileW.KERNEL32(*.*,?), ref: 00829840
SetCurrentDirectoryW.KERNEL32(?), ref: 00829890
SetCurrentDirectoryW.KERNEL32(00876B7C), ref: 008298AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 008298B8
FindClose.KERNEL32(00000000), ref: 008298C5
FindClose.KERNEL32(00000000), ref: 008298D5

Part of subcall function 0081DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0081DB00

Strings

*.*, xrefs: 0082983B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: a748d0f29ed6b0314ecff41715ab36c61ab2c75d1eaf524cbb939a85339f79de
Instruction ID: 7e0e3106991e1674fe1058e4c1251df1acec521ed94aa7b3b2f577fc8bdef7eb
Opcode Fuzzy Hash: a748d0f29ed6b0314ecff41715ab36c61ab2c75d1eaf524cbb939a85339f79de
Instruction Fuzzy Hash: B531C3315016296FDB14EFB4EC48ADE77BCFF06330F184166E994E2290EB75D984CA24

Function 0083BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0083BFA9
RegCloseKey.ADVAPI32(00000000), ref: 0083BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0083C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0083C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0083C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0083C382
RegCloseKey.ADVAPI32(00000000), ref: 0083C38F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: 7d057924f4e77c972c78a88643201eb1dc8f7aa9f8623130f98910d5efd8cfad
Instruction ID: 5e2dfdf008dbd6dfe70dcdf02a6c6d47944671222260474cea57d0a48a30e435
Opcode Fuzzy Hash: 7d057924f4e77c972c78a88643201eb1dc8f7aa9f8623130f98910d5efd8cfad
Instruction Fuzzy Hash: A8020B716042009FD714DF28C895E2ABBE5FF89318F18849DF84ADB2A2DB35ED45CB91

Function 00828195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00828257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00828267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00828273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00828310
SetCurrentDirectoryW.KERNEL32(?), ref: 00828324
SetCurrentDirectoryW.KERNEL32(?), ref: 00828356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0082838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00828395

Strings

*.*, xrefs: 0082839B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: f367a6cad3911eea264db868a3cc08a5596261d8784aac0b1990c7e6ae2c03b7
Instruction ID: dea6c7f11a398fcb72b7037e5e2bc77df8fc9faa8ef28f06cf2e392f1f438c6f
Opcode Fuzzy Hash: f367a6cad3911eea264db868a3cc08a5596261d8784aac0b1990c7e6ae2c03b7
Instruction Fuzzy Hash: 99614972504315DFCB10EF64D848AAEB3E8FF89314F04891AF999C7251EB35E985CB92

Function 0081D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2

Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A

FindFirstFileW.KERNEL32(?,?), ref: 0081D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0081D1DD
MoveFileW.KERNEL32(?,?), ref: 0081D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 0081D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 0081D237

Part of subcall function 0081D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0081D21C,?,?), ref: 0081D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 0081D253
FindClose.KERNEL32(00000000), ref: 0081D264

Strings

\*.*, xrefs: 0081D0CD, 0081D0D6, 0081D0EB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 161cfc07d4372b4f91d790e984c96cab9b67171a26ec4324f677fbaa3a429048
Instruction ID: e49f302a25271c7ac3816de4f1782a724c02ec216c230a78ba32f49f66f75e14
Opcode Fuzzy Hash: 161cfc07d4372b4f91d790e984c96cab9b67171a26ec4324f677fbaa3a429048
Instruction Fuzzy Hash: 4A617B3180120DABCF05EBE4D996AEDB7B9FF15300F204165E512B7191EB34AF89CB61

Function 0082ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0082ED91
EmptyClipboard.USER32 ref: 0082ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 0082EDAC
CloseClipboard.USER32 ref: 0082EEA3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 3bcd0783a50432ccf3d0753468cd39f40426e13fffae51f504e4fffc7c0f9ee6
Instruction ID: 3ff1f48c32f14d47a0e6de395c9607a1fd91ef17d9bb7008202ec32c13f61d73
Opcode Fuzzy Hash: 3bcd0783a50432ccf3d0753468cd39f40426e13fffae51f504e4fffc7c0f9ee6
Instruction Fuzzy Hash: FC419D39205621AFD720DF19E888B29BBE5FF45318F15C099E419CB762C779EC81CB94

Function 0081E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 008116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
Part of subcall function 008116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
Part of subcall function 008116C3: GetLastError.KERNEL32 ref: 0081174A

ExitWindowsEx.USER32(?,00000000), ref: 0081E932

Strings

SeShutdownPrivilege, xrefs: 0081E902
, xrefs: 0081E920
, xrefs: 0081E95C
@, xrefs: 0081E925

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: cb0c26ebf1a2fffccbd555dfa1ff09c2477707705d2a957453906c707ef07568
Instruction ID: f05e902cbe1d76b5fab7efaa79a9f1252d2d62bb1f6d34d90c7d2a4b6a704466
Opcode Fuzzy Hash: cb0c26ebf1a2fffccbd555dfa1ff09c2477707705d2a957453906c707ef07568
Instruction Fuzzy Hash: 2A014932A10315ABEB5426B8AC8AFFF765CFF18744F150422FD13E21D1D6A55CC085A0

Function 00831204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006), ref: 00831276
WSAGetLastError.WSOCK32 ref: 00831283
bind.WSOCK32(00000000,?,00000010), ref: 008312BA
WSAGetLastError.WSOCK32 ref: 008312C5
closesocket.WSOCK32(00000000), ref: 008312F4
listen.WSOCK32(00000000,00000005), ref: 00831303
WSAGetLastError.WSOCK32 ref: 0083130D
closesocket.WSOCK32(00000000), ref: 0083133C

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: 29a7206ac2e6b3cc96c30922d75d707f2dd61475ed1625ae6a819706081f3637
Instruction ID: 1d610b6c898d3fec574b7a19f6f0ba50f2cf742c680a281f7d56ebe111381221
Opcode Fuzzy Hash: 29a7206ac2e6b3cc96c30922d75d707f2dd61475ed1625ae6a819706081f3637
Instruction Fuzzy Hash: 02417F356001009FDB10DF64C488B6ABBE5FF86718F188198E856DF296C775ED81CBE1

Function 0081D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2

Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A

FindFirstFileW.KERNEL32(?,?), ref: 0081D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 0081D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 0081D481
FindClose.KERNEL32(00000000), ref: 0081D498
FindClose.KERNEL32(00000000), ref: 0081D4A1

Strings

\*.*, xrefs: 0081D3F2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 668c281f38bdd11c30c64302713d9bd508da6a8178a1e134c198521e0c9b8287
Instruction ID: 46a68ffa8539213f2c77d5263a435ddde62a08f5216d3627c91567542c066943
Opcode Fuzzy Hash: 668c281f38bdd11c30c64302713d9bd508da6a8178a1e134c198521e0c9b8287
Instruction Fuzzy Hash: 3A319C71009355ABC300EF64C899AEFB7ECBE92304F444A1DF5E593191EB34AA49CB67

Function 007EE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 007EE645

Strings

1#INF, xrefs: 007EF852
1#QNAN, xrefs: 007EF84B
1#SNAN, xrefs: 007EF844
1#IND, xrefs: 007EF83D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: bc57be55b44c0240b66c3747f25bed99f292ed244f8c71cab34a3e7298901e05
Instruction ID: ff0a9df85205f84eb1eb104872bac5011a686f8a6c19bdb6e1503f1d18d1af3d
Opcode Fuzzy Hash: bc57be55b44c0240b66c3747f25bed99f292ed244f8c71cab34a3e7298901e05
Instruction Fuzzy Hash: B0C27B72E066688FDB25CF29CD407EAB7B5EB48305F1445EAD84DE7241E778AE818F40

Function 0082648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 008264DC
CoInitialize.OLE32(00000000), ref: 00826639
CoCreateInstance.OLE32(0084FCF8,00000000,00000001,0084FB68,?), ref: 00826650
CoUninitialize.OLE32 ref: 008268D4

Strings

.lnk, xrefs: 008264BA, 00826524, 008265E0

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: f893096d4e7322b891f1f0eef19796161fb3015edb03fc595b929e2a869b9737
Instruction ID: 4677cc5c1f57fbde6181ca4938c1c62aecb4db10334f93fadb96429c1f53431a
Opcode Fuzzy Hash: f893096d4e7322b891f1f0eef19796161fb3015edb03fc595b929e2a869b9737
Instruction Fuzzy Hash: C8D15871508211AFC304EF24C885AABB7E8FF98704F14496DF595CB2A1EB34ED45CBA2

Function 008322DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 008322E8

Part of subcall function 0082E4EC: GetWindowRect.USER32(?,?), ref: 0082E504

GetDesktopWindow.USER32 ref: 00832312
GetWindowRect.USER32(00000000), ref: 00832319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00832355
GetCursorPos.USER32(?), ref: 00832381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008323DF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: f06ed5bdcac63c6205850c3c8191deb3677bd4343c5f01638555030887f8093e
Instruction ID: 946e2557c38b3416bf38cb2bbc364231dc1a472b907eadae8f6ae49a9e72cdea
Opcode Fuzzy Hash: f06ed5bdcac63c6205850c3c8191deb3677bd4343c5f01638555030887f8093e
Instruction Fuzzy Hash: 6C31EB72505315ABD720DF18C848A9BBBADFFC9314F000A19F985D7291DB34EA08CBD2

Function 00829B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00829B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00829C8B

Part of subcall function 00823874: GetInputState.USER32 ref: 008238CB
Part of subcall function 00823874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00823966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00829BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00829C75

Strings

*.*, xrefs: 00829B5D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 8d6dd3521b0e469653de16e939843667445395c3c7d063fb045469a66e6013e0
Instruction ID: 4a4664865148f167111ad4607857d5179e4b70d8b033192ae8a2877702140989
Opcode Fuzzy Hash: 8d6dd3521b0e469653de16e939843667445395c3c7d063fb045469a66e6013e0
Instruction Fuzzy Hash: 3F418E7190021AAFDF55DF64D889AEEBBB8FF05310F24405AE855E2291EB349E84CF60

Function 007C997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 007C9A4E
GetSysColor.USER32(0000000F), ref: 007C9B23
SetBkColor.GDI32(?,00000000), ref: 007C9B36

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 25d334b42d0d155e1977b6d2f3a241c4b62233b5837774586cd6a0791387cd1b
Instruction ID: 250f5027b649dc180fd2d61af20620e28a309c606707483054bb19aef8032d35
Opcode Fuzzy Hash: 25d334b42d0d155e1977b6d2f3a241c4b62233b5837774586cd6a0791387cd1b
Instruction Fuzzy Hash: 27A127B1609444BEE7B5AA2C8C4DF7F2B9DFB42340B15811DF212D66D1CA29AD01D376

Function 00831806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0083304E: inet_addr.WSOCK32(?), ref: 0083307A
Part of subcall function 0083304E: _wcslen.LIBCMT ref: 0083309B

socket.WSOCK32(00000002,00000002,00000011), ref: 0083185D
WSAGetLastError.WSOCK32 ref: 00831884
bind.WSOCK32(00000000,?,00000010), ref: 008318DB
WSAGetLastError.WSOCK32 ref: 008318E6
closesocket.WSOCK32(00000000), ref: 00831915

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: d643066a3f3dfbbcfcfef5ab8d7823a607e92763bd3d5455d51584a6bad5b97c
Instruction ID: 908772a10ccc822ab6519cbdc44b03cba4dc68ec11ef0de54987b4f9a4fd0b4f
Opcode Fuzzy Hash: d643066a3f3dfbbcfcfef5ab8d7823a607e92763bd3d5455d51584a6bad5b97c
Instruction Fuzzy Hash: BC519175A00200AFDB10AF24C88AF6A77E5EB85718F08849CF9069F393C775AD41CBE1

Function 00841C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00841CC0
IsWindowEnabled.USER32 ref: 00841CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00841CDB
IsIconic.USER32 ref: 00841CE9
IsZoomed.USER32 ref: 00841CF7

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: ecd43e7d4e7dbb4b37fb103c6017dc3d56f94fbd475ec9ee2296612c1daf15b4
Instruction ID: b6cf2a1207dfd86d62ba0327f0e5ecbda89ab54a4ea887ae4226030dd16777e2
Opcode Fuzzy Hash: ecd43e7d4e7dbb4b37fb103c6017dc3d56f94fbd475ec9ee2296612c1daf15b4
Instruction Fuzzy Hash: 5C21D3317412159FDB208F1ADC88B6A7BE9FF95315B198058E84ACB351C775DC82CB90

Function 007B8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 007F5DF0
VUUU, xrefs: 007B83E8
VUUU, xrefs: 007B843C
VUUU, xrefs: 007B83FA
ERCP, xrefs: 007B813C

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 4e26d3e98fa97253bf5ee3e623b83e6f72ca883769504f5c79c6217fe26746d2
Instruction ID: a935b0329c206711c9a0025703c797e44efb9536168389ab3c51ab5513a98be9
Opcode Fuzzy Hash: 4e26d3e98fa97253bf5ee3e623b83e6f72ca883769504f5c79c6217fe26746d2
Instruction Fuzzy Hash: 8CA24A70A0021ECBDF64CF58C8407FDB7B5BB54314F2481AAEA15AB385EB789D81DB91

Function 0081AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0081AAAC
SetKeyboardState.USER32(00000080), ref: 0081AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0081AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0081AB88

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 595f3f1a9d7b8a444da205aa039bcf3af491694b3e74a3d8ac1a3cd6b893f401
Instruction ID: c888791674a9e236ec8f1967d991f9ed7eb46355b3642917957b297c6a71b242
Opcode Fuzzy Hash: 595f3f1a9d7b8a444da205aa039bcf3af491694b3e74a3d8ac1a3cd6b893f401
Instruction Fuzzy Hash: 66312570A46288AEEB38CA68CC05BFA7BAEFF55330F04421AF081D21D1D37589C1C762

Function 007EBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007EBB7F

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

GetTimeZoneInformation.KERNEL32 ref: 007EBB91
WideCharToMultiByte.KERNEL32(00000000,?,0088121C,000000FF,?,0000003F,?,?), ref: 007EBC09
WideCharToMultiByte.KERNEL32(00000000,?,00881270,000000FF,?,0000003F,?,?,?,0088121C,000000FF,?,0000003F,?,?), ref: 007EBC36

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: c6865c5d94ada38534294776684d01a3b469161e2e2a9aff7a3b85d23a3539b8
Instruction ID: 5fe1aabd7d025a8043cc766793f5e1ddcd020e1f17c44333d3771d6bf617c662
Opcode Fuzzy Hash: c6865c5d94ada38534294776684d01a3b469161e2e2a9aff7a3b85d23a3539b8
Instruction Fuzzy Hash: 2031B270909285DFCB11DF6ADC8586ABFBCFF49750B24426AE060D72B1DB349D02CB60

Function 0082CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 0082CE89
GetLastError.KERNEL32(?,00000000), ref: 0082CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 0082CEFE

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 178b6b28b62f1882852aed5dcf1e4e69b92e8834a4f05b4c9d982a0236625ccb
Instruction ID: 6f6587535dbbc486be53583dfd6afe318078846b70efbf08eff17e4576e6b68f
Opcode Fuzzy Hash: 178b6b28b62f1882852aed5dcf1e4e69b92e8834a4f05b4c9d982a0236625ccb
Instruction Fuzzy Hash: 9221BDB5500715EBDB20DFA5E948BAABBFCFB10358F10441EE546D2251EBB4EE84CB60

Function 00818298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 008182AA

Strings

|, xrefs: 008182DA
(, xrefs: 008182F0

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: d6ae90395ee45484e27afbd9b5a1d75dd5731fabd0038ce3bcbf77aa9f396867
Instruction ID: 5eaab2fcd789cc79e39935a399d08f09eba5375629fe6b5693ed5cfe750dcbfb
Opcode Fuzzy Hash: d6ae90395ee45484e27afbd9b5a1d75dd5731fabd0038ce3bcbf77aa9f396867
Instruction Fuzzy Hash: F2323674A00605DFC728CF59C481AAAB7F4FF48710B15C56EE59ADB3A1EB70E981CB40

Function 00825C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00825CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00825D17
FindClose.KERNEL32(?), ref: 00825D5F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 5feb721cd0d2887cc0e539f5560e984ec56bd50ed11870745d78fa531f533505
Instruction ID: 6df17040c9e66a1c8680cb9c55f272c90e0555d0cbd79a566c0745b7dcbe5cce
Opcode Fuzzy Hash: 5feb721cd0d2887cc0e539f5560e984ec56bd50ed11870745d78fa531f533505
Instruction Fuzzy Hash: B751A835600A019FC314CF28D498A9AB7E4FF09324F14856EE95ACB3A2DB30ED44CB91

Function 007E2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 007E271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 007E2724
UnhandledExceptionFilter.KERNEL32(?), ref: 007E2731

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: f68e90561578566727a515d9ac1b0daa53820a25b9be3f7011eae8c659cc66e2
Instruction ID: 5d86e878b77766ebb493418cda938315fa509f17597ee868deb348b428ef05e6
Opcode Fuzzy Hash: f68e90561578566727a515d9ac1b0daa53820a25b9be3f7011eae8c659cc66e2
Instruction Fuzzy Hash: E731B5749112189BCB21DF65DC8979DB7B8BF08310F5051EAE41CA7261E7749F818F45

Function 008251CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 008251DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00825238
SetErrorMode.KERNEL32(00000000), ref: 008252A1

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 2b0692dae3f1f9ce0686b25e9d852877d35d938df9b19c9199f5fa9b128b322b
Instruction ID: c4de5d7ea6e1350daeb794baad217fa1f8004e41ff578703a452271caeb71127
Opcode Fuzzy Hash: 2b0692dae3f1f9ce0686b25e9d852877d35d938df9b19c9199f5fa9b128b322b
Instruction Fuzzy Hash: 59314C75A00618DFDB00DF54D888FADBBB4FF49314F188099E805AB3A2DB35E855CBA0

Function 008116C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 007CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007D0668
Part of subcall function 007CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007D0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
GetLastError.KERNEL32 ref: 0081174A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 0bfc823786314b777ad8f0ea81c1ae94f34fa848e9eab74611b62b67b861bd68
Instruction ID: f7cd3a7242af2bcf2d2a55666ae5422cc402c3e67f6dbe3de8abae2f4addbac2
Opcode Fuzzy Hash: 0bfc823786314b777ad8f0ea81c1ae94f34fa848e9eab74611b62b67b861bd68
Instruction Fuzzy Hash: 551191B2514309AFD7189F54DC8AEAAB7FDFF44714B20852EE05697291EB70BC81CA60

Function 0081D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0081D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0081D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0081D650

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 319d748bb5250c71a25b3e58894f324e38fe24736270b03d370dfbf4277e347b
Instruction ID: f3f2bb63242efa200f1e517f08d0b503c876247f0c0a7397c7dc75484ce963fd
Opcode Fuzzy Hash: 319d748bb5250c71a25b3e58894f324e38fe24736270b03d370dfbf4277e347b
Instruction Fuzzy Hash: 6D113C75E05228BBDB208F95AC45FAFBBBCFB45B50F108115F904E7290D6B05A058BA1

Function 00811663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0081168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008116A1
FreeSid.ADVAPI32(?), ref: 008116B1

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 94dff07213445ce5295e3b454c0b67d7a673cc707522e444821643eb7e9a5e2f
Instruction ID: 08d28467e565838e88e6f329e6d717e97354cf708979bf115c6e85bb70eed289
Opcode Fuzzy Hash: 94dff07213445ce5295e3b454c0b67d7a673cc707522e444821643eb7e9a5e2f
Instruction Fuzzy Hash: 03F0F475A51309FBDF00DFE49C89AAEBBBCFB08605F504965E501E2181E774AA448A54

Function 0080D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 0080D28C

Strings

X64, xrefs: 0080D2A8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 8998da5bf2991af5f2767e73466c3d83431398e75e884cddccf48fd72909cc2b
Instruction ID: cc6a150767ee1976015c787b84510d26dad30c984967cd4fba8fc478e37ba1a9
Opcode Fuzzy Hash: 8998da5bf2991af5f2767e73466c3d83431398e75e884cddccf48fd72909cc2b
Instruction Fuzzy Hash: 6DD0C9B480211DEBCB90CB90DC88DD9B37CBB14305F100155F106E2040D77495488F10

Function 007DCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 887e2f7fe43384356b54a913814697f260e245b0739f1c841e5ba9d30cee4775
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: 01022E72E0011A9FDF15CFA9C9806ADFBF1EF48314F25826AD919E7384D735A941CB90

Function 008268EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00826918
FindClose.KERNEL32(00000000), ref: 00826961

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: d4008379dc71207df22c81a74ea5ca8931991878c9caed257a498b8bf5e93bb0
Instruction ID: 8d9f7b6728609dea5a29e02c43d6058468cee4ae1b73bef59749d778be6a30b3
Opcode Fuzzy Hash: d4008379dc71207df22c81a74ea5ca8931991878c9caed257a498b8bf5e93bb0
Instruction Fuzzy Hash: 6E11D0356042109FC710CF29D488A26BBE4FF85328F04C699F4698F2A2DB74EC85CB90

Function 008237B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00834891,?,?,00000035,?), ref: 008237E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00834891,?,?,00000035,?), ref: 008237F4

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: bf92905cec17bc47c5f5f396646061b3c8abd7085f8e20571bffa2964c115564
Instruction ID: 0240b8c5be96d6e16e1d173495479ba12d2fcb4ac3bf872b37bc19bf9cff9491
Opcode Fuzzy Hash: bf92905cec17bc47c5f5f396646061b3c8abd7085f8e20571bffa2964c115564
Instruction Fuzzy Hash: 8CF0E5B46052286BEB6017B69C4DFEB3AAEFFC5761F000275F609D2291D9A09944C6B0

Function 0081B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0081B25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0081B270

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 5db047f0597291159f2de79dea8ca5d0c18c9bf2f3ff2f60f4c04fb9cef8336a
Instruction ID: 7c6ee300b6d925419e4cad1608e8953ad65c99901dd41ff6ae06468f9a391c97
Opcode Fuzzy Hash: 5db047f0597291159f2de79dea8ca5d0c18c9bf2f3ff2f60f4c04fb9cef8336a
Instruction Fuzzy Hash: 44F01D7590424DABDB159FA4C805BEE7BB4FF05309F008009F955E6191C3798655DF94

Function 008110BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008111FC), ref: 008110D4
CloseHandle.KERNEL32(?,?,008111FC), ref: 008110E9

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 8acd8b9fe8228e3fbe09e7bb375cd6c6e21ee067118e2a098458220658e6f66a
Instruction ID: da4ea6254f5ed1069c50aabcededfb4646f32e9f73926cff854c1498d39e5e1c
Opcode Fuzzy Hash: 8acd8b9fe8228e3fbe09e7bb375cd6c6e21ee067118e2a098458220658e6f66a
Instruction Fuzzy Hash: E1E0BF76115A10EEE7652F51FC09F7777ADFF05310B14882EF5A6804B1DB626C90DB50

Function 007BCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00800C40

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: 0737545edb8471297625bae86863010f95fe8268c84d6ab0aac056d78fd80f44
Instruction ID: 24e2820227c6b8a1d3c4fdf88ff481ce9e6762616b0c1629da2b38e240bfb3cc
Opcode Fuzzy Hash: 0737545edb8471297625bae86863010f95fe8268c84d6ab0aac056d78fd80f44
Instruction Fuzzy Hash: 3C329C74A00218DFDF15DF94C895BEDBBB5FF05304F248069E806AB292DB79AE45CB60

Function 007E676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007E6766,?,?,00000008,?,?,007EFEFE,00000000), ref: 007E6998

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 5ca036b4220c24f7424240c83599b118ca6fc22fbe4620ebff5dfae822c63a24
Instruction ID: 3afdcb59fc3100b23658443fa656ca690f740d629dd42764941fd857d91f3ac1
Opcode Fuzzy Hash: 5ca036b4220c24f7424240c83599b118ca6fc22fbe4620ebff5dfae822c63a24
Instruction Fuzzy Hash: B5B169716116488FD719CF29C48AB647BE0FF193A4F25C65CE899CF2A2C339E981CB40

Function 007CB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 0080851F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a78dbb6819c49db2e9e7052a271377b9271305f6dbbce470e46382db87fa63f1
Instruction ID: 66cdfa7cca44f0f9bc7b66500fdac595c8993bcf01a90416ba66c63356266075
Opcode Fuzzy Hash: a78dbb6819c49db2e9e7052a271377b9271305f6dbbce470e46382db87fa63f1
Instruction Fuzzy Hash: F9123E71900229DFDB54CF58C881BEEB7B5FF48710F15819AE849EB295EB349A81CF90

Function 0082EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 0082EABD

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: aa56408e5682c4cb4dbeaf8db820746673cd235f66a32d49cedb923d0559c82f
Instruction ID: 1dda23cd55a898d8b9141e4f57ee34f6e77e6bc6c0041d0528a3ea8aa1b0bc32
Opcode Fuzzy Hash: aa56408e5682c4cb4dbeaf8db820746673cd235f66a32d49cedb923d0559c82f
Instruction Fuzzy Hash: 2EE012752002149FC710DF59D404E9AB7EDFF69760F00841AFC4AC7251D674A8408B91

Function 007D09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007D03EE), ref: 007D09DA

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: eddd58dab075fd5e131effaa5bc80b888fcc747710d51c99b6f562efa945445e
Instruction ID: 0ed1eb06eb66f68bd871d8577a5c3774b430488172c0f00202e36d148d87abaf
Opcode Fuzzy Hash: eddd58dab075fd5e131effaa5bc80b888fcc747710d51c99b6f562efa945445e
Instruction Fuzzy Hash:

Function 007D781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 007D798B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 524fc1e03a5d6f68f95409f4f15ad6012ac6d82fca642812d005cce6c09e7a18
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: E451677260C7459BDB3C856888AE7BE67B99B52300F18050BD886DB382F61DEE41E356

Function 007E6DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf789f8af10a6d13a9d3ec2a9702d2ad4439d26ada26f9f74d990df3287c30cc
Instruction ID: ba2920f483475723c66805b7642280a74f2461043f9b3179ad6762511c073cda
Opcode Fuzzy Hash: cf789f8af10a6d13a9d3ec2a9702d2ad4439d26ada26f9f74d990df3287c30cc
Instruction Fuzzy Hash: 05322322D2AF814DD7279635D8223356259BFBB3C6F14D737E81AB59A6EF2DC4838100

Function 007CCC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fb6ebf565cb25174ace8702e73a4b02b6677d437b689461c7150179e2648bd8
Instruction ID: fd448adea62279b9153319ff48474851b6d5eaa88ec86510d29cbf7b4d251a43
Opcode Fuzzy Hash: 3fb6ebf565cb25174ace8702e73a4b02b6677d437b689461c7150179e2648bd8
Instruction Fuzzy Hash: 51320232A041198BDF79CF29C894B7D7BA1FB45314F28826ED89ACB2D1D234DD81DB51

Function 007B7920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 521293262bbeafdb4d815ac79e479a4abd26691d79e3c04132e44ab9c30885a2
Instruction ID: da360f733b950ba6777d4032e7b28461b65de1e4ef6be1d49fea559222a024f3
Opcode Fuzzy Hash: 521293262bbeafdb4d815ac79e479a4abd26691d79e3c04132e44ab9c30885a2
Instruction Fuzzy Hash: 8A228EB0A04609DFDF14DF68D885BEEB7B6FF44300F204529E916AB391EB39A951CB50

Function 007B91C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33de26385668d8461dce66500748765c2dd9077ae83f088181d613008c4f1d72
Instruction ID: 477fbd10c624b78aaea92dedf39f93e414dec230005efe4a9c4e0056ba7d6ba4
Opcode Fuzzy Hash: 33de26385668d8461dce66500748765c2dd9077ae83f088181d613008c4f1d72
Instruction Fuzzy Hash: 1E02A7B1E00209EBDB14DF64D885BBDB7B5FF44300F108169EA169B3A1EB39DA50DB91

Function 007E9EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf81f42ef7b0397818b8064c40af0fdcf99f19b227230f2396317225a808119
Instruction ID: 9369cbbd8c18c3eef5974c26225465263018a679ea9a2286a9b3b2376b0af720
Opcode Fuzzy Hash: fcf81f42ef7b0397818b8064c40af0fdcf99f19b227230f2396317225a808119
Instruction Fuzzy Hash: 31B1F020D2AF414DC62396399831336B75CBFBB6D6F91D31BFC2674E22EB2686834140

Function 007D1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: ad58c1e606bf26f58a887eac6606d20549147af21a86469759dc06de5e240761
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: B79176722090E35ADB29463E857403EFFF15A923A235A079FD4F2CA3C5FE28D954D620

Function 007D1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 8f2028f9bc27fce677bd02f5cf124f41e5b8e23481cceb1df10d1fc05fd0e4d0
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: 0E9169722090E349DB6D4339857403DFFF15AA23A131A479FE4F2CB2C6EE29D556D620

Function 007D19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: ab9bc2a21a5880f6d25682787912b68eecbb869972b73ae910fe2b26a87cdbd3
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: B89154722090E35ADB2D427A857403EFFF15A923A239A479FD4F2CA2C5FE28D554D620

Function 007D7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7254075197c6e3f3e73751c42fe2aa758b471049a743cdbfcae28d361e71a25
Instruction ID: 62142cea7ef744e1fbfd2ac3c34bec2f5e6f6d0a64d72cc962736b87afec309a
Opcode Fuzzy Hash: f7254075197c6e3f3e73751c42fe2aa758b471049a743cdbfcae28d361e71a25
Instruction Fuzzy Hash: 44614BB120874996DA3C5A2C8D96BBE23B8DF81700F14491FE846DB381F61DDE42C366

Function 007D7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dce13b0d871eef399c94097beece11b31ebd49e1a40d3b04c283d1cab66b3997
Instruction ID: 7b32e13d9d46272207342d8e12e924cb833b0b7b50492969595cfd25d5115b8d
Opcode Fuzzy Hash: dce13b0d871eef399c94097beece11b31ebd49e1a40d3b04c283d1cab66b3997
Instruction Fuzzy Hash: 39616A7170870996DE3C4A288896BBF63B6DF42704F14095BE983DB381FA1EED42C256

Function 007D1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 893de2ce9f4573d324b55c64d80b79c86ea1fd9f15ab7398311d744167746b4a
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: F78163726090E319EB6D827A853443EFFF15A923B135A079FD4F2CA2D1EE289554E620

Function 00822046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06113e9d275bb668a73157ddaa1f1c24ed544c7273796778d8a9c7839bba3a06
Instruction ID: 3f57fcf30c17d3eedcbaa1ce4a44b30b1f8cd67a3bdae20d0beae84e3e6f6985
Opcode Fuzzy Hash: 06113e9d275bb668a73157ddaa1f1c24ed544c7273796778d8a9c7839bba3a06
Instruction Fuzzy Hash: D621A8326206218BD728CE79C81267A73E5FB64310F15862EE4A7C77D0DE35A944CB40

Function 00832ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00832B30
DeleteObject.GDI32(00000000), ref: 00832B43
DestroyWindow.USER32 ref: 00832B52
GetDesktopWindow.USER32 ref: 00832B6D
GetWindowRect.USER32(00000000), ref: 00832B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00832CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00832CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832CF8
GetClientRect.USER32(00000000,?), ref: 00832D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00832D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D80
GlobalLock.KERNEL32(00000000), ref: 00832D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D98
GlobalUnlock.KERNEL32(00000000), ref: 00832DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DA8
GlobalFree.KERNEL32(00000000), ref: 00832DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,0084FC38,00000000), ref: 00832DDB
GlobalFree.KERNEL32(00000000), ref: 00832DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00832E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00832E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0083303F

Strings

, xrefs: 00832FC5
static, xrefs: 00832D3A, 00832E91
AutoIt v3, xrefs: 00832CF2
DISPLAY, xrefs: 00832EA2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 2a1f81974851d170d5cb5ae9df6e1c74a47469bf538cd2e2d4c790d7e437515e
Instruction ID: de225b8e1bb19c54a2fe0a37a6454395ce4765346d593baaa9a1e32bbebf032e
Opcode Fuzzy Hash: 2a1f81974851d170d5cb5ae9df6e1c74a47469bf538cd2e2d4c790d7e437515e
Instruction Fuzzy Hash: 64024975500218EFDB24DF68CC89EAE7BB9FF49710F048558F915EB2A1DB74A901CBA0

Function 008470D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 0084712F
GetSysColorBrush.USER32(0000000F), ref: 00847160
GetSysColor.USER32(0000000F), ref: 0084716C
SetBkColor.GDI32(?,000000FF), ref: 00847186
SelectObject.GDI32(?,?), ref: 00847195
InflateRect.USER32(?,000000FF,000000FF), ref: 008471C0
GetSysColor.USER32(00000010), ref: 008471C8
CreateSolidBrush.GDI32(00000000), ref: 008471CF
FrameRect.USER32(?,?,00000000), ref: 008471DE
DeleteObject.GDI32(00000000), ref: 008471E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00847230
FillRect.USER32(?,?,?), ref: 00847262
GetWindowLongW.USER32(?,000000F0), ref: 00847284

Part of subcall function 008473E8: GetSysColor.USER32(00000012), ref: 00847421
Part of subcall function 008473E8: SetTextColor.GDI32(?,?), ref: 00847425
Part of subcall function 008473E8: GetSysColorBrush.USER32(0000000F), ref: 0084743B
Part of subcall function 008473E8: GetSysColor.USER32(0000000F), ref: 00847446
Part of subcall function 008473E8: GetSysColor.USER32(00000011), ref: 00847463
Part of subcall function 008473E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00847471
Part of subcall function 008473E8: SelectObject.GDI32(?,00000000), ref: 00847482
Part of subcall function 008473E8: SetBkColor.GDI32(?,00000000), ref: 0084748B
Part of subcall function 008473E8: SelectObject.GDI32(?,?), ref: 00847498
Part of subcall function 008473E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008474B7
Part of subcall function 008473E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008474CE
Part of subcall function 008473E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008474DB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 10ee9c17faaabc063ab7e1356e31aab080272d9ebd1674a953e482da728a5e3d
Instruction ID: 765c7c820242e0881352ec17fa747d780afdc7684f34830b6d3cf1ea659bc5ac
Opcode Fuzzy Hash: 10ee9c17faaabc063ab7e1356e31aab080272d9ebd1674a953e482da728a5e3d
Instruction Fuzzy Hash: 23A1AF76009315AFDB509F64DC48E6BBBA9FF8A320F100A19F962E61E1D770E944CB91

Function 007C8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 007C8E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00806AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00806AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00806F43

Part of subcall function 007C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C8BE8,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8FC5

SendMessageW.USER32(?,00001053), ref: 00806F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00806F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00806FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00806FB7

Strings

0, xrefs: 00806DCF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: d719e92253906da0e560665713dace305ba87b8fcdd02875513b461ea5d46841
Instruction ID: 7f3433964298a26378854a6256eb689d9390172b6443fa529c02fe2b8930344c
Opcode Fuzzy Hash: d719e92253906da0e560665713dace305ba87b8fcdd02875513b461ea5d46841
Instruction Fuzzy Hash: 9912AC34201211DFDBA5CF28CC58BA9BBE5FF45310F54446DE495CB2A2DB35E862CB92

Function 00832711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 0083273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0083286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008328A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008328B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00832900
GetClientRect.USER32(00000000,?), ref: 0083290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00832955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00832964
GetStockObject.GDI32(00000011), ref: 00832974
SelectObject.GDI32(00000000,00000000), ref: 00832978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00832988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00832991
DeleteDC.GDI32(00000000), ref: 0083299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008329C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 008329DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00832A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00832A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00832A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00832A77
GetStockObject.GDI32(00000011), ref: 00832A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00832A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00832A97

Strings

static, xrefs: 0083294F, 00832A71
AutoIt v3, xrefs: 008328F8
msctls_progress32, xrefs: 00832A13
DISPLAY, xrefs: 0083295A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 42f6ab8db8f57951d15bfa8142149586d7703f832eb4af3d780732a282b74bc1
Instruction ID: e3b379803e14e7dd318039e1bb2d1dc92b6d133347857f5bce554b731aef1237
Opcode Fuzzy Hash: 42f6ab8db8f57951d15bfa8142149586d7703f832eb4af3d780732a282b74bc1
Instruction Fuzzy Hash: F3B16C75A00219AFEB14DFA8CC4AFAE7BA9FB48714F008514F915E7290DB74ED40CBA0

Function 00824ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00824AED
GetDriveTypeW.KERNEL32(?,0084CB68,?,\\.\,0084CC08), ref: 00824BCA
SetErrorMode.KERNEL32(00000000,0084CB68,?,\\.\,0084CC08), ref: 00824D36

Strings

PhysicalDrive, xrefs: 00824B76
CDROM, xrefs: 00824BFB
1394, xrefs: 00824C9F
SAS, xrefs: 00824CC9
SSD, xrefs: 00824C4A
Unknown, xrefs: 00824BED, 00824C83
USB, xrefs: 00824CB4
MMC, xrefs: 00824CDE
FileBackedVirtual, xrefs: 00824CEC
Virtual, xrefs: 00824CE5
Fixed, xrefs: 00824C09
\\.\, xrefs: 00824B3F
SATA, xrefs: 00824CD0
Fibre, xrefs: 00824CAD
RAID, xrefs: 00824CBB
RAMDisk, xrefs: 00824BF4
Network, xrefs: 00824C02
SCSI, xrefs: 00824C8A
iSCSI, xrefs: 00824CC2
ATAPI, xrefs: 00824C91
Removable, xrefs: 00824C10, 00824C15
SSA, xrefs: 00824CA6
ATA, xrefs: 00824C98

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 57628564f60d5b832ac0b273d8f380e5ed4549c85789049cedcb031ef6817ec2
Instruction ID: 71ac7bcd1eace9da5b23383f833b7ba123e9ec81be9bf7a821a97e2da5ada5ee
Opcode Fuzzy Hash: 57628564f60d5b832ac0b273d8f380e5ed4549c85789049cedcb031ef6817ec2
Instruction Fuzzy Hash: CE610630601619DBCB14DF68DA85DAC7BA0FF44304B249016F81AEB396EB3ADDD1DB61

Function 008473E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00847421
SetTextColor.GDI32(?,?), ref: 00847425
GetSysColorBrush.USER32(0000000F), ref: 0084743B
GetSysColor.USER32(0000000F), ref: 00847446
CreateSolidBrush.GDI32(?), ref: 0084744B
GetSysColor.USER32(00000011), ref: 00847463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00847471
SelectObject.GDI32(?,00000000), ref: 00847482
SetBkColor.GDI32(?,00000000), ref: 0084748B
SelectObject.GDI32(?,?), ref: 00847498
InflateRect.USER32(?,000000FF,000000FF), ref: 008474B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008474CE
GetWindowLongW.USER32(00000000,000000F0), ref: 008474DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0084752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00847554
InflateRect.USER32(?,000000FD,000000FD), ref: 00847572
DrawFocusRect.USER32(?,?), ref: 0084757D
GetSysColor.USER32(00000011), ref: 0084758E
SetTextColor.GDI32(?,00000000), ref: 00847596
DrawTextW.USER32(?,008470F5,000000FF,?,00000000), ref: 008475A8
SelectObject.GDI32(?,?), ref: 008475BF
DeleteObject.GDI32(?), ref: 008475CA
SelectObject.GDI32(?,?), ref: 008475D0
DeleteObject.GDI32(?), ref: 008475D5
SetTextColor.GDI32(?,?), ref: 008475DB
SetBkColor.GDI32(?,?), ref: 008475E5

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: d3cf065a283503f6623c3425484309ed5ff45f5d45476a826bfaa7abf5e2b2d0
Instruction ID: d6224014a002ad7f0ff79dc7d5a2697c23b377326337c4872d921a66a2239604
Opcode Fuzzy Hash: d3cf065a283503f6623c3425484309ed5ff45f5d45476a826bfaa7abf5e2b2d0
Instruction Fuzzy Hash: 35616A76901218AFDF119FA4DC49EAEBFB9FB09320F118115F915BB2A1D7749940CF90

Function 00840FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00841128
GetDesktopWindow.USER32 ref: 0084113D
GetWindowRect.USER32(00000000), ref: 00841144
GetWindowLongW.USER32(?,000000F0), ref: 00841199
DestroyWindow.USER32(?), ref: 008411B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008411ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0084120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0084121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00841232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00841245
IsWindowVisible.USER32(00000000), ref: 008412A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008412BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008412D0
GetWindowRect.USER32(00000000,?), ref: 008412E8
MonitorFromPoint.USER32(?,?,00000002), ref: 0084130E
GetMonitorInfoW.USER32(00000000,?), ref: 00841328
CopyRect.USER32(?,?), ref: 0084133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 008413AA

Strings

0, xrefs: 008410D3
(, xrefs: 0084131B
tooltips_class32, xrefs: 008411E6

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: e8857675b455bb798727b58c8232ad6253c871286ebdd2fc2f01579275611c4e
Instruction ID: e02ff8c16b9035c6c8926b66873e34a28ab9ef6b6d0ff0dfadcbe4f19a749648
Opcode Fuzzy Hash: e8857675b455bb798727b58c8232ad6253c871286ebdd2fc2f01579275611c4e
Instruction Fuzzy Hash: 2AB17D71604345AFDB54DF64C888BAABBE4FF89354F00891CF999DB261C771E844CB92

Function 007C8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C8968
GetSystemMetrics.USER32(00000007), ref: 007C8970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C899B
GetSystemMetrics.USER32(00000008), ref: 007C89A3
GetSystemMetrics.USER32(00000004), ref: 007C89C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007C89E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007C89F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007C8A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007C8A3C
GetClientRect.USER32(00000000,000000FF), ref: 007C8A5A
GetStockObject.GDI32(00000011), ref: 007C8A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 007C8A81

Part of subcall function 007C912D: GetCursorPos.USER32(?), ref: 007C9141
Part of subcall function 007C912D: ScreenToClient.USER32(00000000,?), ref: 007C915E
Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000001), ref: 007C9183
Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000002), ref: 007C919D

SetTimer.USER32(00000000,00000000,00000028,007C90FC), ref: 007C8AA8

Strings

AutoIt v3 GUI, xrefs: 007C8A20

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 21bad5887a6951e8a429dd5ee04059b893e63cdd167a6a8df35df2c513903126
Instruction ID: 8293708309932ccce6a3c8c1b09fbdbb734a17a459b3c0ef6f2d911d929b5645
Opcode Fuzzy Hash: 21bad5887a6951e8a429dd5ee04059b893e63cdd167a6a8df35df2c513903126
Instruction Fuzzy Hash: 8FB18A75A0020AAFDF54DFA8CC49BAE7BB9FB48314F11422DFA15E7290DB34A851CB51

Function 00810D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
Part of subcall function 008110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
Part of subcall function 008110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
Part of subcall function 008110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00810DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00810E29
GetLengthSid.ADVAPI32(?), ref: 00810E40
GetAce.ADVAPI32(?,00000000,?), ref: 00810E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00810E96
GetLengthSid.ADVAPI32(?), ref: 00810EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00810EB5
HeapAlloc.KERNEL32(00000000), ref: 00810EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00810EDD
CopySid.ADVAPI32(00000000), ref: 00810EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00810F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00810F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00810F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F6E
HeapFree.KERNEL32(00000000), ref: 00810F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F7E
HeapFree.KERNEL32(00000000), ref: 00810F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F8E
HeapFree.KERNEL32(00000000), ref: 00810F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00810FA1
HeapFree.KERNEL32(00000000), ref: 00810FA8

Part of subcall function 00811193: GetProcessHeap.KERNEL32(00000008,00810BB1,?,00000000,?,00810BB1,?), ref: 008111A1
Part of subcall function 00811193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00810BB1,?), ref: 008111A8
Part of subcall function 00811193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00810BB1,?), ref: 008111B7

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 337e1eb813370e709417c086be5436925f92dabeff2125b56a97aef522fb7571
Instruction ID: 30cb46ac7d96d2665850688efda8f31fb9d5c29f5f0e013e73940b53b491ce77
Opcode Fuzzy Hash: 337e1eb813370e709417c086be5436925f92dabeff2125b56a97aef522fb7571
Instruction Fuzzy Hash: 9171487690120AABDB209FA5DC49BEEBBBCFF05300F044115E959E6191DB719A86CF60

Function 0083C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,0084CC08,00000000,?,00000000,?,?), ref: 0083C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0083C5A4
_wcslen.LIBCMT ref: 0083C5F4
_wcslen.LIBCMT ref: 0083C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0083C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0083C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0083C84D
RegCloseKey.ADVAPI32(?), ref: 0083C881
RegCloseKey.ADVAPI32(00000000), ref: 0083C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0083C960

Strings

REG_MULTI_SZ, xrefs: 0083C6F5
REG_DWORD, xrefs: 0083C804
REG_QWORD, xrefs: 0083C8C3
REG_BINARY, xrefs: 0083C913
REG_EXPAND_SZ, xrefs: 0083C5CD
REG_SZ, xrefs: 0083C644

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 9189e7f91001ef01aaaef177b6a18dd99e9e437b94bc11346e59622040e2aaaf
Instruction ID: 19cc5cd4c630f8493a62c4cc936dd02d9bf427eabe57c65402344910b4ec52a5
Opcode Fuzzy Hash: 9189e7f91001ef01aaaef177b6a18dd99e9e437b94bc11346e59622040e2aaaf
Instruction Fuzzy Hash: 5B123435604201DFCB14DF14C885B6AB7E5FF88714F14889DF89AAB2A2DB35ED41CB91

Function 0084091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 008409C6
_wcslen.LIBCMT ref: 00840A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00840A54
_wcslen.LIBCMT ref: 00840A8A
_wcslen.LIBCMT ref: 00840B06
_wcslen.LIBCMT ref: 00840B81

Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD

Part of subcall function 00812BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00812BFA

Strings

EXISTS, xrefs: 00840B7C, 00840B97
GETSELECTED, xrefs: 00840C4E
SELECT, xrefs: 00840D11
EXPAND, xrefs: 00840BF8
ISCHECKED, xrefs: 00840CE1
CHECK, xrefs: 00840A85, 00840AA0
UNCHECK, xrefs: 00840D3E
GETITEMCOUNT, xrefs: 00840C1E
COLLAPSE, xrefs: 00840B01, 00840B1C
GETTOTALCOUNT, xrefs: 008409F2, 00840A17
GETTEXT, xrefs: 00840C97

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 11f5358184063a390b88f9988477ef12a53897d931eaff3219dbe8da420ec9e1
Instruction ID: 55e4d8eb6a3f4d9bfca4a3d644c7bafdb43ed57f86d5de9b5f2341458b66eb6f
Opcode Fuzzy Hash: 11f5358184063a390b88f9988477ef12a53897d931eaff3219dbe8da420ec9e1
Instruction Fuzzy Hash: 10E17831608305DFC714DF24C491A6AB7E2FF98318B14895DF99A9B3A2D734ED49CB82

Function 0083C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
_wcslen.LIBCMT ref: 0083C9F1
_wcslen.LIBCMT ref: 0083CA68
_wcslen.LIBCMT ref: 0083CA9E
_wcslen.LIBCMT ref: 0083CAF9
_wcslen.LIBCMT ref: 0083CB2F
_wcslen.LIBCMT ref: 0083CB7F

Strings

HKEY_LOCAL_MACHINE, xrefs: 0083CA62, 0083CA67
HKLM, xrefs: 0083CA98, 0083CA9D
HKEY_CLASSES_ROOT, xrefs: 0083CAF3, 0083CAF8
HKU, xrefs: 0083CBF0
HKEY_CURRENT_USER, xrefs: 0083CBBD
HKCR, xrefs: 0083CB29, 0083CB2E
HKEY_CURRENT_CONFIG, xrefs: 0083CB79, 0083CB7E
HKCC, xrefs: 0083CBAC
HKEY_USERS, xrefs: 0083CBDF
HKCU, xrefs: 0083CBCE

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 92ce81ddef22ef537d01200543781dbcbe4baa0aa70c0791b8ac7876f10f9fe2
Instruction ID: 9ca86d202b339990f141ed305aa969b5fbfacdef98adffa7c22e863867014045
Opcode Fuzzy Hash: 92ce81ddef22ef537d01200543781dbcbe4baa0aa70c0791b8ac7876f10f9fe2
Instruction Fuzzy Hash: 7271D37260012A8BCB20DE7CCD516BA73A5FBE0764F254529F866F7284EA35DD45C3E0

Function 0084833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0084835A
_wcslen.LIBCMT ref: 0084836E
_wcslen.LIBCMT ref: 00848391
_wcslen.LIBCMT ref: 008483B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008483F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0084361A,?), ref: 0084844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00848487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008484CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00848501
FreeLibrary.KERNEL32(?), ref: 0084850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0084851D
DestroyIcon.USER32(?), ref: 0084852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00848549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00848555

Strings

.icl, xrefs: 00848368
.dll, xrefs: 008483AB
.exe, xrefs: 00848388

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 15f317537bd7df392fba25ab743e63f6cfd9526fcd82a442900d44ee0b921287
Instruction ID: 0755e91b7ab20ab911b55309e3dc2967c8d10a9aec67aeb3ad187cb982899be9
Opcode Fuzzy Hash: 15f317537bd7df392fba25ab743e63f6cfd9526fcd82a442900d44ee0b921287
Instruction Fuzzy Hash: B961AF71900219FBEB14DF64CC85BBE77ACFB04B11F10454AF915E61D1DB74AA90CBA0

Function 007B7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

", xrefs: 007F5153
Cannot parse #include, xrefs: 007F5279
#notrayicon, xrefs: 007B77E7
#requireadmin, xrefs: 007B77FF
#comments-end, xrefs: 007B78D9
#include, xrefs: 007B7847
Unterminated group of comments, xrefs: 007F528C
#ce, xrefs: 007B78ED
#cs, xrefs: 007B7873, 007B78C5
#comments-start, xrefs: 007B785F, 007B78B1
#OnAutoItStartRegister, xrefs: 007B7817
', xrefs: 007F5169
#pragma compile, xrefs: 007B77D3
Bad directive syntax error, xrefs: 007F519A
#include-once, xrefs: 007B782F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 64599cebc13cd0d12b7f1bf469ecb68ccc8f82fb96059e56254695749a34808e
Instruction ID: e9ae8844307ff727b0ea56be9e59a88c66f851b101d7ba9b43d039a3d3b105c7
Opcode Fuzzy Hash: 64599cebc13cd0d12b7f1bf469ecb68ccc8f82fb96059e56254695749a34808e
Instruction Fuzzy Hash: BB81C371A04609FBDB24AF60CC46FFE37A9FF55300F044025FA15AA296EB7CD911D6A1

Function 00823E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00823EF8
_wcslen.LIBCMT ref: 00823F03
_wcslen.LIBCMT ref: 00823F5A
_wcslen.LIBCMT ref: 00823F98
GetDriveTypeW.KERNEL32(?), ref: 00823FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0082401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00824059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00824087

Strings

type cdaudio alias cd wait, xrefs: 00824001
open, xrefs: 00823F54, 00823F59
open , xrefs: 00823FE5
closed, xrefs: 00823F08, 00823F2D, 00823F46, 00823F7E, 00823F97
close cd wait, xrefs: 00824072
wait, xrefs: 00824044
set cd door , xrefs: 00824028
close, xrefs: 00823EFE, 00823F18

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 7a8d00cfb8414bf816bfec0c31da590350dd89975edab9292cd904dbeb019244
Instruction ID: e5fc2d533d9e1a16cf615f241f11eb5dadedea36d0b3f5ddcfd437aafe71a33b
Opcode Fuzzy Hash: 7a8d00cfb8414bf816bfec0c31da590350dd89975edab9292cd904dbeb019244
Instruction Fuzzy Hash: 267101326046119FC310EF24D8909AAB7F4FF94758F10892DF9A5D7251EB38ED89CB51

Function 00815A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00815A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00815A40
SetWindowTextW.USER32(?,?), ref: 00815A57
GetDlgItem.USER32(?,000003EA), ref: 00815A6C
SetWindowTextW.USER32(00000000,?), ref: 00815A72
GetDlgItem.USER32(?,000003E9), ref: 00815A82
SetWindowTextW.USER32(00000000,?), ref: 00815A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00815AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00815AC3
GetWindowRect.USER32(?,?), ref: 00815ACC
_wcslen.LIBCMT ref: 00815B33
SetWindowTextW.USER32(?,?), ref: 00815B6F
GetDesktopWindow.USER32 ref: 00815B75
GetWindowRect.USER32(00000000), ref: 00815B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00815BD3
GetClientRect.USER32(?,?), ref: 00815BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00815C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00815C2F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 1a4674c344b2de4132d1e20a0fb70f2298fdfeca4356c1a6e65832bbdb7ad9df
Instruction ID: 18d71799e6ad14f13930a64823c0960bdc378615cc513ea4a99d52609d6a2055
Opcode Fuzzy Hash: 1a4674c344b2de4132d1e20a0fb70f2298fdfeca4356c1a6e65832bbdb7ad9df
Instruction Fuzzy Hash: F2716F31900B09EFDB20DFA9CE85AAEBBF9FF88714F104519E542E25A0D775E984CB50

Function 0082FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 0082FE27
LoadCursorW.USER32(00000000,00007F8A), ref: 0082FE32
LoadCursorW.USER32(00000000,00007F00), ref: 0082FE3D
LoadCursorW.USER32(00000000,00007F03), ref: 0082FE48
LoadCursorW.USER32(00000000,00007F8B), ref: 0082FE53
LoadCursorW.USER32(00000000,00007F01), ref: 0082FE5E
LoadCursorW.USER32(00000000,00007F81), ref: 0082FE69
LoadCursorW.USER32(00000000,00007F88), ref: 0082FE74
LoadCursorW.USER32(00000000,00007F80), ref: 0082FE7F
LoadCursorW.USER32(00000000,00007F86), ref: 0082FE8A
LoadCursorW.USER32(00000000,00007F83), ref: 0082FE95
LoadCursorW.USER32(00000000,00007F85), ref: 0082FEA0
LoadCursorW.USER32(00000000,00007F82), ref: 0082FEAB
LoadCursorW.USER32(00000000,00007F84), ref: 0082FEB6
LoadCursorW.USER32(00000000,00007F04), ref: 0082FEC1
LoadCursorW.USER32(00000000,00007F02), ref: 0082FECC
GetCursorInfo.USER32(?), ref: 0082FEDC
GetLastError.KERNEL32 ref: 0082FF1E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 2b9e669b75deb0085c38591913aa42ca1d423837d60f74dd56c4adf797f351cc
Instruction ID: 043c68343e12d85225fac4952fd7b9c99572e6c9bdcfe6e916b6ec6e18499a0f
Opcode Fuzzy Hash: 2b9e669b75deb0085c38591913aa42ca1d423837d60f74dd56c4adf797f351cc
Instruction Fuzzy Hash: 314160B0D04319AADB109FBA9C8985EBFF8FF04354B50853AF119E7281DB78A941CE90

Function 007D00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007D00C6

Part of subcall function 007D00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0088070C,00000FA0,7C8A83F1,?,?,?,?,007F23B3,000000FF), ref: 007D011C
Part of subcall function 007D00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007F23B3,000000FF), ref: 007D0127
Part of subcall function 007D00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007F23B3,000000FF), ref: 007D0138
Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007D014E
Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007D015C
Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007D016A
Part of subcall function 007D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007D0195
Part of subcall function 007D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007D01A0

___scrt_fastfail.LIBCMT ref: 007D00E7

Part of subcall function 007D00A3: __onexit.LIBCMT ref: 007D00A9

Strings

WakeAllConditionVariable, xrefs: 007D0162
InitializeConditionVariable, xrefs: 007D0148
api-ms-win-core-synch-l1-2-0.dll, xrefs: 007D0122
SleepConditionVariableCS, xrefs: 007D0154
kernel32.dll, xrefs: 007D0133

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: fb5fc22f96e3cff6248dc2f0653c1cb4342d459d20ec6aaee3f4f9b64ae1e7d8
Instruction ID: 5c245c9f306993479fbfc1a9d13b205c66e4fc8408f9863c02985868cfb002ab
Opcode Fuzzy Hash: fb5fc22f96e3cff6248dc2f0653c1cb4342d459d20ec6aaee3f4f9b64ae1e7d8
Instruction Fuzzy Hash: 0D21C636A45719ABE7506BA4AC09B6E77E8FB05B51F10013FF911E3392DB7E98008AD0

Function 008130F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0081318D
_wcslen.LIBCMT ref: 008131F8

Strings

INSTANCE, xrefs: 00813453
TEXT, xrefs: 0081347C
REGEXPCLASS, xrefs: 00813255, 00813266
CLASSNN, xrefs: 008131F3, 00813204
NAME, xrefs: 00813335, 00813346
CLASS, xrefs: 00813188, 008131A5

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: a8137b3f5c9445f4494a8947a0c393c5cd25e3b5b73f82fe5e319595d5c56ef2
Instruction ID: 0fedceb0302cbd488bfd94d1c42bd4f4bd7e2ba3d28bf9bbc2925dd844819846
Opcode Fuzzy Hash: a8137b3f5c9445f4494a8947a0c393c5cd25e3b5b73f82fe5e319595d5c56ef2
Instruction Fuzzy Hash: 63E1E432A00516EBCB189FA8C455BEDFBB9FF54710F54812AE566F7240DB30AEC98790

Function 008244C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,0084CC08), ref: 00824527
_wcslen.LIBCMT ref: 0082453B
_wcslen.LIBCMT ref: 00824599
_wcslen.LIBCMT ref: 008245F4
_wcslen.LIBCMT ref: 0082463F
_wcslen.LIBCMT ref: 008246A7

Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD

GetDriveTypeW.KERNEL32(?,00876BF0,00000061), ref: 00824743

Strings

all, xrefs: 00824531, 00824536
fixed, xrefs: 00824635, 0082463A
removable, xrefs: 008245EA, 008245EF
cdrom, xrefs: 0082458F, 00824594
network, xrefs: 0082469D, 008246A2
ramdisk, xrefs: 008246F1
unknown, xrefs: 00824708

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 0ce5cbb06bdf287ad6008cb94fe77b48c7af531ac44dd64504502d91b3904ddb
Instruction ID: a922b0521a8c074d8b507d955d448b3b9ffd4edd28cf4bebd4f6f4dab113efae
Opcode Fuzzy Hash: 0ce5cbb06bdf287ad6008cb94fe77b48c7af531ac44dd64504502d91b3904ddb
Instruction Fuzzy Hash: A1B112316083229FC710DF28E890A6EB7E5FFA5724F50591DF5AAC7291E734D884CB62

Function 00833FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,0084CC08), ref: 008340BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 008340CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0084CC08), ref: 008340F2
FreeLibrary.KERNEL32(00000000,?,0084CC08), ref: 0083413E
StringFromGUID2.OLE32(?,?,00000028,?,0084CC08), ref: 008341A8
SysFreeString.OLEAUT32(00000009), ref: 00834262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 008342C8
SysFreeString.OLEAUT32(?), ref: 008342F2

Strings

kernel32.dll, xrefs: 008340B6
GetModuleHandleExW, xrefs: 008340C7

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 4ed91841bbe92b514f4a2b006addf9b61e4f5ddff4ae81c5fd90b4b6d43f5d87
Instruction ID: 2e4ae6a385866f397824fe749e10ef71288891ceeec14c517b0fd55e8b81d250
Opcode Fuzzy Hash: 4ed91841bbe92b514f4a2b006addf9b61e4f5ddff4ae81c5fd90b4b6d43f5d87
Instruction Fuzzy Hash: 99122D75A00119EFDB14CF94C884EAEBBB9FF85318F248098E905EB251D731ED46CBA0

Function 007B326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00881990), ref: 007F2F8D
GetMenuItemCount.USER32(00881990), ref: 007F303D
GetCursorPos.USER32(?), ref: 007F3081
SetForegroundWindow.USER32(00000000), ref: 007F308A
TrackPopupMenuEx.USER32(00881990,00000000,?,00000000,00000000,00000000), ref: 007F309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007F30A9

Strings

0, xrefs: 007B327D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: a1d8b536b3ab54fa66dde813e5c94c6697b7b97fd18966722f5b4b625007b585
Instruction ID: ce8344698765f5ab8dfbc8e13e75fc09c1031beeb5a925525f7bfb7b9b137017
Opcode Fuzzy Hash: a1d8b536b3ab54fa66dde813e5c94c6697b7b97fd18966722f5b4b625007b585
Instruction Fuzzy Hash: B5712D70644209BEEB218F64CC49FEABF69FF05324F204216F615A62D1C7B9AD50DB51

Function 00846CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00846DEB

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00846E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00846E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00846E94
DestroyWindow.USER32(?), ref: 00846EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007B0000,00000000), ref: 00846EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00846EFD
GetDesktopWindow.USER32 ref: 00846F16
GetWindowRect.USER32(00000000), ref: 00846F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00846F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00846F4D

Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952

Strings

0, xrefs: 00846D98
tooltips_class32, xrefs: 00846E58, 00846EDD

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 7324067461c5b0abb4bd5c1edd98fc0aea3392cecda6757137138d198a0764fa
Instruction ID: 59fbb75dd60c66bc5a3a352b1f24904d8d8c8462b208c094b4b13a2d77133f45
Opcode Fuzzy Hash: 7324067461c5b0abb4bd5c1edd98fc0aea3392cecda6757137138d198a0764fa
Instruction Fuzzy Hash: 9A714674104348AFDB61CF18DC48BAABBE9FB8A304F54441DF999C7261DB74A91ACB12

Function 0084911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

DragQueryPoint.SHELL32(?,?), ref: 00849147

Part of subcall function 00847674: ClientToScreen.USER32(?,?), ref: 0084769A
Part of subcall function 00847674: GetWindowRect.USER32(?,?), ref: 00847710
Part of subcall function 00847674: PtInRect.USER32(?,?,00848B89), ref: 00847720

SendMessageW.USER32(?,000000B0,?,?), ref: 008491B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008491BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008491DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00849225
SendMessageW.USER32(?,000000B0,?,?), ref: 0084923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00849255
SendMessageW.USER32(?,000000B1,?,?), ref: 00849277
DragFinish.SHELL32(?), ref: 0084927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00849371

Strings

@GUI_DRAGID, xrefs: 008492E9
@GUI_DRAGFILE, xrefs: 00849320
@GUI_DROPID, xrefs: 0084929E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 73234da629cbd78eb70dcfc152f34a4d3252928702f820598f720f00c8b5ca71
Instruction ID: bdbbfa59c9f06e861bfc0e85633b40ae4c7a2a46a3a1954221d2fa731e0e9048
Opcode Fuzzy Hash: 73234da629cbd78eb70dcfc152f34a4d3252928702f820598f720f00c8b5ca71
Instruction Fuzzy Hash: 07617C71108305AFD701EF64DC89EAFBBE8FF89350F40491DF6A5922A1DB709A49CB52

Function 0082C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0082C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0082C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0082C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0082C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0082C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0082C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0082C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0082C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0082C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0082C5F0
InternetCloseHandle.WININET(00000000), ref: 0082C5FB

Strings

, xrefs: 0082C575

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: f298dea88832a5e65c1a29458ebb40c6e3ff002fd90ea0b71bd33c0f4f6d804e
Instruction ID: c652945e43e4d41af07cab9cdc426af269a9cc61754e98b66f1b20f1297b3179
Opcode Fuzzy Hash: f298dea88832a5e65c1a29458ebb40c6e3ff002fd90ea0b71bd33c0f4f6d804e
Instruction Fuzzy Hash: 4D5158B4500618AFEB219F64DA88ABB7BFCFF09344F00441AF945D6250DB74E984DB60

Function 0084856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00848592
GetFileSize.KERNEL32(00000000,00000000), ref: 008485A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 008485AD
CloseHandle.KERNEL32(00000000), ref: 008485BA
GlobalLock.KERNEL32(00000000), ref: 008485C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 008485D7
GlobalUnlock.KERNEL32(00000000), ref: 008485E0
CloseHandle.KERNEL32(00000000), ref: 008485E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 008485F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,0084FC38,?), ref: 00848611
GlobalFree.KERNEL32(00000000), ref: 00848621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00848641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00848671
DeleteObject.GDI32(00000000), ref: 00848699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008486AF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 6e08ea6f6a589543d07bbed1e3c1eb075cffe3d2ea23c9687765bea4b09db686
Instruction ID: 7da7ef7db1ef7a90081bfab9c8421dccd1309b2c1413ec2e677ef774535f6a14
Opcode Fuzzy Hash: 6e08ea6f6a589543d07bbed1e3c1eb075cffe3d2ea23c9687765bea4b09db686
Instruction Fuzzy Hash: D8412979601208EFDB519FA5CC48EAE7BBCFF9A715F118058F909E7260DB749901DB20

Function 008214BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00821502
VariantCopy.OLEAUT32(?,?), ref: 0082150B
VariantClear.OLEAUT32(?), ref: 00821517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008215FB
VarR8FromDec.OLEAUT32(?,?), ref: 00821657
VariantInit.OLEAUT32(?), ref: 00821708
SysFreeString.OLEAUT32(?), ref: 0082178C
VariantClear.OLEAUT32(?), ref: 008217D8
VariantClear.OLEAUT32(?), ref: 008217E7
VariantInit.OLEAUT32(00000000), ref: 00821823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00821625
Default, xrefs: 008216AF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: d27d66d1397570efa1b24bb300897270d60de9aee44f815f873a66d03a141748
Instruction ID: 15a55445df01e1e8f38bac0e7d42cfb47e89e0e35077e7c34c292fe008193826
Opcode Fuzzy Hash: d27d66d1397570efa1b24bb300897270d60de9aee44f815f873a66d03a141748
Instruction Fuzzy Hash: 4CD1CF71A00229EBDF109F65E98DBB9B7B5FF55704F24809AE406EB180DB34EC81DB61

Function 0083B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083B772
RegDeleteValueW.ADVAPI32(?,?), ref: 0083B80A
RegCloseKey.ADVAPI32(?), ref: 0083B87E
RegCloseKey.ADVAPI32(?), ref: 0083B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 0083B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0083B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 0083B922
FreeLibrary.KERNEL32(00000000), ref: 0083B983
RegCloseKey.ADVAPI32(00000000), ref: 0083B994

Strings

RegDeleteKeyExW, xrefs: 0083B8FE
advapi32.dll, xrefs: 0083B8ED

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: a54c3aa904fc45b99503c02276fc718fba4217feda7901b5a0ce10c95142ad81
Instruction ID: 30513ba37bd3a0391948f638cf2344f51ef3e724e4cb0e6172822ab24584d91f
Opcode Fuzzy Hash: a54c3aa904fc45b99503c02276fc718fba4217feda7901b5a0ce10c95142ad81
Instruction Fuzzy Hash: 03C17A75208201EFD710DF14C499B6ABBE5FF84318F18849CF69A8B2A2DB35ED45CB91

Function 0083255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 008325D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008325E8
CreateCompatibleDC.GDI32(?), ref: 008325F4
SelectObject.GDI32(00000000,?), ref: 00832601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0083266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008326AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008326D0
SelectObject.GDI32(?,?), ref: 008326D8
DeleteObject.GDI32(?), ref: 008326E1
DeleteDC.GDI32(?), ref: 008326E8
ReleaseDC.USER32(00000000,?), ref: 008326F3

Strings

(, xrefs: 0083268D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: aad4aa2bc5f34126b20d361abbf775c0e74afc29abdbbb3e232eb1320852a9a9
Instruction ID: e8186a6d8b64aa710d723f887d49b43914c7514245dced594197877913144902
Opcode Fuzzy Hash: aad4aa2bc5f34126b20d361abbf775c0e74afc29abdbbb3e232eb1320852a9a9
Instruction Fuzzy Hash: CB61E275D01219EFCF14CFA8D885AAEBBBAFF48310F208529E955E7250E770A951CF90

Function 007EDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 007EDAA1

Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED659
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED66B
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED67D
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED68F
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6A1
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6B3
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6C5
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6D7
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6E9
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6FB
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED70D
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED71F
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED731

_free.LIBCMT ref: 007EDA96

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007EDAB8
_free.LIBCMT ref: 007EDACD
_free.LIBCMT ref: 007EDAD8
_free.LIBCMT ref: 007EDAFA
_free.LIBCMT ref: 007EDB0D
_free.LIBCMT ref: 007EDB1B
_free.LIBCMT ref: 007EDB26
_free.LIBCMT ref: 007EDB5E
_free.LIBCMT ref: 007EDB65
_free.LIBCMT ref: 007EDB82
_free.LIBCMT ref: 007EDB9A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: b4d5840bfc30ca9022307aa1ecd3015d85341cc2b50ad69d6863f88f0ff58c12
Instruction ID: cadab9b782c309b43f8f849fc2163c742b30370a4ad6403aaf63d0bd409cb1ad
Opcode Fuzzy Hash: b4d5840bfc30ca9022307aa1ecd3015d85341cc2b50ad69d6863f88f0ff58c12
Instruction Fuzzy Hash: 62315F71506288DFDB31AA76D84AB5677E8FF08310F115429E458E71A2EA3DFD418B20

Function 0081365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 0081369C
_wcslen.LIBCMT ref: 008136A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00813797
GetClassNameW.USER32(?,?,00000400), ref: 0081380C
GetDlgCtrlID.USER32(?), ref: 0081385D
GetWindowRect.USER32(?,?), ref: 00813882
GetParent.USER32(?), ref: 008138A0
ScreenToClient.USER32(00000000), ref: 008138A7
GetClassNameW.USER32(?,?,00000100), ref: 00813921
GetWindowTextW.USER32(?,?,00000400), ref: 0081395D

Strings

%s%u, xrefs: 00813734

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: a84072a21a3d19320f277c12d6fda2d5eee65f28471c589ccf53badaa9a65334
Instruction ID: b8174ff7018e758bc9656e04ec2446cebe36a206382cb83e366266fa773738bf
Opcode Fuzzy Hash: a84072a21a3d19320f277c12d6fda2d5eee65f28471c589ccf53badaa9a65334
Instruction Fuzzy Hash: C291AF71204606AFD719DF24C885FEAFBACFF45350F008629F999D2190DB34EA95CBA1

Function 00814954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00814994
GetWindowTextW.USER32(?,?,00000400), ref: 008149DA
_wcslen.LIBCMT ref: 008149EB
CharUpperBuffW.USER32(?,00000000), ref: 008149F7
_wcsstr.LIBVCRUNTIME ref: 00814A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00814A64
GetWindowTextW.USER32(?,?,00000400), ref: 00814A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00814AE6
GetClassNameW.USER32(?,?,00000400), ref: 00814B20
GetWindowRect.USER32(?,?), ref: 00814B8B

Strings

ThumbnailClass, xrefs: 00814A6F, 00814AF1

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 4c35fe6e6f5a247bdd25830eca6ca770d27be02f05abf4b5ef2031bc679643ed
Instruction ID: d39455dc301cfbb0c8bd6abfc5b9519509f65586d4c80559f349caab81242975
Opcode Fuzzy Hash: 4c35fe6e6f5a247bdd25830eca6ca770d27be02f05abf4b5ef2031bc679643ed
Instruction Fuzzy Hash: D4919C710082059BDB04CF54C985BEA7BECFF84354F04946AFD8ADA196EB34ED85CBA1

Function 0081BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00881990,000000FF,00000000,00000030), ref: 0081BFAC
SetMenuItemInfoW.USER32(00881990,00000004,00000000,00000030), ref: 0081BFE1
Sleep.KERNEL32(000001F4), ref: 0081BFF3
GetMenuItemCount.USER32(?), ref: 0081C039
GetMenuItemID.USER32(?,00000000), ref: 0081C056
GetMenuItemID.USER32(?,-00000001), ref: 0081C082
GetMenuItemID.USER32(?,?), ref: 0081C0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0081C10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081C124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081C145

Strings

0, xrefs: 0081BF3D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: 262cde61f2206fdcb93278877392d95e5379a2b20d64e962c00b82d99f00ca33
Instruction ID: 367f7f1afec4795ccb081c6da047aa1aa522907223a79dbc9b0dd2b170bc19de
Opcode Fuzzy Hash: 262cde61f2206fdcb93278877392d95e5379a2b20d64e962c00b82d99f00ca33
Instruction Fuzzy Hash: 51615AB498024AABDF11CF68DC88AEEBBADFF06344F104155E811E3291CB35AD85CB61

Function 0083CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0083CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0083CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0083CD48

Part of subcall function 0083CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0083CCAA
Part of subcall function 0083CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0083CCBD
Part of subcall function 0083CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0083CCCF
Part of subcall function 0083CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0083CD05
Part of subcall function 0083CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0083CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 0083CCF3

Strings

RegDeleteKeyExW, xrefs: 0083CCC9
advapi32.dll, xrefs: 0083CCB8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 236d771883ecb8f5718df8a4d68d6aeb2cc41e63fef33f405f5dd9dfdb5d0d5c
Instruction ID: 22b0f1c9fc82eb60db71aec6aa43807974f58b74acdc6b38951f65299314fbbe
Opcode Fuzzy Hash: 236d771883ecb8f5718df8a4d68d6aeb2cc41e63fef33f405f5dd9dfdb5d0d5c
Instruction Fuzzy Hash: E9316C75902129BBDB609B65DC88EFFBB7CFF86754F000165B906E2240DA349A45DBE0

Function 00823D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00823D40
_wcslen.LIBCMT ref: 00823D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00823D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00823DBE
RemoveDirectoryW.KERNEL32(?), ref: 00823DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00823E55
CloseHandle.KERNEL32(00000000), ref: 00823E60
CloseHandle.KERNEL32(00000000), ref: 00823E6B

Strings

:, xrefs: 00823D82
\??\%s, xrefs: 00823D5B
\, xrefs: 00823D77

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: 5f0a3dcb3bbc06d1f1b19e66dc39d7fcc556453781af9770c3d5d753772d8af2
Instruction ID: d7ec37b13efa586e67184ed12d2c18261143e34b1aa1e80b6813f2a05535bd97
Opcode Fuzzy Hash: 5f0a3dcb3bbc06d1f1b19e66dc39d7fcc556453781af9770c3d5d753772d8af2
Instruction Fuzzy Hash: 1F31A176A00219ABDB209FA0DC49FEB37BCFF89700F1041A6F509D6160E7789784CB24

Function 0081E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0081E6B4

Part of subcall function 007CE551: timeGetTime.WINMM(?,?,0081E6D4), ref: 007CE555

Sleep.KERNEL32(0000000A), ref: 0081E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0081E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0081E727
SetActiveWindow.USER32 ref: 0081E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0081E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 0081E773
Sleep.KERNEL32(000000FA), ref: 0081E77E
IsWindow.USER32 ref: 0081E78A
EndDialog.USER32(00000000), ref: 0081E79B

Strings

BUTTON, xrefs: 0081E719

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 22c13e52455321b8ca7607fcb0225ed33e9f6ebc23cc8a47bcbf6cc2d1258a7e
Instruction ID: 3ea98f274d18cb4169a702da365f9b00772bda9d6865b8e2c172d0039125f18f
Opcode Fuzzy Hash: 22c13e52455321b8ca7607fcb0225ed33e9f6ebc23cc8a47bcbf6cc2d1258a7e
Instruction Fuzzy Hash: 96218174201204AFFB50DF68EC89E653BADFF76748F144424F915C22A1EB75AC80CB25

Function 0081E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0081EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0081EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0081EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0081EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0081EAA7

Strings

play PlayMe, xrefs: 0081EAA2
alias PlayMe, xrefs: 0081EA36
open , xrefs: 0081EA0C
status PlayMe mode, xrefs: 0081EA58
close PlayMe, xrefs: 0081EA6E, 0081EA9B
play PlayMe wait, xrefs: 0081EA91

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: e6bf2cb8509cf0db647adb5d170499a85c357bb953b725aa0141290a9e7839cb
Instruction ID: 466c79ea8bfe02a29b2e9699877d591223304839b2db0a0920f8bc2a81929720
Opcode Fuzzy Hash: e6bf2cb8509cf0db647adb5d170499a85c357bb953b725aa0141290a9e7839cb
Instruction Fuzzy Hash: 1511BF20A50229B9D720A3A1DC4AEFB6F7CFFD1B40F000429B925E20D5EA744984C5B0

Function 00819F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 0081A012
SetKeyboardState.USER32(?), ref: 0081A07D
GetAsyncKeyState.USER32(000000A0), ref: 0081A09D
GetKeyState.USER32(000000A0), ref: 0081A0B4
GetAsyncKeyState.USER32(000000A1), ref: 0081A0E3
GetKeyState.USER32(000000A1), ref: 0081A0F4
GetAsyncKeyState.USER32(00000011), ref: 0081A120
GetKeyState.USER32(00000011), ref: 0081A12E
GetAsyncKeyState.USER32(00000012), ref: 0081A157
GetKeyState.USER32(00000012), ref: 0081A165
GetAsyncKeyState.USER32(0000005B), ref: 0081A18E
GetKeyState.USER32(0000005B), ref: 0081A19C

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 497a251811f0993f0798f257375429fc50bc91dec2e6000eb5f95f13b0f4b153
Instruction ID: 7bb4f49127d558ea732d146b7d421f176b9fce52cb93254030d5f38b1a29d488
Opcode Fuzzy Hash: 497a251811f0993f0798f257375429fc50bc91dec2e6000eb5f95f13b0f4b153
Instruction Fuzzy Hash: 4E51B96490578469FB39DB64C4117EABFBCEF12340F084599D5C2D61C2DA649ACCC763

Function 00815CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00815CE2
GetWindowRect.USER32(00000000,?), ref: 00815CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00815D59
GetDlgItem.USER32(?,00000002), ref: 00815D69
GetWindowRect.USER32(00000000,?), ref: 00815D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00815DCF
GetDlgItem.USER32(?,000003E9), ref: 00815DDD
GetWindowRect.USER32(00000000,?), ref: 00815DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00815E31
GetDlgItem.USER32(?,000003EA), ref: 00815E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00815E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00815E67

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: df0719639641416704eabca035255ab84f0f749b18f3771593a4b201515f0403
Instruction ID: 0eb812a29dc43a0ca2b843a20ade7daea5dcc3de54e3bfe8f0eacaf70f353b37
Opcode Fuzzy Hash: df0719639641416704eabca035255ab84f0f749b18f3771593a4b201515f0403
Instruction Fuzzy Hash: BE510E75B01609AFDF18CF68DD89AAEBBB9FF89300F148129F915E6290D7709E40CB50

Function 007C8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 007C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C8BE8,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8FC5

DestroyWindow.USER32(?), ref: 007C8C81
KillTimer.USER32(00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00806973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 008069A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 008069B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000), ref: 008069D4
DeleteObject.GDI32(00000000), ref: 008069E6

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 59f78126dd5f9fda10547256c65b812d82d84c57e13774994908d9309df60b37
Instruction ID: bcb263434e6f0378092e68be610bd50ffb88919ec2be2df314bcc872dc5a5daf
Opcode Fuzzy Hash: 59f78126dd5f9fda10547256c65b812d82d84c57e13774994908d9309df60b37
Instruction Fuzzy Hash: 3561BD31102A10DFCBB59F18DD48B25BBF5FB41312F14456CE0429BAA0CB39ACA1DFA6

Function 007C9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952

GetSysColor.USER32(0000000F), ref: 007C9862

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: e0d57f440088004a5f9b58c821e61bbba51619d6b014fa08e57b2500c340d0d0
Instruction ID: 5b267e0ef934107272f051fbd7921e2ba9c0aa5ba0533bccb465315cd8ecbcb9
Opcode Fuzzy Hash: e0d57f440088004a5f9b58c821e61bbba51619d6b014fa08e57b2500c340d0d0
Instruction Fuzzy Hash: 79417D35505640AFDBA05F389C88FB93BA9FB47330F14465DFAA2871E2D735A942DB10

Function 007E8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Strings

.}, xrefs: 007E903A, 007E8FD0, 007E8FF2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: .}
API String ID: 0-2266125135
Opcode ID: f9e43d3984fe416a90cab7291451a35ea3c5704c9c9fbed47d7df97e1be1d1ea
Instruction ID: 2be937ed8ee9abca35004e715190fcad8cb3275e3a1b5ce37c4b2fe708a5de9b
Opcode Fuzzy Hash: f9e43d3984fe416a90cab7291451a35ea3c5704c9c9fbed47d7df97e1be1d1ea
Instruction Fuzzy Hash: 2AC13675905289EFCF51DFAAC844BADBBB0BF0D310F044199E619AB392C7389941CF61

Function 008196E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,007FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00819717
LoadStringW.USER32(00000000,?,007FF7F8,00000001), ref: 00819720

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,007FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00819742
LoadStringW.USER32(00000000,?,007FF7F8,00000001), ref: 00819745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00819866

Strings

Line %d (File "%s"):, xrefs: 0081978F
%s (%d) : ==> %s: %s %s, xrefs: 0081984A
Line %d:, xrefs: 008197A0
Error: , xrefs: 0081981D
^ ERROR, xrefs: 008197FB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 3cfda51a4965d2061224a6e9395e96e044ee31c20fcd36766a41474d2b0354b4
Instruction ID: 3da26277cd922559b3b0e6bc49e58a195898d5cb668853ce9604f15d9db22a2e
Opcode Fuzzy Hash: 3cfda51a4965d2061224a6e9395e96e044ee31c20fcd36766a41474d2b0354b4
Instruction Fuzzy Hash: AF411371800219AACB04EBE4DD9AEEEB77CFF55340F504465F605B2192EB396F88CB61

Function 008106DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008107A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008107BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008107DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00810804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0081082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00810837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0081083C

Strings

\CLSID, xrefs: 00810724
\IPC$, xrefs: 00810784
SOFTWARE\Classes\, xrefs: 0081070E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 18910849108dce7a890fcdc0a30a1b75a0a00d841621e82f73c55500dd898c4d
Instruction ID: c41c86ff60da3f0400585c3dd958b69d18e7d4d9c590baab1d0996459de86142
Opcode Fuzzy Hash: 18910849108dce7a890fcdc0a30a1b75a0a00d841621e82f73c55500dd898c4d
Instruction Fuzzy Hash: 0B413872C00229EBDF11EBA4DC89DEEB778FF04340B144129E915A31A1EB74AE84CF90

Function 00843F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0084403B
CreateCompatibleDC.GDI32(00000000), ref: 00844042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00844055
SelectObject.GDI32(00000000,00000000), ref: 0084405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00844068
DeleteDC.GDI32(00000000), ref: 00844072
GetWindowLongW.USER32(?,000000EC), ref: 0084407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00844092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0084409E

Strings

static, xrefs: 00843FD3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 52249f73ed6b33390965c6ef48fac6664ba563ea6c1944eb5cdd2e746fec01af
Instruction ID: 4b38fab7eda6b3b3ef4c4f8c1fe1da5bb9d282187d89e48847d2a202fdd98c2e
Opcode Fuzzy Hash: 52249f73ed6b33390965c6ef48fac6664ba563ea6c1944eb5cdd2e746fec01af
Instruction Fuzzy Hash: 43315A36502219ABDF619FA8DC09FDA3B6CFF0E324F110215FA59E61A0D775D820DB54

Function 00833C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00833C5C
CoInitialize.OLE32(00000000), ref: 00833C8A
CoUninitialize.OLE32 ref: 00833C94
_wcslen.LIBCMT ref: 00833D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00833DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00833ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00833F0E
CoGetObject.OLE32(?,00000000,0084FB98,?), ref: 00833F2D
SetErrorMode.KERNEL32(00000000), ref: 00833F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00833FC4
VariantClear.OLEAUT32(?), ref: 00833FD8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 310b64ab8eba9e7c3be35206d2d3682098833e9b83f6811a07eb76747ff0ddf8
Instruction ID: b0c05532ad7d56a888cb74c4010604013c8d576b1888322cbecfbabd622cf773
Opcode Fuzzy Hash: 310b64ab8eba9e7c3be35206d2d3682098833e9b83f6811a07eb76747ff0ddf8
Instruction Fuzzy Hash: FDC11271608205AFD700DF68C88496BBBE9FF89748F10491DF98ADB211DB71EE45CB92

Function 00827A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00827AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00827B8F
SHGetDesktopFolder.SHELL32(?), ref: 00827BA3
CoCreateInstance.OLE32(0084FD08,00000000,00000001,00876E6C,?), ref: 00827BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00827C74
CoTaskMemFree.OLE32(?,?), ref: 00827CCC
SHBrowseForFolderW.SHELL32(?), ref: 00827D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00827D7A
CoTaskMemFree.OLE32(00000000), ref: 00827D81
CoTaskMemFree.OLE32(00000000), ref: 00827DD6
CoUninitialize.OLE32 ref: 00827DDC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 5ed7ae773a31b71ac91a7124bae52729996454adf448d54e7855004a417f8db4
Instruction ID: 3e07028b8b9a9bdecc91e7ec1a2ce444fd55c8370204e76c459b60ea7b55d35e
Opcode Fuzzy Hash: 5ed7ae773a31b71ac91a7124bae52729996454adf448d54e7855004a417f8db4
Instruction Fuzzy Hash: 2DC14B75A00119EFCB14DFA4D888DAEBBF9FF48304B1484A9E916DB261D730ED81CB90

Function 0084541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00845504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00845515
CharNextW.USER32(00000158), ref: 00845544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00845585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0084559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008455AC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 4cfbe50355e38dd0333251ad56e587f816efc3953ca398ac610f21f2b0026575
Instruction ID: 8dfd5ab271c0b9f81d60831491258d3683578e9a2e4c0435a98da25e36755efd
Opcode Fuzzy Hash: 4cfbe50355e38dd0333251ad56e587f816efc3953ca398ac610f21f2b0026575
Instruction Fuzzy Hash: 21619F7490560CEFDF509F64CC849FE7BB9FB06728F108149F925EA292D7748A81DB60

Function 0080FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0080FAAF
SafeArrayAllocData.OLEAUT32(?), ref: 0080FB08
VariantInit.OLEAUT32(?), ref: 0080FB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 0080FB3A
VariantCopy.OLEAUT32(?,?), ref: 0080FB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 0080FBA1
VariantClear.OLEAUT32(?), ref: 0080FBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 0080FBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080FBCC
VariantClear.OLEAUT32(?), ref: 0080FBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080FBE9

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 73454fe1ff715a895f3dcde965c7f42dbf9aa5f6f8979d3327ca3674efa20e18
Instruction ID: e1a3dc52d10de2c2d2ec2c207d72e608bbb37b7187ac62d38be907bfa884417d
Opcode Fuzzy Hash: 73454fe1ff715a895f3dcde965c7f42dbf9aa5f6f8979d3327ca3674efa20e18
Instruction Fuzzy Hash: 63415F35A01219DFCB50DF68CC689AEBBB9FF49354F00C069E945E7262CB34A945CFA4

Function 00819C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00819CA1
GetAsyncKeyState.USER32(000000A0), ref: 00819D22
GetKeyState.USER32(000000A0), ref: 00819D3D
GetAsyncKeyState.USER32(000000A1), ref: 00819D57
GetKeyState.USER32(000000A1), ref: 00819D6C
GetAsyncKeyState.USER32(00000011), ref: 00819D84
GetKeyState.USER32(00000011), ref: 00819D96
GetAsyncKeyState.USER32(00000012), ref: 00819DAE
GetKeyState.USER32(00000012), ref: 00819DC0
GetAsyncKeyState.USER32(0000005B), ref: 00819DD8
GetKeyState.USER32(0000005B), ref: 00819DEA

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: d386c8a2160d8b4e9696b6cff84dd06ffe703883b29f3161f89eec673f896949
Instruction ID: 4ac756ada051ed6f5c97e8d2a3ef22eafb4b79da475fa8f9ee0feff2d421e4d1
Opcode Fuzzy Hash: d386c8a2160d8b4e9696b6cff84dd06ffe703883b29f3161f89eec673f896949
Instruction Fuzzy Hash: E241D5346047C96DFF708664D8243F5BEE8FF12344F08805ADAC6965C2EBA499C8C7A2

Function 0083055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 008305BC
inet_addr.WSOCK32(?), ref: 0083061C
gethostbyname.WSOCK32(?), ref: 00830628
IcmpCreateFile.IPHLPAPI ref: 00830636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008306C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008306E5
IcmpCloseHandle.IPHLPAPI(?), ref: 008307B9
WSACleanup.WSOCK32 ref: 008307BF

Strings

Ping, xrefs: 00830676

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 9f1c6d2bd0c054155880706f675eafd4543a66b097340ad0e4c8344b4ee3406b
Instruction ID: 890a9b139598f197213da5b6c45959010b813cdda79e84996e8a0abf4f09147b
Opcode Fuzzy Hash: 9f1c6d2bd0c054155880706f675eafd4543a66b097340ad0e4c8344b4ee3406b
Instruction Fuzzy Hash: 4A9167356082019FD320DF19C899B1ABBE4FF88318F1485A9E46ADB6A2C735EC41CFD1

Function 00838CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00838CF3

Part of subcall function 00818E54: _wcslen.LIBCMT ref: 00818E77

_wcslen.LIBCMT ref: 00838D4E
_wcslen.LIBCMT ref: 00838D9C
_wcslen.LIBCMT ref: 00838DDC
_wcslen.LIBCMT ref: 00838E6E

Strings

cdecl, xrefs: 00838D48, 00838D4D
stdcall, xrefs: 00838DD6, 00838DDB
winapi, xrefs: 00838D96, 00838D9B
none, xrefs: 00838E65, 00838E6A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: 3e86d6065a0e9a89aea144e1dd64b6321b5c080b7a0bf494f6e246c3cd337bbe
Instruction ID: 90a78edcf8663f084168a90b63eb67ea37c53a765f1495acc384709c61ec4946
Opcode Fuzzy Hash: 3e86d6065a0e9a89aea144e1dd64b6321b5c080b7a0bf494f6e246c3cd337bbe
Instruction Fuzzy Hash: 5D518031A00616DBCF14DF68C9909BEB7A5FFA4724B214229F526E7284EB35DD44C7D0

Function 0083372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00833774
CoUninitialize.OLE32 ref: 0083377F
CoCreateInstance.OLE32(?,00000000,00000017,0084FB78,?), ref: 008337D9
IIDFromString.OLE32(?,?), ref: 0083384C
VariantInit.OLEAUT32(?), ref: 008338E4
VariantClear.OLEAUT32(?), ref: 00833936

Strings

Failed to create object, xrefs: 008337E4, 0083389A
Invalid parameter, xrefs: 00833865
NULL Pointer assignment, xrefs: 0083381E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 6b29be6bb1937d9edfe9d6fd0db38bbc51a82e99456c34b2f48f8574a17e85e7
Instruction ID: 6cddecab79ad8871549343a6c0d4c90db660dbfc4de05ef1879aa6d1fe3bd628
Opcode Fuzzy Hash: 6b29be6bb1937d9edfe9d6fd0db38bbc51a82e99456c34b2f48f8574a17e85e7
Instruction Fuzzy Hash: DD6159B4608301AFD310DF54C889B6ABBE8FF89714F104929F995DB291C774EE48CB92

Function 00823388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008233CF

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008233F0

Strings

Line %d (File "%s"):, xrefs: 00823443, 0082345C
Incorrect parameters to object property !, xrefs: 008234AB
"%s" (%d) : ==> %s:, xrefs: 00823522
Error: , xrefs: 008234D1
^ ERROR , xrefs: 0082349E
"%s" (%d) : ==> %s:%s%s, xrefs: 00823504

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 7142b1ed3cb79f5af9ccfd49f4bf376ca0e2db01c250d55f187c9cc3b900ca74
Instruction ID: 4306ef850d39e4e6f7aad73a72c4e0ff3be64cf4962e258a73550ceb2f8df60b
Opcode Fuzzy Hash: 7142b1ed3cb79f5af9ccfd49f4bf376ca0e2db01c250d55f187c9cc3b900ca74
Instruction Fuzzy Hash: FA51A371800219EADF14EBA0DD5AEEEB7B8FF14340F204065F119B2151EB396F98DB61

Function 0081B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 0081B5FC
_wcslen.LIBCMT ref: 0081B608
_wcslen.LIBCMT ref: 0081B64D
_wcslen.LIBCMT ref: 0081B68C
_wcslen.LIBCMT ref: 0081B6C7

Strings

EXISTS, xrefs: 0081B686, 0081B68B
KEYS, xrefs: 0081B647, 0081B64C
REMOVE, xrefs: 0081B602, 0081B607
APPEND, xrefs: 0081B6C1, 0081B6C6

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 61c0155671e3f2669a1662d988e1b2342c69914ace5b6fea8ffac2fa343b47da
Instruction ID: cb380ac7da1442273fc2c591bf2d50ce2b3ccfaaaa10d0ee1fe13686e9b32751
Opcode Fuzzy Hash: 61c0155671e3f2669a1662d988e1b2342c69914ace5b6fea8ffac2fa343b47da
Instruction Fuzzy Hash: 4D41A032A001269BCB206F7988A05FEB7A9FFB17A4F244229E525D7284F735CDC1C690

Function 00825393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 008253A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00825416
GetLastError.KERNEL32 ref: 00825420
SetErrorMode.KERNEL32(00000000,READY), ref: 008254A7

Strings

NOTREADY, xrefs: 0082544B
INVALID, xrefs: 00825459
READONLY, xrefs: 00825452
READY, xrefs: 00825460, 00825468
UNKNOWN, xrefs: 00825444

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: c3472e5c528a082446a2894f8633d010d2591f534d079579d86b0b40f5de2b2b
Instruction ID: 50c0c3b545787483bf7cbd5eab23f08f67032dfe1d1d9d40023dd666d82a3c06
Opcode Fuzzy Hash: c3472e5c528a082446a2894f8633d010d2591f534d079579d86b0b40f5de2b2b
Instruction Fuzzy Hash: 6D31D2B5A40614DFD710EF68D488BAABBB4FF05305F148066E505CB292E771DDC6CBA0

Function 00843C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00843C79
SetMenu.USER32(?,00000000), ref: 00843C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00843D10
IsMenu.USER32(?), ref: 00843D24
CreatePopupMenu.USER32 ref: 00843D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00843D5B
DrawMenuBar.USER32 ref: 00843D63

Strings

0, xrefs: 00843C54
F, xrefs: 00843D4E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 71c8fd9c983dba33de3926d474a02cbfeb2434a30892d7ed57d4c19cce65d648
Instruction ID: fd888473996f90fdc6f8c2a8df4fb9a123c2a2671e5dc7477db360518a91c825
Opcode Fuzzy Hash: 71c8fd9c983dba33de3926d474a02cbfeb2434a30892d7ed57d4c19cce65d648
Instruction Fuzzy Hash: BA412779A02209EFDB14DF64D884BAEBBB9FF49350F140029E956A7360D770AA11CB94

Function 00811EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00811F64
GetDlgCtrlID.USER32 ref: 00811F6F
GetParent.USER32 ref: 00811F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00811F8E
GetDlgCtrlID.USER32(?), ref: 00811F97
GetParent.USER32(?), ref: 00811FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00811FAE

Strings

ComboBox, xrefs: 00811EEC
ListBox, xrefs: 00811F21

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: baf27075a124c8aeae314851a3b7f90137e49caa0000450ad59482434fb60a6d
Instruction ID: 4d3bc2548a1a7201342eff14d7863019603d101ce725feafc6decb823a6afb35
Opcode Fuzzy Hash: baf27075a124c8aeae314851a3b7f90137e49caa0000450ad59482434fb60a6d
Instruction Fuzzy Hash: F321B374A00118BBCF44AFA0CC89AEEBBB8FF16314F104119BA65A7291DB785949DB60

Function 00811FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00812043
GetDlgCtrlID.USER32 ref: 0081204E
GetParent.USER32 ref: 0081206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 0081206D
GetDlgCtrlID.USER32(?), ref: 00812076
GetParent.USER32(?), ref: 0081208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 0081208D

Strings

ComboBox, xrefs: 00811FCD
ListBox, xrefs: 00812002

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: f1fd6916b25bbd3dfc6e1c15c44d4a978097a7e7ba87c753da7ef50d33173ae3
Instruction ID: 5d8af3269f41b278c269c2139d875599891a2ce7111731a0f9cbd4470951da0b
Opcode Fuzzy Hash: f1fd6916b25bbd3dfc6e1c15c44d4a978097a7e7ba87c753da7ef50d33173ae3
Instruction Fuzzy Hash: 9121D7B5900218BBCF14AFA0CC89EFEBBBCFF19344F104005BA65A7191D7794554DB60

Function 00843A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00843A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00843AA0
GetWindowLongW.USER32(?,000000F0), ref: 00843AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00843AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00843B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00843BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00843BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00843BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00843BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00843C13

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: b36c6fa13d8c906a34c9adcb2f31529d9fdf4a57c04368defd06e6e247e5a32e
Instruction ID: 06b1834d92bbfcd46ba937aa7ff566edff02a09fb7628493f902ccb89660bb0e
Opcode Fuzzy Hash: b36c6fa13d8c906a34c9adcb2f31529d9fdf4a57c04368defd06e6e247e5a32e
Instruction Fuzzy Hash: FB617775A00208AFDB11DFA8CC85EEEB7B8FB09714F104199FA15E72A1C774AA46DF50

Function 0081B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0081B151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B165
GetWindowThreadProcessId.USER32(00000000), ref: 0081B16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 0081B18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B21D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 2ce2ec533c8e28eec879781e5703d6e6d5a3ea3c9dbf2e818ce61bdc61ed408b
Instruction ID: d7dfd91ac48a9c2f86063d4c9b0975a32e418046316e917454caa7fa5a5ea460
Opcode Fuzzy Hash: 2ce2ec533c8e28eec879781e5703d6e6d5a3ea3c9dbf2e818ce61bdc61ed408b
Instruction Fuzzy Hash: 3D31A9B5601604BFDB10AF68DC58FAD7BADFF62711F218009FA01DA190D7B49A84CF64

Function 007E2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007E2C94

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007E2CA0
_free.LIBCMT ref: 007E2CAB
_free.LIBCMT ref: 007E2CB6
_free.LIBCMT ref: 007E2CC1
_free.LIBCMT ref: 007E2CCC
_free.LIBCMT ref: 007E2CD7
_free.LIBCMT ref: 007E2CE2
_free.LIBCMT ref: 007E2CED
_free.LIBCMT ref: 007E2CFB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6a5642ee0f4265d412e1b5124f56cbb85029b90440b2839ac6e66c2600181a35
Instruction ID: 652d438804ef9c724adc7d609681b5c562699d3d061682c5deed2efa36a3ee23
Opcode Fuzzy Hash: 6a5642ee0f4265d412e1b5124f56cbb85029b90440b2839ac6e66c2600181a35
Instruction Fuzzy Hash: 9D11B376101148EFCB02EF56D846C9D3BA9BF09350F5254A0FA48AB233D639EA519F90

Function 00827DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00827FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00827FC1
GetFileAttributesW.KERNEL32(?), ref: 00827FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00828005
SetCurrentDirectoryW.KERNEL32(?), ref: 00828017
SetCurrentDirectoryW.KERNEL32(?), ref: 00828060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008280B0

Strings

*.*, xrefs: 00828066

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 15159bcc5d01456358efb080b8c0ba9bf1e9d4648a77b2db2fdfa16cbe39be94
Instruction ID: 04672a6c4cc442ebd48c1820beb9078b5bb82227de0c67f45853a57616257c1e
Opcode Fuzzy Hash: 15159bcc5d01456358efb080b8c0ba9bf1e9d4648a77b2db2fdfa16cbe39be94
Instruction Fuzzy Hash: 0281C076508255DBCB20EF15D844AAAB3E8FF88714F55486EF885C7250EB34ED84CBA2

Function 007B5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 007B5C7A

Part of subcall function 007B5D0A: GetClientRect.USER32(?,?), ref: 007B5D30
Part of subcall function 007B5D0A: GetWindowRect.USER32(?,?), ref: 007B5D71
Part of subcall function 007B5D0A: ScreenToClient.USER32(?,?), ref: 007B5D99

GetDC.USER32 ref: 007F46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007F4708
SelectObject.GDI32(00000000,00000000), ref: 007F4716
SelectObject.GDI32(00000000,00000000), ref: 007F472B
ReleaseDC.USER32(?,00000000), ref: 007F4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007F47C4

Strings

U, xrefs: 007F4693

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 51bfc8d57aa8a0e34585e1a044a973e03e8b4678cecb6ab39cbe38197646279b
Instruction ID: 02f2abdcbaf424dbf86495f22651afc7e668d08a574b6fb4baaeab3f8151260d
Opcode Fuzzy Hash: 51bfc8d57aa8a0e34585e1a044a973e03e8b4678cecb6ab39cbe38197646279b
Instruction Fuzzy Hash: CF71E135500209DFCF219F68C984BFB7BB6FF4A360F144269EE559A266C7398841DF60

Function 0082359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008235E4

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

LoadStringW.USER32(00882390,?,00000FFF,?), ref: 0082360A

Strings

Line %d (File "%s"):, xrefs: 0082366B
"%s" (%d) : ==> %s:, xrefs: 00823742
Error: , xrefs: 008236EF
^ ERROR, xrefs: 008236C9
"%s" (%d) : ==> %s:%s%s, xrefs: 00823724

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 77649d3f5a9ae6c421c0708659f2871c0036acc6fc8808a0481f2c536b6c3605
Instruction ID: a48a8a34419c28ff3563222028f5279c371d02c04acc1052cbd9fadf4c8e0768
Opcode Fuzzy Hash: 77649d3f5a9ae6c421c0708659f2871c0036acc6fc8808a0481f2c536b6c3605
Instruction Fuzzy Hash: FE513B71800219FACF14EBA4DC9AEEEBB78FF14300F144125F215A21A1EB395AD9DF61

Function 0082C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0082C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0082C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0082C2CA
GetLastError.KERNEL32 ref: 0082C322
SetEvent.KERNEL32(?), ref: 0082C336
InternetCloseHandle.WININET(00000000), ref: 0082C341

Strings

, xrefs: 0082C2BB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 8034bf4c8262d34c9def46e377874ab1b2221defc5f4d5c38e9963dbdc3cabf2
Instruction ID: 3a89b5d80945110745e383bff48d8acbcafa968d149f7bdf3c7c825cde2d7352
Opcode Fuzzy Hash: 8034bf4c8262d34c9def46e377874ab1b2221defc5f4d5c38e9963dbdc3cabf2
Instruction Fuzzy Hash: 8F317CB5500618AFD721DFA8A888ABF7AFCFB49744B10891EA446D2200DB74DD848B61

Function 0081989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007F3AAF,?,?,Bad directive syntax error,0084CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008198BC
LoadStringW.USER32(00000000,?,007F3AAF,?), ref: 008198C3

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00819987

Strings

Line %d (File "%s"):, xrefs: 0081992D
%s (%d) : ==> %s.: %s %s, xrefs: 008198F1
Line %d:, xrefs: 00819912
Error: , xrefs: 00819955
., xrefs: 0081996D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: fd1863f1c27539792cbbf70b8af028657b1bb30e9cc320a01425770b1479bf00
Instruction ID: e1bbf06c5e3e51803466a8de2ed01a127228210785854a541e8f189fb746ae31
Opcode Fuzzy Hash: fd1863f1c27539792cbbf70b8af028657b1bb30e9cc320a01425770b1479bf00
Instruction Fuzzy Hash: 8B21713180021DFBCF15AF90CC1AEEE7B79FF14304F044459F629A61A2EB3996A8CB10

Function 0081209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 008120AB
GetClassNameW.USER32(00000000,?,00000100), ref: 008120C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0081214D

Strings

largeicons, xrefs: 008120E1
list, xrefs: 0081212F
smallicons, xrefs: 00812115
SHELLDLL_DefView, xrefs: 008120CC
details, xrefs: 008120FB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 6892a3a97441899cfb81af8dcdf1fe6a99f3574a5f61602b55ff6310859656e3
Instruction ID: cab16a55a736dad167132639c66e664090987a771a4beaa6e93f9de000dcc777
Opcode Fuzzy Hash: 6892a3a97441899cfb81af8dcdf1fe6a99f3574a5f61602b55ff6310859656e3
Instruction Fuzzy Hash: A7113A7A684706FAF705A220DC0ACFA33ACFF15324B20801AFB08F41D1FBA9B8915614

Function 007ECE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 007ECEB7
_free.LIBCMT ref: 007ECF22
_free.LIBCMT ref: 007ECF48
_free.LIBCMT ref: 007ECF71
_free.LIBCMT ref: 007ECFA9
_free.LIBCMT ref: 007ECFDA
_free.LIBCMT ref: 007ED01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 007ED09C
_free.LIBCMT ref: 007ED0B5

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 25ea1f23cc40d35af3d06cbb7fc5d54a5d6367fe4ba6e8b16529b494e14795a4
Instruction ID: fe8dd19ac04ea27b3e7256d47128b552c4b5116a2b9408b64761d3a90be52154
Opcode Fuzzy Hash: 25ea1f23cc40d35af3d06cbb7fc5d54a5d6367fe4ba6e8b16529b494e14795a4
Instruction Fuzzy Hash: A4614C77906384EFDB32AFBA984966D7BA9AF0D310F04456DF940A7243D63D9D028B50

Function 008450D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00845186
ShowWindow.USER32(?,00000000), ref: 008451C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 008451CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 008451D1

Part of subcall function 00846FBA: DeleteObject.GDI32(00000000), ref: 00846FE6

GetWindowLongW.USER32(?,000000F0), ref: 0084520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 0084521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0084524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00845287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00845296

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 8f0a84837acae2106faca4cfe8207961aef71eed7c610e1a167031ebecd97dc6
Instruction ID: 75e6c107adff9cb8b1013354cbe0fab6900dfba01e3ccc17adeb4e9faf1527d8
Opcode Fuzzy Hash: 8f0a84837acae2106faca4cfe8207961aef71eed7c610e1a167031ebecd97dc6
Instruction Fuzzy Hash: 6A519C30A41A1CFFEF609F28CC4AB9D7B65FB05325F148016FA25D62E2C7B5A980DB41

Function 007C8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00806890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008068A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008068B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008068D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008068F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007C8874,00000000,00000000,00000000,000000FF,00000000), ref: 00806901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0080691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007C8874,00000000,00000000,00000000,000000FF,00000000), ref: 0080692D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 711e42a9a0a428c5c1f22cd27fe0e912172af0326fa9979c58ea1f0744ffc6d0
Instruction ID: 5e0b3aa9ee89f5fef339af56f5f62f411b8c91e415d8fa41549e1ec92fd17814
Opcode Fuzzy Hash: 711e42a9a0a428c5c1f22cd27fe0e912172af0326fa9979c58ea1f0744ffc6d0
Instruction Fuzzy Hash: DC5169B0600209EFDB608F28CC55FAA7BB9FB54750F10452CF906D62A0EB74ADA0DB50

Function 0082C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0082C182
GetLastError.KERNEL32 ref: 0082C195
SetEvent.KERNEL32(?), ref: 0082C1A9

Part of subcall function 0082C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0082C272
Part of subcall function 0082C253: GetLastError.KERNEL32 ref: 0082C322
Part of subcall function 0082C253: SetEvent.KERNEL32(?), ref: 0082C336
Part of subcall function 0082C253: InternetCloseHandle.WININET(00000000), ref: 0082C341

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: 1392931aa63f858ddfd21a0f10396e5e67c51c1ebaafeffc0c2336b9c4281c31
Instruction ID: 1fad6b94899d83c3edd4abb21bee5866492c9e844697abbb36857ef45cc2a9d1
Opcode Fuzzy Hash: 1392931aa63f858ddfd21a0f10396e5e67c51c1ebaafeffc0c2336b9c4281c31
Instruction Fuzzy Hash: 1E317A75201A15EFDB219FA9ED44A7ABBECFF19300B00441EF956C3610DB71E894DBA0

Function 008125A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 008125BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008125DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008125DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 008125E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00812601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00812605
MapVirtualKeyW.USER32(00000025,00000000), ref: 0081260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00812623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00812627

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 7b0984cd7907b28f8c79523810c55c46ad1e50261fb4f8d92e5bf4eee38d5269
Instruction ID: 493717cd3c3f6c731c72a4779ce87681a4376879d2b4514bf4dd99fd7cefdc96
Opcode Fuzzy Hash: 7b0984cd7907b28f8c79523810c55c46ad1e50261fb4f8d92e5bf4eee38d5269
Instruction Fuzzy Hash: F001D430391624BBFB5067689C8AF993F5DFF5EB12F100005F318EE0D1C9E22484CAAA

Function 00811803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00811449,?,?,00000000), ref: 0081180C
HeapAlloc.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 00811813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00811449,?,?,00000000), ref: 00811828
GetCurrentProcess.KERNEL32(?,00000000,?,00811449,?,?,00000000), ref: 00811830
DuplicateHandle.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 00811833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00811449,?,?,00000000), ref: 00811843
GetCurrentProcess.KERNEL32(00811449,00000000,?,00811449,?,?,00000000), ref: 0081184B
DuplicateHandle.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 0081184E
CreateThread.KERNEL32(00000000,00000000,00811874,00000000,00000000,00000000), ref: 00811868

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: fbffd52bbafdab8eaa33673d74369d63bcf9bc1551bdd7e9b8d689e1d5a860b4
Instruction ID: e1545f617d9ed093512c0ae81740e26d641096b2133053a529326da6fffc7ba4
Opcode Fuzzy Hash: fbffd52bbafdab8eaa33673d74369d63bcf9bc1551bdd7e9b8d689e1d5a860b4
Instruction Fuzzy Hash: 9C01BF75241304BFE750AFA5DC4DF577B6CFB8AB11F004411FA05DB291C6749800CB20

Function 007E3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 007E3F0B
__alldvrm.LIBCMT ref: 007E410C
__alldvrm.LIBCMT ref: 007E412E

Strings

}}}, xrefs: 007E3E8A
}}}, xrefs: 007E3E96, 007E3EF1, 007E3F0A, 007E4090
}}}, xrefs: 007E40CD

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID: }}}$}}}$}}}
API String ID: 1036877536-3712723652
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 2ef9044cc96cb930592fc49d528f646039efd0b3cf06b1c9450ee25cef0daeb1
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: 54A13672E023CA9FDB25CE1AC8957AEBBF4EF69350F1441ADE5859B282C23C9941C750

Function 0083A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 0081D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0081D501
Part of subcall function 0081D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0081D50F
Part of subcall function 0081D4DC: CloseHandle.KERNEL32(00000000), ref: 0081D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083A16D
GetLastError.KERNEL32 ref: 0083A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 0083A268
GetLastError.KERNEL32(00000000), ref: 0083A273
CloseHandle.KERNEL32(00000000), ref: 0083A2C4

Strings

SeDebugPrivilege, xrefs: 0083A18F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 7038e3876c954a1165d21933ded2b3adb27c224c5621ed6c7fdf5a6aeecb7a45
Instruction ID: 4d846aa3c4f8722dd4e7e7ae55cdf7a52d50d44e2fa4fc403450ff3e8d7537ae
Opcode Fuzzy Hash: 7038e3876c954a1165d21933ded2b3adb27c224c5621ed6c7fdf5a6aeecb7a45
Instruction Fuzzy Hash: CA617C352042419FD724DF18C498F6ABBE5FF94318F18848CE4A68B7A2C776EC45CB92

Function 00843886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00843925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0084393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00843954
_wcslen.LIBCMT ref: 00843999
SendMessageW.USER32(?,00001057,00000000,?), ref: 008439C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 008439F4

Strings

SysListView32, xrefs: 008438F7

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 516584b5e9d54be3f3f86b86adc7f4aa4f35022470e1b525bffc4f1d72398f33
Instruction ID: c4156df9ba1ecace648a7964666f7849b244d3472a945f105902a763cd32c8c1
Opcode Fuzzy Hash: 516584b5e9d54be3f3f86b86adc7f4aa4f35022470e1b525bffc4f1d72398f33
Instruction Fuzzy Hash: AB419071A0021DABEF219F64CC49FEA7BA9FF18354F10052AF958E7281D7759A84CB90

Function 0081BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081BCFD
IsMenu.USER32(00000000), ref: 0081BD1D
CreatePopupMenu.USER32 ref: 0081BD53
GetMenuItemCount.USER32(017356B0), ref: 0081BDA4
InsertMenuItemW.USER32(017356B0,?,00000001,00000030), ref: 0081BDCC

Strings

0, xrefs: 0081BCA8
2, xrefs: 0081BD37

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: d40a031f9b1c6e555172a7e0ff5f2f74f58140553fb3cbf8237a4a43a56fee47
Instruction ID: 8c04d156cbcd072e3a0200ddd7f069fc3ae875498a4e437ceabaad1bdcd5e795
Opcode Fuzzy Hash: d40a031f9b1c6e555172a7e0ff5f2f74f58140553fb3cbf8237a4a43a56fee47
Instruction Fuzzy Hash: 6B519D70A002099BDB18CFA8E884BEEBBFCFF59354F144159E411D7291D7709981CB62

Function 007D2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 007D2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 007D2D53
_ValidateLocalCookies.LIBCMT ref: 007D2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 007D2E0C
_ValidateLocalCookies.LIBCMT ref: 007D2E61

Strings

&H}, xrefs: 007D2DFE, 007D2E07, 007D2E18
csm, xrefs: 007D2DF6

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: &H}$csm
API String ID: 1170836740-1162412510
Opcode ID: 8608dd33a8c4024f99c47c004bc79eaaa6db64ddcb8d5e521ab2ea8eeb40b62f
Instruction ID: 118d084391ac4172cf6fee337a7ac770208e97e22df8aaa1233abafc2b610a67
Opcode Fuzzy Hash: 8608dd33a8c4024f99c47c004bc79eaaa6db64ddcb8d5e521ab2ea8eeb40b62f
Instruction Fuzzy Hash: 73418334A00209EBCF10DF68C849A9EBBB5BF55325F148156E814AB393D739EA07CBD1

Function 0081C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 0081C913

Strings

stop, xrefs: 0081C8E4
info, xrefs: 0081C8B4
warning, xrefs: 0081C8FC
blank, xrefs: 0081C895
question, xrefs: 0081C8CC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 2ae56a1f4dc3212ac7c34fc668664f4e552b34b3bb489755a5fd78101758795b
Instruction ID: 9807f232328a5f0a175306db4e8cf3e36ccffc431eef0a70c28afb61f8944fc9
Opcode Fuzzy Hash: 2ae56a1f4dc3212ac7c34fc668664f4e552b34b3bb489755a5fd78101758795b
Instruction Fuzzy Hash: 3F11EB316C970ABBE7055B64DCC3DEE6BACFF153A8B10402BF504EA382E7749D805268

Function 0081DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 0081DE42
gethostname.WSOCK32(?,00000100), ref: 0081DE5C
gethostbyname.WSOCK32(?), ref: 0081DE69
inet_ntoa.WSOCK32(?), ref: 0081DEAB
_strcat.LIBCMT ref: 0081DEB9
WSACleanup.WSOCK32 ref: 0081DEDE

Strings

0.0.0.0, xrefs: 0081DE87

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 544cc2d6566cefca5901b3a7a38654140cded48795a79ac0ab11eb7e5ea58679
Instruction ID: ff9669d03a003c2c052ca9fd71111b7b7fce2ec781579f1f722ec9a6799b6424
Opcode Fuzzy Hash: 544cc2d6566cefca5901b3a7a38654140cded48795a79ac0ab11eb7e5ea58679
Instruction Fuzzy Hash: 82110671904208ABCB20AB74DC4AFEE77BCFF11712F00016AF445EA191EF789AC1CA60

Function 00849F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

GetSystemMetrics.USER32(0000000F), ref: 00849FC7
GetSystemMetrics.USER32(0000000F), ref: 00849FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0084A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0084A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0084A263
ShowWindow.USER32(00000003,00000000), ref: 0084A282
InvalidateRect.USER32(?,00000000,00000001), ref: 0084A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 0084A2CA

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: cfa2600791feda47e4410ac7a1c10ca1013f761378e6637d5e52cee1dbe0d7db
Instruction ID: 16be15c9631476998185123445340289ee5e948179f8a3665175c0a5948b9631
Opcode Fuzzy Hash: cfa2600791feda47e4410ac7a1c10ca1013f761378e6637d5e52cee1dbe0d7db
Instruction Fuzzy Hash: BEB1A831640229EFDF18CF68C9857AA7BB2FF48701F088169EC49DF295DB71AA40DB51

Function 0081ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0081ED2A
_wcslen.LIBCMT ref: 0081ED3B
_wcslen.LIBCMT ref: 0081ED79
_wcslen.LIBCMT ref: 0081EDAF
_wcslen.LIBCMT ref: 0081EDDF
_wcslen.LIBCMT ref: 0081EDEF
_wcslen.LIBCMT ref: 0081EE2B
_wcslen.LIBCMT ref: 0081EE5A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: 04c5372de8eb1873e21e32fb3d03d5a2fb39121935eb3c7a8b5c5d4eb1ae946c
Instruction ID: 389caaa2f7e6486d3cd412b7bc9ee63a3f130b795d9126dbcf6affb63562bb78
Opcode Fuzzy Hash: 04c5372de8eb1873e21e32fb3d03d5a2fb39121935eb3c7a8b5c5d4eb1ae946c
Instruction Fuzzy Hash: 38413066C10118B6CB11ABA4CC8A9CFB7BCBF45710F508567E914E3221EB38F655C7A5

Function 007CF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 007CF953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0080F3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0080F454

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: dcc60f7b1e1924092b7bd7857935c668a3cbd63d90f476103a4c1dca10821bc4
Instruction ID: a6453ec4c8fbcb9c122900d419848f6c3bd1d1ff11f5d25f6df2d3bbed559c43
Opcode Fuzzy Hash: dcc60f7b1e1924092b7bd7857935c668a3cbd63d90f476103a4c1dca10821bc4
Instruction Fuzzy Hash: 5D410B31604640BECFB99B2D8C88F6A7B97BB57314F15843DE547D6AA1C639B880CB11

Function 00842D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00842D1B
GetDC.USER32(00000000), ref: 00842D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00842D2E
ReleaseDC.USER32(00000000,00000000), ref: 00842D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00842D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00842D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00845A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00842DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00842DE1

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 2a8bf2ac24aa6f3025763c7968ff8f80a9c87bca0a46c706d2a769a39dc1b95d
Instruction ID: 8d1d835def44a4b617544cbfb1d019268fe8f89c87f6e9589d48514b21c2f79b
Opcode Fuzzy Hash: 2a8bf2ac24aa6f3025763c7968ff8f80a9c87bca0a46c706d2a769a39dc1b95d
Instruction Fuzzy Hash: C5318B76202618BBEB618F548C8AFEB3BADFB1A715F044055FE08DA291C6759C40CBA0

Function 00815622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00815637
_memcmp.LIBVCRUNTIME ref: 00815659
_memcmp.LIBVCRUNTIME ref: 00815671
_memcmp.LIBVCRUNTIME ref: 00815684
_memcmp.LIBVCRUNTIME ref: 0081569E
_memcmp.LIBVCRUNTIME ref: 008156B1
_memcmp.LIBVCRUNTIME ref: 008156C9
_memcmp.LIBVCRUNTIME ref: 008156E4

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 9b1c59b45cdc702fe540f14d4b847d40414fb1de738304dc1a0ade642da27afd
Instruction ID: 9933a1819148baa94e5a3b837b3675173f2c4f3209ea0b72ae873b3b79142542
Opcode Fuzzy Hash: 9b1c59b45cdc702fe540f14d4b847d40414fb1de738304dc1a0ade642da27afd
Instruction Fuzzy Hash: 0F21A461640A1DFBD21456219E82FFA336CFFB1398F840025FE05DA782F768ED5085E5

Function 00834FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00835007
NULL Pointer assignment, xrefs: 0083502E, 00835383

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: da6cc382f42540bc0aafdb1968fd08e0b0682d8ec6718eb771f79730019e961a
Instruction ID: d87ce0b7debc63f3d11874e6f96025d6e8097110919a3ee400aabcfa78b44c87
Opcode Fuzzy Hash: da6cc382f42540bc0aafdb1968fd08e0b0682d8ec6718eb771f79730019e961a
Instruction Fuzzy Hash: 4DD1B171A0060A9FDF14CFA8C891BAEB7B5FF88344F148469E915EB281E771DD45CB90

Function 007F1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 007F15CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007F1651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F16E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007F16FB

Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F1777
__freea.LIBCMT ref: 007F17A2
__freea.LIBCMT ref: 007F17AE

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 13f48d208eae259ae6b90c8f67263c1a8beb31bb93aa49b45ec4708bf5d1ee54
Instruction ID: f960eb553dcd8e8399dd4a0c7bd2b636a07a0008b8c6d75e4a4fc859b04bd888
Opcode Fuzzy Hash: 13f48d208eae259ae6b90c8f67263c1a8beb31bb93aa49b45ec4708bf5d1ee54
Instruction Fuzzy Hash: 3B91D272E0020EDADB209E75C885AFE7BB5AF49310F980659EA05E7341DB3DCC40CBA0

Function 00834523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00834648
VariantInit.OLEAUT32(?), ref: 00834749
VariantClear.OLEAUT32(?), ref: 00834753
VariantClear.OLEAUT32(?), ref: 008347B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 008345D8, 00834706, 008347BE
Incorrect Object type in FOR..IN loop, xrefs: 0083472C

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: e5224c18ddf5e37a2c2a1b718ee313e18b32647f7af8597f0df160c610ae46c7
Instruction ID: b69d16cf29bdf4d5597274a6f0b3bd00897730b82014934abe181b4b8a4ff24a
Opcode Fuzzy Hash: e5224c18ddf5e37a2c2a1b718ee313e18b32647f7af8597f0df160c610ae46c7
Instruction Fuzzy Hash: 4C918071A00219ABDF20CFA4C849FAEBBB8FF86714F108559F515EB281D770A945CFA0

Function 00821187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0082125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00821284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008212A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008212D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0082135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008213C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00821430

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 6baedcfb2dcb52a449c19a6e8ea6c4920b25094feb3bda93baa6ec8c69242a24
Instruction ID: 69118c65de981e0fd4ed82761f028aa11aeaf672254865f0d3299f610373332c
Opcode Fuzzy Hash: 6baedcfb2dcb52a449c19a6e8ea6c4920b25094feb3bda93baa6ec8c69242a24
Instruction Fuzzy Hash: F391F875A00229DFDF10DF98E888BBEB7B6FF55314F204029E540E7291D778A981CB95

Function 007C948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: d1438ddd6a0d4058aef5065cda5dac30633742fd29149990b6214ed33295c35e
Instruction ID: c39692197ff473fc4b91154692a539489bfa86297fe9fe4bd10bf905995b3f3f
Opcode Fuzzy Hash: d1438ddd6a0d4058aef5065cda5dac30633742fd29149990b6214ed33295c35e
Instruction Fuzzy Hash: 90912871D00219EFCB54CFA9CC88AEEBBB8FF49320F148459E515B7291D778AA51CB60

Function 00833947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0083396B
CharUpperBuffW.USER32(?,?), ref: 00833A7A
_wcslen.LIBCMT ref: 00833A8A
VariantClear.OLEAUT32(?), ref: 00833C1F

Part of subcall function 00820CDF: VariantInit.OLEAUT32(00000000), ref: 00820D1F
Part of subcall function 00820CDF: VariantCopy.OLEAUT32(?,?), ref: 00820D28
Part of subcall function 00820CDF: VariantClear.OLEAUT32(?), ref: 00820D34

Strings

Incorrect Parameter format, xrefs: 008339A6, 00833BA1
AUTOIT.ERROR, xrefs: 00833A80, 00833A85

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: 6938be363450651657b940a4b5642adce8350f9ab51e42f3ba9d27e062ce3d29
Instruction ID: 6daf9bec3c81aaeed986939b92f2ebdfce75beaf5306c47a06590a572782942d
Opcode Fuzzy Hash: 6938be363450651657b940a4b5642adce8350f9ab51e42f3ba9d27e062ce3d29
Instruction Fuzzy Hash: B19122746083059FC704EF28C48596ABBE4FF89314F14882DF89ADB351DB35EA45CB92

Function 00834BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 0081000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?,?,0081035E), ref: 0081002B
Part of subcall function 0081000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810046
Part of subcall function 0081000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810054
Part of subcall function 0081000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?), ref: 00810064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00834C51
_wcslen.LIBCMT ref: 00834D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00834DCF
CoTaskMemFree.OLE32(?), ref: 00834DDA

Strings

NULL Pointer assignment, xrefs: 00834E23, 00834E52

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 8197c466b9303bf2e389d5a8b1627b59e7f71fae024a986f9e8e7a4a52c2cac5
Instruction ID: ea7331fc2bc5830537dbbc4625f427f2d856cb5394e85750d15b112607c18346
Opcode Fuzzy Hash: 8197c466b9303bf2e389d5a8b1627b59e7f71fae024a986f9e8e7a4a52c2cac5
Instruction Fuzzy Hash: B4910271D0021DEBDF10DFA4C895AEEB7B8FF48314F10816AE915A7251EB34AA45CFA0

Function 008420FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00842183
GetMenuItemCount.USER32(00000000), ref: 008421B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008421DD
_wcslen.LIBCMT ref: 00842213
GetMenuItemID.USER32(?,?), ref: 0084224D
GetSubMenu.USER32(?,?), ref: 0084225B

Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008422E3

Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 7f36c1bdbba4d988da66094ac2efb81a028b6562f2c494689bc4a50870b3f833
Instruction ID: e6cda4d440ac6c76116605662989f93abe92810b6398822c8ff8b9d760ee3586
Opcode Fuzzy Hash: 7f36c1bdbba4d988da66094ac2efb81a028b6562f2c494689bc4a50870b3f833
Instruction Fuzzy Hash: 1B718D35A04219EFCB10EF68C885AAEB7B5FF88314F548499F816EB341DB74A941CB90

Function 00847E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01735570), ref: 00847F37
IsWindowEnabled.USER32(01735570), ref: 00847F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0084801E
SendMessageW.USER32(01735570,000000B0,?,?), ref: 00848051
IsDlgButtonChecked.USER32(?,?), ref: 00848089
GetWindowLongW.USER32(01735570,000000EC), ref: 008480AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008480C3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 315589bd96fecb5f8b0bed77a461c0223da951321f09e8f23d330467babf746d
Instruction ID: 36cca413520b2b0f99ddd7e6c35bfe123b34de5d60a9fdc0c7cbeda76e369020
Opcode Fuzzy Hash: 315589bd96fecb5f8b0bed77a461c0223da951321f09e8f23d330467babf746d
Instruction Fuzzy Hash: 65717B34609648EFEF219F64CC84FAABBB9FF1A300F14445AE955D7261CB31AC49DB20

Function 0081AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0081AEF9
GetKeyboardState.USER32(?), ref: 0081AF0E
SetKeyboardState.USER32(?), ref: 0081AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 0081AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 0081AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 0081AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 0081B020

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 7c2ff83f1b8bb5f65496e3c68cdd68329b750ec523ddf89554eb63cc92962717
Instruction ID: daaef3bf9fbe884a05e94011962fe118d78b88c63b485cab95f6d9b616464a8f
Opcode Fuzzy Hash: 7c2ff83f1b8bb5f65496e3c68cdd68329b750ec523ddf89554eb63cc92962717
Instruction Fuzzy Hash: 0951D3A06056D53DFB364234C845BFA7EADBF06304F088489F1D9D54C2D798A8C9D761

Function 0081ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 0081AD19
GetKeyboardState.USER32(?), ref: 0081AD2E
SetKeyboardState.USER32(?), ref: 0081AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0081ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0081ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0081AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0081AE38

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 66876ec56975f88d7a196934986750a947e2f527e023f05b9cf515eba92e285a
Instruction ID: 64e42eea90bc66f171473a7e24b011b4b9dee5810eefa3c1de4163f44fdc658d
Opcode Fuzzy Hash: 66876ec56975f88d7a196934986750a947e2f527e023f05b9cf515eba92e285a
Instruction Fuzzy Hash: 2C51C5A15057D53DFB3A8264CC95BFA7E9CBF46304F088488E1D9C58C2D294ACD8D752

Function 007E542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(007F3CD6,?,?,?,?,?,?,?,?,007E5BA3,?,?,007F3CD6,?,?), ref: 007E5470
__fassign.LIBCMT ref: 007E54EB
__fassign.LIBCMT ref: 007E5506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,007F3CD6,00000005,00000000,00000000), ref: 007E552C
WriteFile.KERNEL32(?,007F3CD6,00000000,007E5BA3,00000000,?,?,?,?,?,?,?,?,?,007E5BA3,?), ref: 007E554B
WriteFile.KERNEL32(?,?,00000001,007E5BA3,00000000,?,?,?,?,?,?,?,?,?,007E5BA3,?), ref: 007E5584

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 68a802c488cecacd979064e183d00ecd0cc90d5eb5bf0403831b2718933f3c8c
Instruction ID: dacc7c6475ec322bf08e78eeec23da1f53e2c8c9574a45080d5e5ac792db6e95
Opcode Fuzzy Hash: 68a802c488cecacd979064e183d00ecd0cc90d5eb5bf0403831b2718933f3c8c
Instruction Fuzzy Hash: DD51F370A016889FDB10CFA9D845AEEBBFAFF0D304F14401AF555E7292E734AA50CB60

Function 008310B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0083304E: inet_addr.WSOCK32(?), ref: 0083307A
Part of subcall function 0083304E: _wcslen.LIBCMT ref: 0083309B

socket.WSOCK32(00000002,00000001,00000006), ref: 00831112
WSAGetLastError.WSOCK32 ref: 00831121
WSAGetLastError.WSOCK32 ref: 008311C9
closesocket.WSOCK32(00000000), ref: 008311F9

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: aa80fb04d662afc9f981e1a1107a232f5b826f3ea205324764ac09d89f51b4fd
Instruction ID: 8fc72b3eb03d402af1503b91e775391a531c19a66e874b557d7537fc45723185
Opcode Fuzzy Hash: aa80fb04d662afc9f981e1a1107a232f5b826f3ea205324764ac09d89f51b4fd
Instruction Fuzzy Hash: CF41C035600208AFDB109F18C889BEEBBA9FF85768F148059F915DB291C774AD41CBE1

Function 0081CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0081CF22,?), ref: 0081DDFD

Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0081CF22,?), ref: 0081DE16

lstrcmpiW.KERNEL32(?,?), ref: 0081CF45
MoveFileW.KERNEL32(?,?), ref: 0081CF7F
_wcslen.LIBCMT ref: 0081D005
_wcslen.LIBCMT ref: 0081D01B
SHFileOperationW.SHELL32(?), ref: 0081D061

Strings

\*.*, xrefs: 0081CFF3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 02ccf2360dced0eb2229c3ff1ece7d7324274acd33aa8fda42f86dc179f51871
Instruction ID: b6d8cd6df0018168083554ed81900cc52b34d5308be313d6f0a8a5e3fcfb86c9
Opcode Fuzzy Hash: 02ccf2360dced0eb2229c3ff1ece7d7324274acd33aa8fda42f86dc179f51871
Instruction Fuzzy Hash: 55415FB18452199FDF12EFA4D985ADEB7BDFF08380F1000A6E505EB141EE74A689CB50

Function 00842DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00842E1C
GetWindowLongW.USER32(?,000000F0), ref: 00842E4F
GetWindowLongW.USER32(?,000000F0), ref: 00842E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00842EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00842EE0
GetWindowLongW.USER32(?,000000F0), ref: 00842EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00842F0B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 05960b333e27ea0bedafb902aafc1eb931dd9eebbd26dd56047a1d36ada3867f
Instruction ID: db0c86f74fd0b533bcee217cc3ab0a5ff1fa3f74fdfeea95374af0de6c00b9bf
Opcode Fuzzy Hash: 05960b333e27ea0bedafb902aafc1eb931dd9eebbd26dd56047a1d36ada3867f
Instruction Fuzzy Hash: 47311234609248AFEB60CF58DC88F653BE8FB9A714F9501A4F915CB2B2CB71AC41DB01

Function 00817726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0081778F
SysAllocString.OLEAUT32(00000000), ref: 00817792
SysAllocString.OLEAUT32(?), ref: 008177B0
SysFreeString.OLEAUT32(?), ref: 008177B9
StringFromGUID2.OLE32(?,?,00000028), ref: 008177DE
SysAllocString.OLEAUT32(?), ref: 008177EC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 67f4a1ca6e1a5083ea61e65757e80f5f701ec7ba5e786367624034930cb98d8c
Instruction ID: c09d96912ef472a9659014b43281c070289188b6ff4d46ee32eca98d83a8cad1
Opcode Fuzzy Hash: 67f4a1ca6e1a5083ea61e65757e80f5f701ec7ba5e786367624034930cb98d8c
Instruction Fuzzy Hash: DD219C7A605219AFDB10AFA8CC88DFA73ACFF09364B048429FA15DB191D6749C81C764

Function 008177FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817868
SysAllocString.OLEAUT32(00000000), ref: 0081786B
SysAllocString.OLEAUT32 ref: 0081788C
SysFreeString.OLEAUT32 ref: 00817895
StringFromGUID2.OLE32(?,?,00000028), ref: 008178AF
SysAllocString.OLEAUT32(?), ref: 008178BD

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 7681bd24a57248b3c3fa65ffba1721cbbfd214dea498866a5450d465e65844cd
Instruction ID: 15a0a2aa352e7835d3628aaa5ccc35edd1ae092a56bd61a10fab9e2e7b81d063
Opcode Fuzzy Hash: 7681bd24a57248b3c3fa65ffba1721cbbfd214dea498866a5450d465e65844cd
Instruction Fuzzy Hash: F0213E75609208AF9B10AFA8DC88DEA77BCFF097607108139F915CB2A1D674DC81CB78

Function 008204D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 008204F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0082052E

Strings

nul, xrefs: 00820567

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 4eadd0d0f406ed8b37d85d1a844c9417d68d7bf44d1dd90423ea920de8a05be2
Instruction ID: 8f387ed2f0c2db72fc2c2410181b423b9adc0da78c6ef4113ae05e63b9ebc45c
Opcode Fuzzy Hash: 4eadd0d0f406ed8b37d85d1a844c9417d68d7bf44d1dd90423ea920de8a05be2
Instruction Fuzzy Hash: 9F216275600329ABDB209F69ED44A5A77F8FF45724F204A19F8A1E62E1D7B09980CF60

Function 008205A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 008205C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00820601

Strings

nul, xrefs: 00820639

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: d1d30adf5126f0eb903041bf036a9491207d0c5c8829c9e4900feedd0499b632
Instruction ID: 0a50b54d4eef082041caebc020258a3c34bedfe85ce6e8c1ce5863e85a8a15e9
Opcode Fuzzy Hash: d1d30adf5126f0eb903041bf036a9491207d0c5c8829c9e4900feedd0499b632
Instruction Fuzzy Hash: 28216775500325AFDB209F69EC44A5A77E8FF95724F200A19F8A1E72E6D7B099A0CF10

Function 008440AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
Part of subcall function 007B600E: GetStockObject.GDI32(00000011), ref: 007B6060
Part of subcall function 007B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00844112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0084411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0084412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00844139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00844145

Strings

Msctls_Progress32, xrefs: 008440E3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 74233505dac18087fe67519f97f4bef570f99e2ec352a1962b501147ec7b8ae8
Instruction ID: 48f1f3db62b34d7c1d21f2766930cbb49648fec5eaff06b5cc8e436533e29a80
Opcode Fuzzy Hash: 74233505dac18087fe67519f97f4bef570f99e2ec352a1962b501147ec7b8ae8
Instruction Fuzzy Hash: B41190B214021DBEEF119E64CC86EE77F5DFF18798F014111BA18E2150CA769C21DBA4

Function 007ED7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 007ED7A3: _free.LIBCMT ref: 007ED7CC

_free.LIBCMT ref: 007ED82D

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007ED838
_free.LIBCMT ref: 007ED843
_free.LIBCMT ref: 007ED897
_free.LIBCMT ref: 007ED8A2
_free.LIBCMT ref: 007ED8AD
_free.LIBCMT ref: 007ED8B8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: bb49280d3295ce41be947cc3099dc98e118f2387f72571b85a4e8dd66a6e4271
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 3E112171542B88EAD531BFB2CC4FFCB7BDC6F08700F404825B699A64A3DA6DB9064A50

Function 0081DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0081DA74
LoadStringW.USER32(00000000), ref: 0081DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0081DA91
LoadStringW.USER32(00000000), ref: 0081DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0081DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 0081DAB9

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 0c10b0d34af12b616334150b5399298cc02a490a04e45654805d7876532d5ec1
Instruction ID: 397092b9d2479e009854f95dc3065eeb54fcf66dcdef4eb4466dc10a41d40ec7
Opcode Fuzzy Hash: 0c10b0d34af12b616334150b5399298cc02a490a04e45654805d7876532d5ec1
Instruction Fuzzy Hash: 6D016DF69002187FE750EBE49D89EEB376CFB09305F404496B746E2041EA749E848F74

Function 0082096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0172DFB8,0172DFB8), ref: 0082097B
EnterCriticalSection.KERNEL32(0172DF98,00000000), ref: 0082098D
TerminateThread.KERNEL32(?,000001F6), ref: 0082099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 008209A9
CloseHandle.KERNEL32(?), ref: 008209B8
InterlockedExchange.KERNEL32(0172DFB8,000001F6), ref: 008209C8
LeaveCriticalSection.KERNEL32(0172DF98), ref: 008209CF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: f8f19885ec25f99b793cb3409d946e5655ed91dabc2f03c6761e76172889a649
Instruction ID: c27ea578c84097ac68dfa3844e3a88c0e6e700d7df2165cc86b00996453fc88a
Opcode Fuzzy Hash: f8f19885ec25f99b793cb3409d946e5655ed91dabc2f03c6761e76172889a649
Instruction Fuzzy Hash: EFF0EC36543A22BBD7915FA4EE8DBD6BB39FF06702F402025F202908A1C7B594A5CF90

Function 007B5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 007B5D30
GetWindowRect.USER32(?,?), ref: 007B5D71
ScreenToClient.USER32(?,?), ref: 007B5D99
GetClientRect.USER32(?,?), ref: 007B5ED7
GetWindowRect.USER32(?,?), ref: 007B5EF8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 4d16a9b7c4e20251a851246524c987ba5d43520c1eeac7b6ca8907a455d86baf
Instruction ID: 735e8d0b6caff71039bd0a7ef852065b70e4b6c7056a287e9183832cdee80c16
Opcode Fuzzy Hash: 4d16a9b7c4e20251a851246524c987ba5d43520c1eeac7b6ca8907a455d86baf
Instruction Fuzzy Hash: 00B15739A00A4ADBDB10CFA9C4807FAB7F1FF58310F14851AE9A9D7250DB38EA51DB54

Function 007E01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 007E00BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E00D6
__allrem.LIBCMT ref: 007E00ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E010B
__allrem.LIBCMT ref: 007E0122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E0140

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: b20514696396fda7d49a5843c09301fa8ca21e88b1e6ecd21a39ffc6a3bbf7db
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 49810672602746EBE7209F2ACC45B6F73F9AF49324F24453AF511DA381E7B8D9408790

Function 00831D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00833149: select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00833195

__WSAFDIsSet.WSOCK32(00000000,?), ref: 00831DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00831DE1
WSAGetLastError.WSOCK32 ref: 00831DF2
inet_ntoa.WSOCK32(?), ref: 00831E8C
htons.WSOCK32(?), ref: 00831EDB
_strlen.LIBCMT ref: 00831F35

Part of subcall function 008139E8: _strlen.LIBCMT ref: 008139F2

Part of subcall function 007B6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,007CCF58,?,?,?), ref: 007B6DBA
Part of subcall function 007B6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,007CCF58,?,?,?), ref: 007B6DED

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: 4eebfdf1abf936de8f9db1d45a0fc00a3b2e52c0591a44ac401cbef1fbf1ca4f
Instruction ID: a91da524c14d3de9e1775de7390000fda70d04a2ea3ebf8fcd2f2a43937bb32b
Opcode Fuzzy Hash: 4eebfdf1abf936de8f9db1d45a0fc00a3b2e52c0591a44ac401cbef1fbf1ca4f
Instruction Fuzzy Hash: CAA1CE30204340AFC724DB24C889F6ABBA5FFC5718F54895CF5569B2A2CB75ED42CB92

Function 007E61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007D82D9,007D82D9,?,?,?,007E644F,00000001,00000001,8BE85006), ref: 007E6258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007E644F,00000001,00000001,8BE85006,?,?,?), ref: 007E62DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007E63D8
__freea.LIBCMT ref: 007E63E5

Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

__freea.LIBCMT ref: 007E63EE
__freea.LIBCMT ref: 007E6413

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 9402296ca708fc4792ad87e211bd88c132335c43ffb9a3d687f62096d0bfe413
Instruction ID: 156c82dfe7b9aa2514b5020d008673c770ba74f8bdd7a0ea57b22a5bbd12d1d8
Opcode Fuzzy Hash: 9402296ca708fc4792ad87e211bd88c132335c43ffb9a3d687f62096d0bfe413
Instruction Fuzzy Hash: 7E510472602296ABDB258F66CC85EBF77A9EF58790F144629FD05D7180EB38DC40C6A0

Function 0083BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083BD25
RegCloseKey.ADVAPI32(00000000), ref: 0083BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0083BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0083BDF3
RegCloseKey.ADVAPI32(?), ref: 0083BDFF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: ca870c8a068ea850fdccf6525713b15c595d9a4ff4f10a131849780150bf1f34
Instruction ID: 2a2830a9a89c550ffab2c42ac810b7802420bb4711ecf27d7a727d71da4d3fae
Opcode Fuzzy Hash: ca870c8a068ea850fdccf6525713b15c595d9a4ff4f10a131849780150bf1f34
Instruction Fuzzy Hash: 7281A070208241EFD714DF24C895E6ABBE5FF84308F14895DF6598B2A2DB31ED45CB92

Function 0080F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 0080F7B9
SysAllocString.OLEAUT32(00000001), ref: 0080F860
VariantCopy.OLEAUT32(0080FA64,00000000), ref: 0080F889
VariantClear.OLEAUT32(0080FA64), ref: 0080F8AD
VariantCopy.OLEAUT32(0080FA64,00000000), ref: 0080F8B1
VariantClear.OLEAUT32(?), ref: 0080F8BB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: c0daa87be509465dc15cb7dc44de345f60b467517157a08ccb9cd5abaf162445
Instruction ID: 4b932705aeb3ec34ec0f726314d81d7ebfaa5aede649a36723e624c1718585a2
Opcode Fuzzy Hash: c0daa87be509465dc15cb7dc44de345f60b467517157a08ccb9cd5abaf162445
Instruction Fuzzy Hash: E7511731600314EADFB0AB65DC95B69B7A8FF45314B20C42AEA02DF6D3D7748C40C796

Function 0082910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 008294E5
_wcslen.LIBCMT ref: 00829506
_wcslen.LIBCMT ref: 0082952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00829585

Strings

X, xrefs: 00829412

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 9485bcc7ac1a8acc7fd18ff802b66d8be47f5078eb84f1a6b5cede8c1c77c6c4
Instruction ID: 2fbcf54583fa761b377acb6f7820c5eccfc9df1326cc8bcf9d45b17c50c0e9f8
Opcode Fuzzy Hash: 9485bcc7ac1a8acc7fd18ff802b66d8be47f5078eb84f1a6b5cede8c1c77c6c4
Instruction Fuzzy Hash: 71E1AE31604310DFC724EF24D889BAAB7E4FF84314F14896DE9999B2A2DB34DD45CB92

Function 007C920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

BeginPaint.USER32(?,?,?), ref: 007C9241
GetWindowRect.USER32(?,?), ref: 007C92A5
ScreenToClient.USER32(?,?), ref: 007C92C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007C92D3
EndPaint.USER32(?,?,?,?,?), ref: 007C9321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008071EA

Part of subcall function 007C9339: BeginPath.GDI32(00000000), ref: 007C9357

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: e331c05b1789766830afaba4f11a83c2b7602612c1e4d8683a46b1080adbbe3f
Instruction ID: ac66086d4325e7e2a011fe797acfbd339b212d36ffc8b43932e60ec032e0dff3
Opcode Fuzzy Hash: e331c05b1789766830afaba4f11a83c2b7602612c1e4d8683a46b1080adbbe3f
Instruction Fuzzy Hash: 1E418C70505201EFDB51DF28CC88FAA7BA8FB56320F14066DFA95C72E1CB35A846DB61

Function 008207EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 0082080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00820847
EnterCriticalSection.KERNEL32(?), ref: 00820863
LeaveCriticalSection.KERNEL32(?), ref: 008208DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008208F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00820921

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 7d0ce0ab9e20f6e0f3d5c86711fc7bb73abc4e2c24b16ddb4b8683cafb48649b
Instruction ID: 05cd6cd3e21b83c3ee9e1bfccf5d61e33f8d31a31e4c79350daf2c97486b4793
Opcode Fuzzy Hash: 7d0ce0ab9e20f6e0f3d5c86711fc7bb73abc4e2c24b16ddb4b8683cafb48649b
Instruction Fuzzy Hash: F6416B71900215EBDF14AF64DC89A6A77B9FF04300F1440A9ED04DA297DB74DEA1DFA4

Function 008481DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0080F3AB,00000000,?,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0084824C
EnableWindow.USER32(?,00000000), ref: 00848272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 008482D1
ShowWindow.USER32(?,00000004), ref: 008482E5
EnableWindow.USER32(?,00000001), ref: 0084830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0084832F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: d34b490438f3b770e3ca7d68df8556ec132c2bfecfd2a476fa43e1cda6e6b118
Instruction ID: 560e613173ccbea6f468740666c0c89179e7c25fd6238db91fbc56e709dabd04
Opcode Fuzzy Hash: d34b490438f3b770e3ca7d68df8556ec132c2bfecfd2a476fa43e1cda6e6b118
Instruction Fuzzy Hash: BB41A534601658EFDF51CF29CC99BE87BE5FB0A714F185269E5188B262CB71AC41CB50

Function 00814C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00814C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00814CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00814CEA
_wcslen.LIBCMT ref: 00814D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00814D10
_wcsstr.LIBVCRUNTIME ref: 00814D1A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 3564b8b54709cf5a26147709583640c375eae3186e9a79249835ddfb1a1fd464
Instruction ID: dafa1353e084389a723a73f2631bd3020530227d14f701c609522a2e58ba2d6b
Opcode Fuzzy Hash: 3564b8b54709cf5a26147709583640c375eae3186e9a79249835ddfb1a1fd464
Instruction Fuzzy Hash: 9E213876205204BBEB555B39EC09EBB7BACEF45750F10907EF809CA192EA75DC81D2A0

Function 0082581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2

_wcslen.LIBCMT ref: 0082587B
CoInitialize.OLE32(00000000), ref: 00825995
CoCreateInstance.OLE32(0084FCF8,00000000,00000001,0084FB68,?), ref: 008259AE
CoUninitialize.OLE32 ref: 008259CC

Strings

.lnk, xrefs: 00825876, 008258C1, 00825985

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: f07f93dbc57686f00b6ebbb5e2df5cd26396f75515e79a0778075418720a209a
Instruction ID: 3aa551f535abcae5cf4e8a6e1f23ddd9778886301623694da6f0f7d8d77352cb
Opcode Fuzzy Hash: f07f93dbc57686f00b6ebbb5e2df5cd26396f75515e79a0778075418720a209a
Instruction Fuzzy Hash: 6CD15071608611DFC714DF24D488A6ABBE5FF89720F148859F88ADB361DB31EC85CB92

Function 0081175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00810FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00810FCA
Part of subcall function 00810FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00810FD6
Part of subcall function 00810FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00810FE5
Part of subcall function 00810FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00810FEC
Part of subcall function 00810FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00811002

GetLengthSid.ADVAPI32(?,00000000,00811335), ref: 008117AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 008117BA
HeapAlloc.KERNEL32(00000000), ref: 008117C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 008117DA
GetProcessHeap.KERNEL32(00000000,00000000,00811335), ref: 008117EE
HeapFree.KERNEL32(00000000), ref: 008117F5

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 43388ad88ae111a0e3ddeab9fe74fcf3b32928b59066d5211acfefd5fbdad174
Instruction ID: 1791a53b9c0f37753701697067b9e25a0c276fe39f103af1701c0a300f2c51dc
Opcode Fuzzy Hash: 43388ad88ae111a0e3ddeab9fe74fcf3b32928b59066d5211acfefd5fbdad174
Instruction Fuzzy Hash: BB118636602609EBDF109FA4CC49FEE7BADFF42359F104818E581E7294C736A980CB60

Function 008114CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008114FF
OpenProcessToken.ADVAPI32(00000000), ref: 00811506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00811515
CloseHandle.KERNEL32(00000004), ref: 00811520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0081154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00811563

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: a206740ca971809b4b692bdef07b1e2c230afe89498ca4c7da505547bb625867
Instruction ID: befebe8f913ca5f7072692a5b3c4c8e4d74bc3703ab63a3da87fb2a367805a30
Opcode Fuzzy Hash: a206740ca971809b4b692bdef07b1e2c230afe89498ca4c7da505547bb625867
Instruction Fuzzy Hash: BC11297660220DABDF118F98DD49FDE7BAEFF49744F044015FA05A2160C3758EA0DB61

Function 007D3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,007D3379,007D2FE5), ref: 007D3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007D339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007D33B7
SetLastError.KERNEL32(00000000,?,007D3379,007D2FE5), ref: 007D3409

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 70e49fe5c61183378dc5af9fa03b35a25b56d7f2a5985bd5c2fd3d1a2ca4324b
Instruction ID: 5a2af98d07fef3641b7fd9a02d44239554d3a57a71ada4ed1d44270af326a66c
Opcode Fuzzy Hash: 70e49fe5c61183378dc5af9fa03b35a25b56d7f2a5985bd5c2fd3d1a2ca4324b
Instruction Fuzzy Hash: 3D012432209711FEAA242BB4BC8D5262AB8FB05379320022FF414963F1EF198D819186

Function 007E2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,007E5686,007F3CD6,?,00000000,?,007E5B6A,?,?,?,?,?,007DE6D1,?,00878A48), ref: 007E2D78
_free.LIBCMT ref: 007E2DAB
_free.LIBCMT ref: 007E2DD3
SetLastError.KERNEL32(00000000,?,?,?,?,007DE6D1,?,00878A48,00000010,007B4F4A,?,?,00000000,007F3CD6), ref: 007E2DE0
SetLastError.KERNEL32(00000000,?,?,?,?,007DE6D1,?,00878A48,00000010,007B4F4A,?,?,00000000,007F3CD6), ref: 007E2DEC
_abort.LIBCMT ref: 007E2DF2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: e93bfc6934da2f4a25e364690007e6ed43a82ea4da71ee528bf0c2ab896f23e9
Instruction ID: dcd59a9627bac9f6fcdb89895675d94b15d61b2987c9438e7278907d289b71f5
Opcode Fuzzy Hash: e93bfc6934da2f4a25e364690007e6ed43a82ea4da71ee528bf0c2ab896f23e9
Instruction Fuzzy Hash: 8DF0F935607580B7C25267376C0EA1A265DBBCA7A4F314119F624D32A3EE2C88034160

Function 00848A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 007C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96A2
Part of subcall function 007C9639: BeginPath.GDI32(?), ref: 007C96B9
Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00848A4E
LineTo.GDI32(?,00000003,00000000), ref: 00848A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00848A70
LineTo.GDI32(?,00000000,00000003), ref: 00848A80
EndPath.GDI32(?), ref: 00848A90
StrokePath.GDI32(?), ref: 00848AA0

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 3d321a40a4a2f199871ad92441e7804a5175939dfea7f1ba3df9303118f39fef
Instruction ID: 6fc316a5b477960c6d52a3f73b5bf95c4b115089fbf2906a7f119267e4524209
Opcode Fuzzy Hash: 3d321a40a4a2f199871ad92441e7804a5175939dfea7f1ba3df9303118f39fef
Instruction Fuzzy Hash: F411057600111CFFEF129F94DC88EAA7F6CFB09394F048022FA199A1A1C771AD55DBA0

Function 008151FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00815218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00815229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00815230
ReleaseDC.USER32(00000000,00000000), ref: 00815238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 0081524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00815261

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 2b35a14a6b9404fa82cd2ee3cf8cede32e987296bda9735f90f77c51db30cb75
Instruction ID: 26fcf05aff55e071b714a06cb8017ff89b591e320e8addc1cc98217dd0ef9d72
Opcode Fuzzy Hash: 2b35a14a6b9404fa82cd2ee3cf8cede32e987296bda9735f90f77c51db30cb75
Instruction Fuzzy Hash: B1014F75A01719BBEB109BA69C49A5EBFBCFF49751F048066FA04E7291DA709800CFA0

Function 007B1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 007B1BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 007B1BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 007B1C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 007B1C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 007B1C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 007B1C22

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 63b053ac44c51eae03ab861f12dd4979592de3ca2760f43d626d9661ffc6f3f0
Instruction ID: 3f8686ace90b27130a065b1dffd0cc3d05dc5a0dd8acd1c2a841b472654460b8
Opcode Fuzzy Hash: 63b053ac44c51eae03ab861f12dd4979592de3ca2760f43d626d9661ffc6f3f0
Instruction Fuzzy Hash: B10167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CFE5

Function 0081EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0081EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0081EB46
GetWindowThreadProcessId.USER32(?,?), ref: 0081EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB75

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: e66797af8c43b99b37343f043edbcd3cdcb46727e616ce3037a06bf5ea47335d
Instruction ID: 901d6b6c9596cd258f93bb76504fc56fc0e80b314647739ba9a3f5df6893303c
Opcode Fuzzy Hash: e66797af8c43b99b37343f043edbcd3cdcb46727e616ce3037a06bf5ea47335d
Instruction Fuzzy Hash: D1F0BEBA202158BBE7605B629C0EEEF3E7CFFCBB11F004158FA02E1090D7A01A01C6B4

Function 00807439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00807452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00807469
GetWindowDC.USER32(?), ref: 00807475
GetPixel.GDI32(00000000,?,?), ref: 00807484
ReleaseDC.USER32(?,00000000), ref: 00807496
GetSysColor.USER32(00000005), ref: 008074B0

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: acb979966e7a7a8ae8b3401b6dc3d0b94f7d225158ff5ee21d12e7a87cc43d1b
Instruction ID: a1a110e5c03d7311928d127f5015a7cefbee78a13102714282868b4eb6ec928e
Opcode Fuzzy Hash: acb979966e7a7a8ae8b3401b6dc3d0b94f7d225158ff5ee21d12e7a87cc43d1b
Instruction Fuzzy Hash: 6D018635801605EFEB905FA4DC08BAE7BB9FB05321F224068FA16A21A1CB312E41EB14

Function 00811874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 0081187F
UnloadUserProfile.USERENV(?,?), ref: 0081188B
CloseHandle.KERNEL32(?), ref: 00811894
CloseHandle.KERNEL32(?), ref: 0081189C
GetProcessHeap.KERNEL32(00000000,?), ref: 008118A5
HeapFree.KERNEL32(00000000), ref: 008118AC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 16a481885e78c2fa61b1b01d01873b95588c74c7b80c024a57098c4260f90122
Instruction ID: 1c0937363f03f0a46bf8fc9774ef32a150b21399f27d2067bf766a607b505bf1
Opcode Fuzzy Hash: 16a481885e78c2fa61b1b01d01873b95588c74c7b80c024a57098c4260f90122
Instruction Fuzzy Hash: B1E0E53A206101BBDB415FA5ED0C90AFF3DFF4AB22B108220F22581170CB329420DF50

Function 0081C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0081C6EE
_wcslen.LIBCMT ref: 0081C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0081C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0081C7CA

Strings

0, xrefs: 0081C6AF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: d378e557efb11aed9cfaead9b92d2c877bff3fb23bc0d371c9f8dd0be77a9531
Instruction ID: eb8bf6c51b4bbe777219372a5a75404beadabe73d54c1f13d426a15ea12e24b4
Opcode Fuzzy Hash: d378e557efb11aed9cfaead9b92d2c877bff3fb23bc0d371c9f8dd0be77a9531
Instruction Fuzzy Hash: FE51AD716843019BD714AF28C889BEA77ECFF59314F040A2DF996D21E1DBA4D984CB52

Function 0083AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 0083AEA3

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

GetProcessId.KERNEL32(00000000), ref: 0083AF38
CloseHandle.KERNEL32(00000000), ref: 0083AF67

Strings

@, xrefs: 0083AE72
<, xrefs: 0083AE6B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: a1e8e54d99908530fd31c87e4971018f6bd14dc05f2c7eeb71df1fd777beea8e
Instruction ID: 0e93e18584d8fd4e031ba74f8871918c6b0a72136bb4e8682d7f72f6ddc2bcfa
Opcode Fuzzy Hash: a1e8e54d99908530fd31c87e4971018f6bd14dc05f2c7eeb71df1fd777beea8e
Instruction Fuzzy Hash: 87718A75A00619DFCB18DF54C489A9EBBF4FF48314F048499E856AB3A2CB78ED41CB91

Function 0081719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00817206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0081723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0081724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008172CF

Strings

DllGetClassObject, xrefs: 00817242

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 38a6ffc5ca8cbca647b1fc7f10cd762c66a8f94732e9ebd2ada5964b33278f4b
Instruction ID: 1ca5c98b3e6a3f8f05037f39f97756a81cdd12291725abb556c542c6cfa0c9e7
Opcode Fuzzy Hash: 38a6ffc5ca8cbca647b1fc7f10cd762c66a8f94732e9ebd2ada5964b33278f4b
Instruction Fuzzy Hash: D9412971A04205AFDB15CF54C884ADA7BBDFF49314B1480ADBD0ADF20AD7B1D985CBA0

Function 00843D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00843E35
IsMenu.USER32(?), ref: 00843E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00843E92
DrawMenuBar.USER32 ref: 00843EA5

Strings

0, xrefs: 00843D89

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 45180c6f9bd4b2ccfb32527353aac6a5f9f7ddb61013cd8a837b161c1244ee81
Instruction ID: b52c46acbfc5dd71368a9f03236ddabf6cb1de7dcc274b189626b5d1a03da5cf
Opcode Fuzzy Hash: 45180c6f9bd4b2ccfb32527353aac6a5f9f7ddb61013cd8a837b161c1244ee81
Instruction Fuzzy Hash: CF414575A0220DEFDB10EF64D884AAABBB9FF49354F044129E915EB650D730AE45CF60

Function 00811DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00811E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00811E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00811EA9

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

Strings

ComboBox, xrefs: 00811DF0
ListBox, xrefs: 00811E25

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: a53d673d4eddfad0e43288959870c60e66c2f82700560289a58195870686ea9a
Instruction ID: 6dd28082749322f52527f9083762dc85afc477b2eb9fa2f146637e5ffa25ed64
Opcode Fuzzy Hash: a53d673d4eddfad0e43288959870c60e66c2f82700560289a58195870686ea9a
Instruction Fuzzy Hash: 6B210771A00108BADF14ABA4DC4DDFFB7BDFF45354B104119FA26E71E1DB3849459620

Function 0083C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0083C9F1
_wcslen.LIBCMT ref: 0083CA68
_wcslen.LIBCMT ref: 0083CA9E
_wcslen.LIBCMT ref: 0083CAF9
_wcslen.LIBCMT ref: 0083CB2F
_wcslen.LIBCMT ref: 0083CB7F

Strings

HKLM, xrefs: 0083CA98, 0083CA9D
HKEY_LOCAL_MACHINE, xrefs: 0083CA62, 0083CA67

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: 96e607f1653f1de3847f50a58d7f48ca195059fd82775beab904785784a4a181
Instruction ID: ad75427804bba44a9bc872dc04acdd8cf432934fbf873aaaf5179b6f6b166b7d
Opcode Fuzzy Hash: 96e607f1653f1de3847f50a58d7f48ca195059fd82775beab904785784a4a181
Instruction Fuzzy Hash: 6A31B1B2A001798BCB20EF6D98545BE33A1FBE1754F154029E855FB349EA75CD44D3E0

Function 00842F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00842F8D
LoadLibraryW.KERNEL32(?), ref: 00842F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00842FA9
DestroyWindow.USER32(?), ref: 00842FB1

Strings

SysAnimate32, xrefs: 00842F68

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: 62840c4a7149199b99da4e1aa952f25cc0ae62149e190b09335d082f571e427d
Instruction ID: d45e6647133c00990e823b7ae1700e6fe0e827252d86e0245c9451369a3b9770
Opcode Fuzzy Hash: 62840c4a7149199b99da4e1aa952f25cc0ae62149e190b09335d082f571e427d
Instruction Fuzzy Hash: 5821AE7120820DABEB205F64DC84EBB77BDFB69364F904218F950D2190DB71DC559760

Function 007D4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007D4D1E,007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002), ref: 007D4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007D4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,007D4D1E,007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000), ref: 007D4DC3

Strings

mscoree.dll, xrefs: 007D4D86
CorExitProcess, xrefs: 007D4D98

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 8400c6adf447e1ce7be9f633a421b9195ce8996fef8a6b3035f2c9ce3c026de3
Instruction ID: 009cc838ae82663efe9e218ba111b8a39ed9961825e89eb936bcd1728044c400
Opcode Fuzzy Hash: 8400c6adf447e1ce7be9f633a421b9195ce8996fef8a6b3035f2c9ce3c026de3
Instruction Fuzzy Hash: A6F04F35A41208BBDB519F90DC49BADBFB9FF48756F0000A9F909A2360DB359940CED0

Function 0080D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 0080D3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0080D3BF
FreeLibrary.KERNEL32(00000000), ref: 0080D3E5

Strings

X64, xrefs: 0080D2A8
GetSystemWow64DirectoryW, xrefs: 0080D3B9

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 803d85b4c19a42dda54a395bf521526526d6d7a17e6ad91fb263cb61b7087ae2
Instruction ID: 50cf7d2b85a3fb04d981a5bf85736a1ed49d82a929f3706e93277faa45b8956b
Opcode Fuzzy Hash: 803d85b4c19a42dda54a395bf521526526d6d7a17e6ad91fb263cb61b7087ae2
Instruction Fuzzy Hash: 9EF05C75407714EBD7F117904C08A197718FF11705B558059F801E12C9EB24DD44C795

Function 007B4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4EAE
FreeLibrary.KERNEL32(00000000,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EC0

Strings

kernel32.dll, xrefs: 007B4E94
Wow64DisableWow64FsRedirection, xrefs: 007B4EA8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 91501abc1e4e3c3b6cebd153be5206cabbfd4d53cfcfcd39315af6641b26217c
Instruction ID: 2cf28801316f23443af8c7466a14622f30a442b876fc85099be98b51582b6bda
Opcode Fuzzy Hash: 91501abc1e4e3c3b6cebd153be5206cabbfd4d53cfcfcd39315af6641b26217c
Instruction Fuzzy Hash: 05E01D39A036225BD3B11B296C19B9F755CFF82F667050115FD05D2256DB6CCD01C5A1

Function 007B4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4E74
FreeLibrary.KERNEL32(00000000,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E87

Strings

kernel32.dll, xrefs: 007B4E5B
Wow64RevertWow64FsRedirection, xrefs: 007B4E6E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 7891c0e88bb014a026f9a1884b5abb12965c8ba9d4e8197aa0781b516d3ca84e
Instruction ID: 9e149030d5132c0ccb954c4f8892cf3a71f8393d6646c3f192616eb68c94063c
Opcode Fuzzy Hash: 7891c0e88bb014a026f9a1884b5abb12965c8ba9d4e8197aa0781b516d3ca84e
Instruction Fuzzy Hash: 97D01239503A615756A21B256C1CECB7B1CFF86B653054515B905E2215CF69CD01C5E1

Function 00822947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822C05
DeleteFileW.KERNEL32(?), ref: 00822C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00822C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822CC0

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: e1418647f15477fc153d24a79e0b4b6c33fe898b344572febf70c5b13b463224
Instruction ID: 63e30089b1e106abe8d7d06f8cbb448471273090a60a21a06621a022785827c6
Opcode Fuzzy Hash: e1418647f15477fc153d24a79e0b4b6c33fe898b344572febf70c5b13b463224
Instruction Fuzzy Hash: BFB14E71900129ABDF21EBA4DC89EDEB77DFF49350F1040A6F509E6251EA349A848B61

Function 0083A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0083A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0083A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0083A468
CloseHandle.KERNEL32(?), ref: 0083A63D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 60f922a95c2249ce0db227c371199d53537d4d707d0c83f6ba1aab96960eadcf
Instruction ID: e88a837d78b4ac00a62b3dc50a748321c95022841be92e8bd062cacdef286bf5
Opcode Fuzzy Hash: 60f922a95c2249ce0db227c371199d53537d4d707d0c83f6ba1aab96960eadcf
Instruction Fuzzy Hash: 15A18B71604300AFD724DF24C886F2AB7E5AF84714F14885DF99ADB292DBB4ED41CB92

Function 0081E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0081CF22,?), ref: 0081DDFD

Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0081CF22,?), ref: 0081DE16

Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A

lstrcmpiW.KERNEL32(?,?), ref: 0081E473
MoveFileW.KERNEL32(?,?), ref: 0081E4AC
_wcslen.LIBCMT ref: 0081E5EB
_wcslen.LIBCMT ref: 0081E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0081E650

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 51147a078b55d69c0d916ce7ce82d8b678ecd426660258f6de41b1658309781f
Instruction ID: 26cac6b81c3406e3b3c6c13bf8bc32650a8d8f255ae7dd6e01368d19f0ea68fa
Opcode Fuzzy Hash: 51147a078b55d69c0d916ce7ce82d8b678ecd426660258f6de41b1658309781f
Instruction Fuzzy Hash: 765162B24087459BC724DBA4DC859DBB3ECEF85340F00491EFA89D3151EF74A688C76A

Function 0083B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0083BB63
RegCloseKey.ADVAPI32(?,?), ref: 0083BBA6
RegCloseKey.ADVAPI32(00000000), ref: 0083BBB3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 976e26c04b20bc5a12d954d09e38dc3fbec1d8eeaebcadf6e6dbb938daf35e18
Instruction ID: 915a1bf8fdf480946be1e8e1bf6379da5583708308921a02e4bb1aa5b71d09d6
Opcode Fuzzy Hash: 976e26c04b20bc5a12d954d09e38dc3fbec1d8eeaebcadf6e6dbb938daf35e18
Instruction Fuzzy Hash: D161BE71209241EFC314DF24C494E6ABBE9FF84318F14899CF5998B2A2DB31ED45CB92

Function 00818BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00818BCD
VariantClear.OLEAUT32 ref: 00818C3E
VariantClear.OLEAUT32 ref: 00818C9D
VariantClear.OLEAUT32(?), ref: 00818D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00818D3B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: a192d7347853d5542ce2014cbe6a5da05734a6ca6751ca69ea49e780e344b7ca
Instruction ID: 0717e7c583a6d0fa4bff7d2146e98a97055155ff2052df60ec8de89695b084e9
Opcode Fuzzy Hash: a192d7347853d5542ce2014cbe6a5da05734a6ca6751ca69ea49e780e344b7ca
Instruction Fuzzy Hash: 0A5167B5A00219EFCB10CF68D884AAAB7F8FF89314B158559F909DB350E730E911CF90

Function 00828AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00828BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00828BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00828C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00828C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00828C5F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 2b984eb55d4475901035b574e47172ee16e081fb628804f5c909e8120298431a
Instruction ID: fa45f049807b4b4658e5e3b8ac8dea22e9d34fc12c947db5d23689723375dc57
Opcode Fuzzy Hash: 2b984eb55d4475901035b574e47172ee16e081fb628804f5c909e8120298431a
Instruction Fuzzy Hash: 75514A35A00215EFCB15DF64C885EA9BBF5FF49314F088498E849AB362DB35ED51CBA0

Function 00838EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00838F40
GetProcAddress.KERNEL32(00000000,?), ref: 00838FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00838FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00839032
FreeLibrary.KERNEL32(00000000), ref: 00839052

Part of subcall function 007CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00821043,?,753CE610), ref: 007CF6E6
Part of subcall function 007CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0080FA64,00000000,00000000,?,?,00821043,?,753CE610,?,0080FA64), ref: 007CF70D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 60b51738f433137863be13f074e00037ba21b3dfdb835d238feef0e5b49281e2
Instruction ID: a0350f6636dbbd63f69f6436dd1a36ffdc0ec5de9dcb23ca5d10eb111f0f1044
Opcode Fuzzy Hash: 60b51738f433137863be13f074e00037ba21b3dfdb835d238feef0e5b49281e2
Instruction Fuzzy Hash: FE514834605205DFCB14DF68C4989ADBBF1FF89314F0480A8E90AAB362DB75ED85CB90

Function 00846B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00846C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00846C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00846C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0082AB79,00000000,00000000), ref: 00846C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00846CC7

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 0bd301e41e89acbcd5a0d1cf7fe45fc9cea840b2b52f67f29b0494202971e972
Instruction ID: bf290d726349df6672adf69598dc108a22ab4fab9ab384f58dcfef6a0b400646
Opcode Fuzzy Hash: 0bd301e41e89acbcd5a0d1cf7fe45fc9cea840b2b52f67f29b0494202971e972
Instruction Fuzzy Hash: EB41D935A0410CAFD724CF68CC98FA57BA9FB0B364F150258F895D72E0E771AD61DA41

Function 007E2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 007E20C3
_free.LIBCMT ref: 007E20E3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 0eb78f96a2d8b70f85663c875dd3ea4a588c74c1f7e835f28c071646dbfae687
Instruction ID: a2ace22b2959035da55e73dfb98ff87d8fb33481e20233f5ce4637c4b0a496d2
Opcode Fuzzy Hash: 0eb78f96a2d8b70f85663c875dd3ea4a588c74c1f7e835f28c071646dbfae687
Instruction Fuzzy Hash: FB41E232A01204DFCB24DF79C885A5DB3B9EF89310F1545ADE515EB392EA35EE02CB80

Function 007C912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 007C9141
ScreenToClient.USER32(00000000,?), ref: 007C915E
GetAsyncKeyState.USER32(00000001), ref: 007C9183
GetAsyncKeyState.USER32(00000002), ref: 007C919D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: c7a1f87ea00286cef786fa22f82dcbcdb86e55a9ef9ba07dfde3bf59a246bcbc
Instruction ID: 53753f3889a0405dc13dd51329f2ab2f2b46feab1224bd42bfdc1a860809580f
Opcode Fuzzy Hash: c7a1f87ea00286cef786fa22f82dcbcdb86e55a9ef9ba07dfde3bf59a246bcbc
Instruction Fuzzy Hash: 0C416C31A0860AFBDF559F68C849BEEB774FB05324F248229E529A32E0C7346950CB91

Function 00823874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 008238CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00823922
TranslateMessage.USER32(?), ref: 0082394B
DispatchMessageW.USER32(?), ref: 00823955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00823966

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 4894f866e29422d1f4e86404c3d0eb82b22f019ffc277909dcf7b52d18bac3a0
Instruction ID: 83b34daef70e1c388b4c92db7a439930e9093cfff362392c97868da0fd45ed9a
Opcode Fuzzy Hash: 4894f866e29422d1f4e86404c3d0eb82b22f019ffc277909dcf7b52d18bac3a0
Instruction Fuzzy Hash: 6831C6709043659EEF25CB38A869BB67FACFB07304F04056DE462D65A0E7BCA6C5CB11

Function 0082CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 0082CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFF2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 4101f05bc9bef8b04cb31701f682e2626987dc3601f44185d5e31de2c06d7a4e
Instruction ID: bc3f59297ca6893e6a1530d6481a83bac904f5691e828558d9d1594bb90b8d49
Opcode Fuzzy Hash: 4101f05bc9bef8b04cb31701f682e2626987dc3601f44185d5e31de2c06d7a4e
Instruction Fuzzy Hash: 12314C71600615EFDB20DFA5E984ABFBBFAFB15354B10442EF516D2150DBB0AE80DB60

Function 00811901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00811915
PostMessageW.USER32(00000001,00000201,00000001), ref: 008119C1
Sleep.KERNEL32(00000000,?,?,?), ref: 008119C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 008119DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 008119E2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 9ac17af2adc12d955f4c2c8da24d0e2a6d1db0afabe856773213eb118223bd26
Instruction ID: 53003239f63097f18dc77db06ff1d4ddf5325693e3a1fbcb74e5d9ae406b500b
Opcode Fuzzy Hash: 9ac17af2adc12d955f4c2c8da24d0e2a6d1db0afabe856773213eb118223bd26
Instruction Fuzzy Hash: 40318A75A00219AFCB00CFA8C999ADE3BB9FF05315F108229FA21E72D1C7709984CB91

Function 00845706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00845745
SendMessageW.USER32(?,00001074,?,00000001), ref: 0084579D
_wcslen.LIBCMT ref: 008457AF
_wcslen.LIBCMT ref: 008457BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00845816

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 1dd6da03817f53a8a0e6af1bad776a351c0ddc6e953d428ac5c19a5d563f32e6
Instruction ID: fa9c51b16bf1c031e6374f46f664e51548d8e4c4e0cd00c7353d73df8f0b3b50
Opcode Fuzzy Hash: 1dd6da03817f53a8a0e6af1bad776a351c0ddc6e953d428ac5c19a5d563f32e6
Instruction Fuzzy Hash: 7C21A57590461CEBDB209F64CC85AEE7BBCFF15328F108226E929EA181D7709985CF50

Function 007C990F Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 007C98CC
SetTextColor.GDI32(?,?), ref: 007C98D6
SetBkMode.GDI32(?,00000001), ref: 007C98E9
GetStockObject.GDI32(00000005), ref: 007C98F1
GetWindowLongW.USER32(?,000000EB), ref: 007C9952

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: c4ed082e7e131905690d74d6f5a63ff9b4ed92afd4dc3dd7b5dcfad2ffd47669
Instruction ID: 459d8688670ddd7a197c83ef38b021c48ac8ab32e0af3e4620f31a56cfac5fce
Opcode Fuzzy Hash: c4ed082e7e131905690d74d6f5a63ff9b4ed92afd4dc3dd7b5dcfad2ffd47669
Instruction Fuzzy Hash: DA2147314462909FCBA24F34EC5CFE53FA4AF67321F09018EE6928B1E2D7396941CB10

Function 00830930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00830951
GetForegroundWindow.USER32 ref: 00830968
GetDC.USER32(00000000), ref: 008309A4
GetPixel.GDI32(00000000,?,00000003), ref: 008309B0
ReleaseDC.USER32(00000000,00000003), ref: 008309E8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: fad088969bae27dec0015164babe6d7ddea8e4be3ed3f0492359b1ebcb207726
Instruction ID: 0aeea945fbd0d7a8874ef899441b9a99aabc184ccc356da6eecc438e4b021767
Opcode Fuzzy Hash: fad088969bae27dec0015164babe6d7ddea8e4be3ed3f0492359b1ebcb207726
Instruction Fuzzy Hash: A0219239A00214AFD714EF68D848AAEBBE9FF49700F04806DE846D7362CB74AD44CB90

Function 007ECDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 007ECDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007ECDE9

Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007ECE0F
_free.LIBCMT ref: 007ECE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007ECE31

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 33aceb5797cb3254fc29298eab8c0a9a4fcdae383b1d93a68b22f95d3662e208
Instruction ID: 3f4d337ff001e79b0e2f16a6c807ff4035643e2d2ce196f07aea564aa84c5f84
Opcode Fuzzy Hash: 33aceb5797cb3254fc29298eab8c0a9a4fcdae383b1d93a68b22f95d3662e208
Instruction Fuzzy Hash: 8E01847A6032957F23261ABB6C8DD7B796DEECBBA1315012DF905D7201EA698D0381B0

Function 007C9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
SelectObject.GDI32(?,00000000), ref: 007C96A2
BeginPath.GDI32(?), ref: 007C96B9
SelectObject.GDI32(?,00000000), ref: 007C96E2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: b42091aa466ea46f667b2776bdd57513d1511fca4c010dcca144438f9a1a5a80
Instruction ID: 1c4e9ed553ffd97d0fef64e10dfb18dad075f3b0158eb04e6aff39dba5337549
Opcode Fuzzy Hash: b42091aa466ea46f667b2776bdd57513d1511fca4c010dcca144438f9a1a5a80
Instruction Fuzzy Hash: 58215B30802305EBDF519F68EC1CBA97FACBB51765F50421EF910A61F0DB78A892CB94

Function 00815711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00815726
_memcmp.LIBVCRUNTIME ref: 00815744
_memcmp.LIBVCRUNTIME ref: 00815757
_memcmp.LIBVCRUNTIME ref: 0081576F
_memcmp.LIBVCRUNTIME ref: 00815787

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: c7d7e5386ca98366bc7bcdfea1c093dc8d2f8b73e55b4e78a695707d4bc12b90
Instruction ID: 25413c5e84caaaa0e60dcf7b542649df44b55df32e25dd2d924a241bb88e8c26
Opcode Fuzzy Hash: c7d7e5386ca98366bc7bcdfea1c093dc8d2f8b73e55b4e78a695707d4bc12b90
Instruction Fuzzy Hash: 550192A564161DFAE20855109D83EFA635CFFA13A8B404425FE14DA382F664ED9086A0

Function 007E2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6), ref: 007E2DFD
_free.LIBCMT ref: 007E2E32
_free.LIBCMT ref: 007E2E59
SetLastError.KERNEL32(00000000,007B1129), ref: 007E2E66
SetLastError.KERNEL32(00000000,007B1129), ref: 007E2E6F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 1b9756db23e8d1b384e8c3bc0d3fc19be507eaafed595afa77b9696706d23b73
Instruction ID: 521cf5eebcaeb6d580a6a3d346326abb610d3a6f98020daf690945c2b78d19fc
Opcode Fuzzy Hash: 1b9756db23e8d1b384e8c3bc0d3fc19be507eaafed595afa77b9696706d23b73
Instruction Fuzzy Hash: 3001F436207690A7C61227776C4ED2B265DBBCE7A5B214028F425E32A3EA2CCC034520

Function 0081000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?,?,0081035E), ref: 0081002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?), ref: 00810064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810070

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 96e983b06c80bb4208fd40589a61af3a1b8881d834301e66dc24c616ca5249da
Instruction ID: 64bdcb67ccf686346d9b879e84e4b9dc447b9c5ab1003b6c487e764d4845096f
Opcode Fuzzy Hash: 96e983b06c80bb4208fd40589a61af3a1b8881d834301e66dc24c616ca5249da
Instruction Fuzzy Hash: BE018F7A601608BFDB504F68DC04BEA7AADFF48791F144124F905D2211E7B1DE80CBA0

Function 0081E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 0081E997
QueryPerformanceFrequency.KERNEL32(?), ref: 0081E9A5
Sleep.KERNEL32(00000000), ref: 0081E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 0081E9B7
Sleep.KERNEL32 ref: 0081E9F3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 5231acbe761e7f8d81d2d6ec7d405eb1b813db9adbe56b3f7e54c47b760429ce
Instruction ID: edec36c4912ebf244bc602849d9cdb259264adeb50844a12292837b97211c565
Opcode Fuzzy Hash: 5231acbe761e7f8d81d2d6ec7d405eb1b813db9adbe56b3f7e54c47b760429ce
Instruction Fuzzy Hash: 9201203580262DDBCF40ABA4D849AEDBF7CFF0A700F000546E902B2241DB309690CBA2

Function 008110F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: cb6f4c165fb0fb4777619a384924a86f03e72a424da3677912162897220db374
Instruction ID: 4948babb6b55032bf9debff093acc5b7f3d2f3789d98eebd645afd4b7d59864a
Opcode Fuzzy Hash: cb6f4c165fb0fb4777619a384924a86f03e72a424da3677912162897220db374
Instruction Fuzzy Hash: 37011D79101205BFDB514FA5DC4DAAA7B6EFF86364B104419FA45D7360DA31DC40DA60

Function 00810FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00810FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00810FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00810FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00810FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00811002

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 567998ea6ecc569b2c923c110b2fb9ce9f7666ecd1e892198d061c37184415d0
Instruction ID: ccb2c210ecf68ee371e23e2ba8fff4d4b211dd63b5159a1e00ef72f49331ce83
Opcode Fuzzy Hash: 567998ea6ecc569b2c923c110b2fb9ce9f7666ecd1e892198d061c37184415d0
Instruction Fuzzy Hash: 62F06D39602701EBDB214FA4DC4DF963BADFF8ABA2F104415FA45C7251CA70DC80CA60

Function 00811014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0081102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00811036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0081104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811062

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 7fe515ebbb15722272c67178beac765ac5fc3883313d04f2c9e8ba271953a579
Instruction ID: 2bcc944d465dc3453d9a31218299b08047f1b907c3da8dc3b30b59fb1ac4fd26
Opcode Fuzzy Hash: 7fe515ebbb15722272c67178beac765ac5fc3883313d04f2c9e8ba271953a579
Instruction Fuzzy Hash: 4CF06D39602701EBDB219FA5EC4DF963BADFF8A761F100415FA45C7250CA70D880CA60

Function 0082030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820324
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820331
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 0082033E
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 0082034B
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820358
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820365

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: df780eb3b1c922f1286d6ed0b8409bec9e61ab02a9f457bb54375860e4e4e8bd
Instruction ID: 0c63a696e60e79dc9cb794e17bf8f878aa9cfbcbd47e62372855c1293170ac94
Opcode Fuzzy Hash: df780eb3b1c922f1286d6ed0b8409bec9e61ab02a9f457bb54375860e4e4e8bd
Instruction Fuzzy Hash: B101A272801B259FC7309F66E880412FBF9FF503153158A3FD19692A32C371A994CF80

Function 007ED73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 007ED752

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007ED764
_free.LIBCMT ref: 007ED776
_free.LIBCMT ref: 007ED788
_free.LIBCMT ref: 007ED79A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b69ccbe27691a6ec38b43fee12e742f1ca277f1da36e9e5f952b85330fe1c2ec
Instruction ID: bd6ebfb9ac73924f51d1c557277c2270fc09ce7cbed4464583d9af027d63b1f6
Opcode Fuzzy Hash: b69ccbe27691a6ec38b43fee12e742f1ca277f1da36e9e5f952b85330fe1c2ec
Instruction Fuzzy Hash: D7F01232546288AB8671EB66F9CAC1A7BDDBB4C710B951819F058E7517C73CFCC08A64

Function 00815C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00815C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00815C6F
MessageBeep.USER32(00000000), ref: 00815C87
KillTimer.USER32(?,0000040A), ref: 00815CA3
EndDialog.USER32(?,00000001), ref: 00815CBD

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 16a0ae5c4d2fb85fe2779daa1bf284a94340040d0ceeb1ee761a69c692672ea0
Instruction ID: 627e3dc209650ed2377011df1c5101c19bfdd2a64e2d2a11bb0c088bb66bd2da
Opcode Fuzzy Hash: 16a0ae5c4d2fb85fe2779daa1bf284a94340040d0ceeb1ee761a69c692672ea0
Instruction Fuzzy Hash: D6016D74501B04EBEB205F50DD5EFE677BCFF51B05F010559A692A10E1DBF4AA84CA90

Function 007E22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007E22BE

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007E22D0
_free.LIBCMT ref: 007E22E3
_free.LIBCMT ref: 007E22F4
_free.LIBCMT ref: 007E2305

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 472bfd149c02a6b76c73b535e97fe7867db6861468b3eff27b41f24d0901512c
Instruction ID: cd97b96eb10b8c821550071798ada21c1691fc384d3c32d3a7ed59b2041cd924
Opcode Fuzzy Hash: 472bfd149c02a6b76c73b535e97fe7867db6861468b3eff27b41f24d0901512c
Instruction Fuzzy Hash: 1CF030714021548B8A22AF59BC0A8083B6CFB1C760702551AF514E72B7CB3854539FA5

Function 007C95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 007C95D4
StrokeAndFillPath.GDI32(?,?,008071F7,00000000,?,?,?), ref: 007C95F0
SelectObject.GDI32(?,00000000), ref: 007C9603
DeleteObject.GDI32 ref: 007C9616
StrokePath.GDI32(?), ref: 007C9631

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 6eb0c816d0a68dbc80c67721d84fa3572191dbeab04b35dca851d55096734527
Instruction ID: 1e9463c47b0783279e18cc86912bea91b78c9048441a6df0216494a48cf85610
Opcode Fuzzy Hash: 6eb0c816d0a68dbc80c67721d84fa3572191dbeab04b35dca851d55096734527
Instruction Fuzzy Hash: C7F04934006A08EBDFA65F69ED1CBA43F69BB02322F448218F525650F0DB3499A2DF20

Function 007E0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 007E10F9
__freea.LIBCMT ref: 007E1117

Part of subcall function 007E1537: _free.LIBCMT ref: 007E154F

Strings

a/p, xrefs: 007E11DE
am/pm, xrefs: 007E117A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 98798344badbd48bda0d0f144e126e0b5095605fee537814fbbcf2a6dcf91ed8
Instruction ID: 3db4e4a99945eb99a5924fc0ee9c9661e8a8a4c076818f38f0d67e60aeb86a7a
Opcode Fuzzy Hash: 98798344badbd48bda0d0f144e126e0b5095605fee537814fbbcf2a6dcf91ed8
Instruction Fuzzy Hash: 2DD11771A02285CACB249F6AC85BBFEB7B5FF0E300FA44159E6019B654D37D9D80CB91

Function 00837B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 007D0242: EnterCriticalSection.KERNEL32(0088070C,00881884,?,?,007C198B,00882518,?,?,?,007B12F9,00000000), ref: 007D024D
Part of subcall function 007D0242: LeaveCriticalSection.KERNEL32(0088070C,?,007C198B,00882518,?,?,?,007B12F9,00000000), ref: 007D028A

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 007D00A3: __onexit.LIBCMT ref: 007D00A9

__Init_thread_footer.LIBCMT ref: 00837BFB

Part of subcall function 007D01F8: EnterCriticalSection.KERNEL32(0088070C,?,?,007C8747,00882514), ref: 007D0202
Part of subcall function 007D01F8: LeaveCriticalSection.KERNEL32(0088070C,?,007C8747,00882514), ref: 007D0235

Strings

5, xrefs: 00837C78
Variable must be of type 'Object'., xrefs: 00837C3A
G, xrefs: 00837C7F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: 66a08e135c1d1e6d268eee57146bbd1769b425eb253d553f9993e53c73791bb7
Instruction ID: 6cad68b10ba1a0657eed0d5186ee161fd164dd21ed18c516b8b9852417ea3775
Opcode Fuzzy Hash: 66a08e135c1d1e6d268eee57146bbd1769b425eb253d553f9993e53c73791bb7
Instruction Fuzzy Hash: 65917CB0A04209EFCB24EF98D8959ADB7B1FF85304F108059F806DB292DB75EE45CB91

Function 007E5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

Strings

JO{, xrefs: 007E5BA8, 007E5C6C

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: JO{
API String ID: 0-846867066
Opcode ID: db4b4780b453edcbef913ad2e4f8ff9962b886cba1727ce5e0cb94b67ae62a1b
Instruction ID: 79a090f00dfc20f44a4340e164f320a29d4891ace195dfdb7bcb15e5fb5ce256
Opcode Fuzzy Hash: db4b4780b453edcbef913ad2e4f8ff9962b886cba1727ce5e0cb94b67ae62a1b
Instruction Fuzzy Hash: AD51D771D0268EDFCB119FA6C849FAE7BB4BF0D318F14005AF405A72A2D6799901CB61

Function 007E8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 007E8B6E
GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 007E8B7A
__dosmaperr.LIBCMT ref: 007E8B81

Strings

.}, xrefs: 007E8A63

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr
String ID: .}
API String ID: 2434981716-2266125135
Opcode ID: d46a6e18b7d10b955ebdf18155fa8791c0d367eb3b81288f56b547a0cad9b8e8
Instruction ID: 2bd3054b87ab96cd1e0d88641f715f099e9ff838e6c2bbe03631b14d30f6a939
Opcode Fuzzy Hash: d46a6e18b7d10b955ebdf18155fa8791c0d367eb3b81288f56b547a0cad9b8e8
Instruction Fuzzy Hash: F8417EF06051C5AFC7659F5AC880A7D7FA6EF8D304B1881AAF45D8B242DE35CC02C751

Function 00812716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0081B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008121D0,?,?,00000034,00000800,?,00000034), ref: 0081B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00812760

Part of subcall function 0081B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008121FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0081B3F8

Part of subcall function 0081B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0081B355
Part of subcall function 0081B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00812194,00000034,?,?,00001004,00000000,00000000), ref: 0081B365
Part of subcall function 0081B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00812194,00000034,?,?,00001004,00000000,00000000), ref: 0081B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008127CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0081281A

Strings

@, xrefs: 00812832

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 1cf53c891e77df89c195903dfc5316426fe48ed5dadcc877db4e6a7f0bf23a84
Instruction ID: 667b42cc3c2581723e5112010567061f9352b72673e8ad9c43916afa68b1c857
Opcode Fuzzy Hash: 1cf53c891e77df89c195903dfc5316426fe48ed5dadcc877db4e6a7f0bf23a84
Instruction Fuzzy Hash: 63410E76900218AFDB10DFA8CD85ADEBBB8FF09700F108099FA55B7181DB706E95CB61

Function 007E172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 007E1769
_free.LIBCMT ref: 007E1834
_free.LIBCMT ref: 007E183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 007E1760, 007E1767, 007E1796, 007E17CE

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: c60b4b2e19d71f017cd5cf9c9ca7eb3fb29e52fa69ab0629d7c72ab802417951
Instruction ID: a0fd80694d2f3a71f29ce4c1abd4ed44b8140ca84823a14b1729bd03d08485c0
Opcode Fuzzy Hash: c60b4b2e19d71f017cd5cf9c9ca7eb3fb29e52fa69ab0629d7c72ab802417951
Instruction Fuzzy Hash: 9931C271A01298EFCB21DB9A9C8AD9EBBFCEF89720B504166F404D7211D7749E41CB90

Function 0081C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0081C306
DeleteMenu.USER32(?,00000007,00000000), ref: 0081C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00881990,017356B0), ref: 0081C395

Strings

0, xrefs: 0081C2DF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: c313f3190f4823057509d40e889098223ec995e6ca8d8f40c877ca769163f721
Instruction ID: 4a42474d967ae21da25cfcc707abacc5cb04267dab61fcf0dce14183c7c1ebaa
Opcode Fuzzy Hash: c313f3190f4823057509d40e889098223ec995e6ca8d8f40c877ca769163f721
Instruction Fuzzy Hash: 5341AD312443019FD724DF29D884B9ABBE8FF85324F008A1EF9A5D7391D730A985CB62

Function 00844416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0084CC08,00000000,?,?,?,?), ref: 008444AA
GetWindowLongW.USER32 ref: 008444C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 008444D7

Strings

SysTreeView32, xrefs: 0084447C

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 52808132590bf9e2a57b25bb5eced0ced1c14ba158a16bd354e300b9e096eed3
Instruction ID: 678c2a2f8208d07a7f7510120fe2889aac02b48f39ad2e0540155f51894a3524
Opcode Fuzzy Hash: 52808132590bf9e2a57b25bb5eced0ced1c14ba158a16bd354e300b9e096eed3
Instruction Fuzzy Hash: B7319C32201209ABDF209E38DC45BEA7BA9FB08334F219329F979E21D0D774EC509B50

Function 0083304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0083335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00833077,?,?), ref: 00833378

inet_addr.WSOCK32(?), ref: 0083307A
_wcslen.LIBCMT ref: 0083309B
htons.WSOCK32(00000000), ref: 00833106

Strings

255.255.255.255, xrefs: 00833095, 0083309A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 43439361629196dba8ee1a38035ea421ab47a523dacf2b87cfc29215e0f4e42c
Instruction ID: 1c35f26416379ed4bb949ce7da4d8c9fa5caf21feb0274e9bbfe3d4d2330df1b
Opcode Fuzzy Hash: 43439361629196dba8ee1a38035ea421ab47a523dacf2b87cfc29215e0f4e42c
Instruction Fuzzy Hash: 4031B039604605DFCB24CF68C595AAA77E0FF94318F248059E915CB3A2DB72EE45C7A0

Function 00843EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00843F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00843F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00843F78

Strings

SysMonthCal32, xrefs: 00843F0B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 85439976975d445f7486fb9a8b411f8c13875e0c0f436af981f40ef5680dba5f
Instruction ID: 44d0af4b02267bb7c0b32a61af1e5b3b1c41195c778b067b962fa4f5c5e83f2d
Opcode Fuzzy Hash: 85439976975d445f7486fb9a8b411f8c13875e0c0f436af981f40ef5680dba5f
Instruction Fuzzy Hash: 2321BC32600219BBDF219F94DC46FEA3B79FF48728F110214FE15AB1D0DAB5A854CBA0

Function 00844653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00844705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00844713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0084471A

Strings

msctls_updown32, xrefs: 00844684

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 1665c2315baae876d40db1625875509403ae9e949d2281dab25a0b37a9c37495
Instruction ID: a576bc07c0e531e035fb7637e39ad36ca8bf837efffc3141a1335f1b97ab0764
Opcode Fuzzy Hash: 1665c2315baae876d40db1625875509403ae9e949d2281dab25a0b37a9c37495
Instruction Fuzzy Hash: 93214CB560020DAFEB10DF68DC85EA737ADFB5A394B050059FA15DB351CB34EC12CA60

Function 008195AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0081961D

Strings

#notrayicon, xrefs: 008195B7
#OnAutoItStartRegister, xrefs: 008195F3
#requireadmin, xrefs: 008195D9

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 82b2bc4142944ed2496f4d944823270937b1d51264a430e921d53c122f974ed4
Instruction ID: c6fd24059aa02734bf3c7c14bc548ab0e3f2c20839342834fe7621f9b4ea49f3
Opcode Fuzzy Hash: 82b2bc4142944ed2496f4d944823270937b1d51264a430e921d53c122f974ed4
Instruction Fuzzy Hash: 74215B32104514A6D331AB24DC26FF773EDFFA1314F50402AF99AE7142EB59ADC1C2A5

Function 008437B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00843840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00843850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00843876

Strings

Listbox, xrefs: 0084380F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: f29e4770825a1aaa6f1549ae238ac7c92cf446dcfe312e45bf2ceb6e67f85814
Instruction ID: 2ca54342396679de7e0696ffc64cd80124c3b7fb04e23d79aa855f5d3a1e9d10
Opcode Fuzzy Hash: f29e4770825a1aaa6f1549ae238ac7c92cf446dcfe312e45bf2ceb6e67f85814
Instruction Fuzzy Hash: 5C21BE7260021CBBEF219F54CC85FAB7B6EFF89764F108124F9449B190CA75DC5287A0

Function 008249F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00824A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00824A5C
SetErrorMode.KERNEL32(00000000,?,?,0084CC08), ref: 00824AD0

Strings

%lu, xrefs: 00824A6F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 230fdffe052b330e5cb6c6c4761f7ac9f27bea84096d0347f6a16eb042cc4470
Instruction ID: a5bb1de06864e3dba977b6e363c4ab67559932025201e3dba44c93468f5fd2ec
Opcode Fuzzy Hash: 230fdffe052b330e5cb6c6c4761f7ac9f27bea84096d0347f6a16eb042cc4470
Instruction Fuzzy Hash: 1F313E75A00219EFDB10DF64C885EAA7BF8FF09308F1480A9E909DB252D775EE45CB61

Function 008441EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0084424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00844264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00844271

Strings

msctls_trackbar32, xrefs: 00844226

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 52fa0a5feae4908afdc35cd9b845dcb3983bb6329d7fb6f835eda5ee8b94b8af
Instruction ID: fd4c9d430e0483fbc0d19a81c24f16447997f07d4de477dfa704de68f15cdca4
Opcode Fuzzy Hash: 52fa0a5feae4908afdc35cd9b845dcb3983bb6329d7fb6f835eda5ee8b94b8af
Instruction Fuzzy Hash: F811A03124024CBEEF205E69CC06FAB3BACFF95B64F114624FA55E60A0D6B1D8519B20

Function 00812F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

Part of subcall function 00812DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00812DC5
Part of subcall function 00812DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00812DD6
Part of subcall function 00812DA7: GetCurrentThreadId.KERNEL32 ref: 00812DDD
Part of subcall function 00812DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00812DE4

GetFocus.USER32 ref: 00812F78

Part of subcall function 00812DEE: GetParent.USER32(00000000), ref: 00812DF9

GetClassNameW.USER32(?,?,00000100), ref: 00812FC3
EnumChildWindows.USER32(?,0081303B), ref: 00812FEB

Strings

%s%d, xrefs: 00812FFF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 7605e713fbe674ab2f0055302b50a4e49f4aff4dfee9a38fcc9cb182caac3481
Instruction ID: 6d864dc5c5774d7c430060042c3e1e0f4e23c3d1d4aab316c091cbe00412f79b
Opcode Fuzzy Hash: 7605e713fbe674ab2f0055302b50a4e49f4aff4dfee9a38fcc9cb182caac3481
Instruction Fuzzy Hash: 0811C0B5200209ABCF446F64DC99FEE37AEFF98304F048079B909DB252DE3499858B70

Function 00845882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008458C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008458EE
DrawMenuBar.USER32(?), ref: 008458FD

Strings

0, xrefs: 0084588F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: ef89c0a736d63e01c89feb787392cf19c2d6ccc178ab7829fe7ac453c9ea2b9f
Instruction ID: 7aceac91597fe60d071b630399a89228b7d90c313046ff354b747c3d9f79646c
Opcode Fuzzy Hash: ef89c0a736d63e01c89feb787392cf19c2d6ccc178ab7829fe7ac453c9ea2b9f
Instruction Fuzzy Hash: DE016D3150121CEFDB619F11EC48BAEBFB9FB45764F108099E849DA152EB348A84EF21

Function 0081007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d1563dfdedfb384480aa6b12b83faa3fe602aea29808be2f7e8236cb936180
Instruction ID: a866da967c318a4f187228eb2b4e7c0d2a871cc6cb3fb0c5c370d03d6d2ce90d
Opcode Fuzzy Hash: f7d1563dfdedfb384480aa6b12b83faa3fe602aea29808be2f7e8236cb936180
Instruction Fuzzy Hash: 86C13A75A0020AEFDB15CFA8C894AAEB7B9FF48704F208598E515EB251D771EDC1CB90

Function 0083342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00833459
CoUninitialize.OLE32 ref: 00833463
VariantInit.OLEAUT32(?), ref: 0083346E
VariantClear.OLEAUT32(?), ref: 0083371B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 75b7353d982eb1e510f8e53a2ef54d8a8db8d23973a5207a08eea0dae982b883
Instruction ID: 92ce67a49cefdf139c223b5cde8093c237f6fd10137c43dda0d27d38cd258d19
Opcode Fuzzy Hash: 75b7353d982eb1e510f8e53a2ef54d8a8db8d23973a5207a08eea0dae982b883
Instruction Fuzzy Hash: 23A10575604200DFC714DF28C58AA6AB7E5FF89714F048859F98ADB362DB34EE41CB92

Function 00810436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0084FC08,?), ref: 008105F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0084FC08,?), ref: 00810608
CLSIDFromProgID.OLE32(?,?,00000000,0084CC40,000000FF,?,00000000,00000800,00000000,?,0084FC08,?), ref: 0081062D
_memcmp.LIBVCRUNTIME ref: 0081064E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: c65a2eaed473acbcabbf1b14353dca9d19b167a6e3a89d09569248e735c725f5
Instruction ID: 6dc64e35e544a9c4072dd6513a524f173a7db8d840d7a988e65c304a5456cd02
Opcode Fuzzy Hash: c65a2eaed473acbcabbf1b14353dca9d19b167a6e3a89d09569248e735c725f5
Instruction Fuzzy Hash: 2481B775A00209EFCB04DF94C984AEEB7B9FF89315F204558E516EB250DB71AE86CF60

Function 007F1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 007F14C0

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e204988bb32e63fe7620c2732fb3bf5e134e094ab50f2c1225211a3016b20148
Instruction ID: f3aa2bdd580eb7ddab53caec05328eafaf2aee629d84bff199b61a06b2966724
Opcode Fuzzy Hash: e204988bb32e63fe7620c2732fb3bf5e134e094ab50f2c1225211a3016b20148
Instruction Fuzzy Hash: C441313250018CEBDB256BFD9C496BE3AB4FF85370F544226F619D7392E63C48415671

Function 00846278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 008462E2
ScreenToClient.USER32(?,?), ref: 00846315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00846382

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 2828b9dcdc0ff39fcd2a647ef75036aed9943d27a0681dfa6a50cc024acf4ee1
Instruction ID: bb55c95fea430547b117a4c240ea1e73ca96b1ca5a051c331e0bd50b3f548383
Opcode Fuzzy Hash: 2828b9dcdc0ff39fcd2a647ef75036aed9943d27a0681dfa6a50cc024acf4ee1
Instruction Fuzzy Hash: 0A513A74A00249EFCF14DF68D884AAE7BB5FB46364F108259F815DB290E770ED91CB51

Function 00831AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00831AFD
WSAGetLastError.WSOCK32 ref: 00831B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00831B8A
WSAGetLastError.WSOCK32 ref: 00831B94

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 6665deaf2a74a8f154abda4d0dcd73083c38112c0f1c769ecec0018287a561a9
Instruction ID: edd746a5e746f2c5cc8df41684abfb45bdde96bb1e0a2ce7b018a806f65d2597
Opcode Fuzzy Hash: 6665deaf2a74a8f154abda4d0dcd73083c38112c0f1c769ecec0018287a561a9
Instruction Fuzzy Hash: 0E419035600200AFEB20AF24C88AF6677E5EB85718F54849CFA1A9F2D2D776DD41CBD0

Function 007EB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9108068d1149ba4d5a2882e77cbfdcb03d7c964b29cede1f05f572c0f4e29ca0
Instruction ID: 17ec7b6c3e38fc777425bb7cecab36a53ab7f859e837c94d787e9d951dba0b42
Opcode Fuzzy Hash: 9108068d1149ba4d5a2882e77cbfdcb03d7c964b29cede1f05f572c0f4e29ca0
Instruction Fuzzy Hash: 2741E4B2A01384EFD7249F79CC45B6BBFA9EB8D710F10452AF542DB2C2D779A9118780

Function 008256D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00825783
GetLastError.KERNEL32(?,00000000), ref: 008257A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008257CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008257FA

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 98d15047776dfd438f62c5f904add460fbdc1dd46be7705f111a0fc12e407fe0
Instruction ID: c7ba3682f19bdefb39a0457eb554ffafce1564d766c87f88b9f208be4261ab9e
Opcode Fuzzy Hash: 98d15047776dfd438f62c5f904add460fbdc1dd46be7705f111a0fc12e407fe0
Instruction Fuzzy Hash: 58412B39600610DFCB25DF15C445A5EBBE6FF89320B18C498E84AAB762CB74FD40CB91

Function 007ED8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,007D6D71,00000000,00000000,007D82D9,?,007D82D9,?,00000001,007D6D71,?,00000001,007D82D9,007D82D9), ref: 007ED910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007ED999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007ED9AB
__freea.LIBCMT ref: 007ED9B4

Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: a8d5c3998b6dea91c73d238f89002388254ce34ab4ff39e2401e3b881ae8f801
Instruction ID: 62d11487300ae86361eefad162754f9d9428c169aa3a29dc2cd312f2552c3e88
Opcode Fuzzy Hash: a8d5c3998b6dea91c73d238f89002388254ce34ab4ff39e2401e3b881ae8f801
Instruction Fuzzy Hash: AD31FE72A0124AABDF24CF66DC45EAE7BA5EF45310F054169FC04DB252EB39ED50CBA0

Function 008452C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00845352
GetWindowLongW.USER32(?,000000F0), ref: 00845375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00845382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008453A8

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: e62ed31fd5d1e050d23eba2cf42c4e8730d469434b17556289a5c05035504dc3
Instruction ID: 1155d0d8da569597d5be3e2e3f786d0f05c4c3c0c44215608415496398a0ba32
Opcode Fuzzy Hash: e62ed31fd5d1e050d23eba2cf42c4e8730d469434b17556289a5c05035504dc3
Instruction Fuzzy Hash: D7319E34A55A0CEFEB209E14CC19BED77A5FB06394F584145FA11D63E2C7B49D40DB41

Function 0081AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0081ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 0081AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 0081AC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0081ACC6

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 32992018e734a913a8e53b8ba64cb2e32f1250e21b4bcc7aea413c9b6f1279a0
Instruction ID: 6f33f02a91c2618ca841ad655a6c3c4291f9daa839fc37c28b1edfc861fe1440
Opcode Fuzzy Hash: 32992018e734a913a8e53b8ba64cb2e32f1250e21b4bcc7aea413c9b6f1279a0
Instruction Fuzzy Hash: 1E31F270A02618AFEB39CB69C8047FA7BAEFF89310F04421AE485D22D1D37589C587D2

Function 00847674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0084769A
GetWindowRect.USER32(?,?), ref: 00847710
PtInRect.USER32(?,?,00848B89), ref: 00847720
MessageBeep.USER32(00000000), ref: 0084778C

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: ee4ace036fc9b6b76380c39d2c90543b1b0013ae8466de1f196d4961695f139d
Instruction ID: 2192f2049da4cba4b1fbd9aed070848eecea182820d74dfd39f7364943461e58
Opcode Fuzzy Hash: ee4ace036fc9b6b76380c39d2c90543b1b0013ae8466de1f196d4961695f139d
Instruction Fuzzy Hash: 3F41A038605259DFDB11CF58C898EA9BBF9FF49314F9680A9E414DB261C730E942CF90

Function 008416DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 008416EB

Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65

GetCaretPos.USER32(?), ref: 008416FF
ClientToScreen.USER32(00000000,?), ref: 0084174C
GetForegroundWindow.USER32 ref: 00841752

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: a91f512321ac22e7cbdf84f4e58311c564d3f0978e94eedf9e6c75f0ef576d72
Instruction ID: 0b8d8c4da40f51820a425779c94815b291c13322725b086a4ab5455a2d8e6567
Opcode Fuzzy Hash: a91f512321ac22e7cbdf84f4e58311c564d3f0978e94eedf9e6c75f0ef576d72
Instruction Fuzzy Hash: 28313D75D00149AFCB04EFA9C8859EEBBFDFF48304B5480AAE415E7211D6359E45CBA1

Function 0081DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

_wcslen.LIBCMT ref: 0081DFCB
_wcslen.LIBCMT ref: 0081DFE2
_wcslen.LIBCMT ref: 0081E00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0081E018

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 22fabb79f9fbbd2daafa28e131aebcb667a28093c113d98fa66a7745a542ecb0
Instruction ID: ff5705144ecf747d79a906bb6658590d888e378fda7c29b0378acbda2546a94a
Opcode Fuzzy Hash: 22fabb79f9fbbd2daafa28e131aebcb667a28093c113d98fa66a7745a542ecb0
Instruction Fuzzy Hash: 9921BF71900614EFCB209FA8D881BAEB7F8FF49750F144069E805FB342D6749E41CBA1

Function 0081D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0081D501
Process32FirstW.KERNEL32(00000000,?), ref: 0081D50F
Process32NextW.KERNEL32(00000000,?), ref: 0081D52F
CloseHandle.KERNEL32(00000000), ref: 0081D5DC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: a1ccf2014cc592bab459987a593b026a3ea143ba6fd07ef37e8f8eeb29746ffd
Instruction ID: 3aeea90104eb74051dd1f5db9c70921e7c62b55fc94638c7c2f57f4c9a66b9a1
Opcode Fuzzy Hash: a1ccf2014cc592bab459987a593b026a3ea143ba6fd07ef37e8f8eeb29746ffd
Instruction Fuzzy Hash: B1314D711083009FD301EF54C889BEABBE9FF99354F14092DF685861A1EB719985CB92

Function 00848FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

GetCursorPos.USER32(?), ref: 00849001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00807711,?,?,?,?,?), ref: 00849016
GetCursorPos.USER32(?), ref: 0084905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00807711,?,?,?), ref: 00849094

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 9c3dc55b092400d9bd754e59ab5f6aa56974abd71316e4b1acb6b22b8b7d18a7
Instruction ID: 895513a63db2c0a3cc037b4a17a9b0046352f141bfd8e24ea4f8b01b62a8e786
Opcode Fuzzy Hash: 9c3dc55b092400d9bd754e59ab5f6aa56974abd71316e4b1acb6b22b8b7d18a7
Instruction Fuzzy Hash: 9F21AB35601418EFDB25CF98CC58EEB7BB9FB8A350F014069F9458B261C735A990DB60

Function 0081D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,0084CB68), ref: 0081D2FB
GetLastError.KERNEL32 ref: 0081D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 0081D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0084CB68), ref: 0081D376

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 8b54ba8a630571cf7ead8ff8fb40e39efc4b37852b22a00fb85a8c930b7c5dcf
Instruction ID: a462225bb752836ea9add0e225db0aaadaa41b232c6f82c28d2365f80847a51a
Opcode Fuzzy Hash: 8b54ba8a630571cf7ead8ff8fb40e39efc4b37852b22a00fb85a8c930b7c5dcf
Instruction Fuzzy Hash: 90216D74509301DF8710DF28C885AAAB7ECFE56364F104A1DF4A9C73A1EB359986CB93

Function 00811571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00811014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0081102A
Part of subcall function 00811014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00811036
Part of subcall function 00811014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811045
Part of subcall function 00811014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0081104C
Part of subcall function 00811014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008115BE
_memcmp.LIBVCRUNTIME ref: 008115E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00811617
HeapFree.KERNEL32(00000000), ref: 0081161E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 5b592aac3eb90ee84384de33dfdb77ccadc5c668f7b27132b5841e26f9b9f257
Instruction ID: 2f0dd5b005da9f80202475da1c0be02c6201c66e130a7a0070ef5d4b5b12f4bd
Opcode Fuzzy Hash: 5b592aac3eb90ee84384de33dfdb77ccadc5c668f7b27132b5841e26f9b9f257
Instruction Fuzzy Hash: 0C215531E01108ABDF00DFA4C949BEEB7B9FF94344F084459E541AB241E731AA85CBA0

Function 00842782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 0084280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00842824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00842832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00842840

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 8743e5a52421e55d385458beaa0c5f62ca1de7c5a47c725df5cee526104246de
Instruction ID: 6d6edc6f218f67560697b2ee54c1284ed801a6fc73095bf80e1ca62de043452d
Opcode Fuzzy Hash: 8743e5a52421e55d385458beaa0c5f62ca1de7c5a47c725df5cee526104246de
Instruction Fuzzy Hash: 7021D335209119AFD714DB24C844FAA7B99FF46324F158258F826CB6E2CB75FC42CB91

Function 008178F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00818D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?), ref: 00818D8C
Part of subcall function 00818D7D: lstrcpyW.KERNEL32(00000000,?,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00818DB2
Part of subcall function 00818D7D: lstrcmpiW.KERNEL32(00000000,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?), ref: 00818DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817923
lstrcpyW.KERNEL32(00000000,?,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817984

Strings

cdecl, xrefs: 0081797B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: a89660e2b35abb6c13fdb6a1ac615492b6f359d3664075f7f3230b8d64516ecd
Instruction ID: fa8c2db5284cc1c2cf2ba900f07e2d27de3cadca98e5b613c606a79864a0dbb5
Opcode Fuzzy Hash: a89660e2b35abb6c13fdb6a1ac615492b6f359d3664075f7f3230b8d64516ecd
Instruction Fuzzy Hash: AA11D33A201302ABCB159F38D845EBA7BBDFF95350B50802EF946C72A4EB359855C7A1

Function 00847CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00847D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00847D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00847D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0082B7AD,00000000), ref: 00847D6B

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: c050399ff5e834137a3bcc14b2a59bbf8e53bebd721d06c56e078df5a18b5a02
Instruction ID: 87094aa5715eee062c8cb7f1d4169a6ab2205526acabfd8d8aded194f60d2b02
Opcode Fuzzy Hash: c050399ff5e834137a3bcc14b2a59bbf8e53bebd721d06c56e078df5a18b5a02
Instruction Fuzzy Hash: DC117235615619AFCB109F68CC08B6A3BA9FF46360B158728F939D72F0E7349D51CB50

Function 00845660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 008456BB
_wcslen.LIBCMT ref: 008456CD
_wcslen.LIBCMT ref: 008456D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00845816

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 0e4d1f276634818fcb86b1a879e1d557200c8c2cdf8c1fb243c237ff707999ff
Instruction ID: 3484552f2f3c67d321c276cb60f82bb38d1ce680c39090847b957b44be3e2dbf
Opcode Fuzzy Hash: 0e4d1f276634818fcb86b1a879e1d557200c8c2cdf8c1fb243c237ff707999ff
Instruction Fuzzy Hash: 9111D67560060CA7DF209F65DC85AEE7B7CFF11768B104026F915D6182EB74D984CB64

Function 007E1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dd7fd04ca75169d278e244f8c769b7cbeca5733714f943e9683eb9237c5b1c0
Instruction ID: fe290e7e2c72f60db6776a24b9c03c6fedfcdf2f563bb5cfae85e83dbc079d88
Opcode Fuzzy Hash: 2dd7fd04ca75169d278e244f8c769b7cbeca5733714f943e9683eb9237c5b1c0
Instruction Fuzzy Hash: 880126B230768A7EF620567A6CC6F27261CEF893B8F710325F520611D2DB788C008230

Function 00811A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00811A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A8A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fbab5c9d7572e63aaca50371be4c4583fe74d3473cbe7cff835f32adddc45524
Instruction ID: c4ce0156bd020ed29fc44fdca4a23a53a34c0b2258e02c5a40e9d9a51a564818
Opcode Fuzzy Hash: fbab5c9d7572e63aaca50371be4c4583fe74d3473cbe7cff835f32adddc45524
Instruction Fuzzy Hash: 3811157A901229FFEF109BA48985FADBB78FF08750F200091EA00B7290D6716E50DB94

Function 0081E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0081E1FD
MessageBoxW.USER32(?,?,?,?), ref: 0081E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0081E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0081E24D

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: f93c5fd011f796ec07efb20c578a342a3d16b6d9f3852c41420741f68444ab7d
Instruction ID: 5ed4ae3820332df490a8b6845d92a328e42ffdddab12b8037817139b0a97c0fd
Opcode Fuzzy Hash: f93c5fd011f796ec07efb20c578a342a3d16b6d9f3852c41420741f68444ab7d
Instruction Fuzzy Hash: 4511A176A04258ABCB119FACAC09ADA7BACFF46320F144255F925E3391D7B49D4487A0

Function 007DD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,007DCFF9,00000000,00000004,00000000), ref: 007DD218
GetLastError.KERNEL32 ref: 007DD224
__dosmaperr.LIBCMT ref: 007DD22B
ResumeThread.KERNEL32(00000000), ref: 007DD249

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 352b6130a77ccbddf48526a7e6c906f66062611a2b1cc07181f9c0b731c8a6d0
Instruction ID: e6c4c804c30b0d03289cef334efb6de2e75e4b90f32bfcfe37204c785bc332aa
Opcode Fuzzy Hash: 352b6130a77ccbddf48526a7e6c906f66062611a2b1cc07181f9c0b731c8a6d0
Instruction Fuzzy Hash: 7E01D236806208BBCB215BA5DC09BAE7A7DFF82330F10021BF925923D0DB799D01C6A0

Function 00849EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

GetClientRect.USER32(?,?), ref: 00849F31
GetCursorPos.USER32(?), ref: 00849F3B
ScreenToClient.USER32(?,?), ref: 00849F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00849F7A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 680494a3136c8c5fcfdb74acc64cad369d0280f335facc23a24a5b0c55ed1445
Instruction ID: 5cafb044af27647778c73202dd575c9ba5e31d02f2852246e480be5465c7f854
Opcode Fuzzy Hash: 680494a3136c8c5fcfdb74acc64cad369d0280f335facc23a24a5b0c55ed1445
Instruction Fuzzy Hash: 9811363690111EABDB20DFA8D8499EE77BCFB46311F000455F941E3140DB34BE86CBA1

Function 007B600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
GetStockObject.GDI32(00000011), ref: 007B6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 045f1a72f3a26d05369785865b7cb313a5ddb26b8ebb23e05a574f5b3063e17a
Instruction ID: 3309361e98cc23b9cd5a51cf7ca7c9fe72dea1382fae584b3c3a91f7236cf04a
Opcode Fuzzy Hash: 045f1a72f3a26d05369785865b7cb313a5ddb26b8ebb23e05a574f5b3063e17a
Instruction Fuzzy Hash: 6D115B72502508BFEF529FA59C44EFABBADFF197A4F040216FB1452120D73A9C60DBA0

Function 007D3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 007D3B56

Part of subcall function 007D3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 007D3AD2
Part of subcall function 007D3AA3: ___AdjustPointer.LIBCMT ref: 007D3AED

_UnwindNestedFrames.LIBCMT ref: 007D3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 007D3B7C
CallCatchBlock.LIBVCRUNTIME ref: 007D3BA4

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: cce51fc8d84b2eb94deed27e5dbd3e9b0634cff22a8469cc805a35ee2300c8b5
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 0C012D72100148BBDF115F95CC46DEB3F7AEF48754F04401AFE4856221C73AE961DBA1

Function 007E3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007B13C6,00000000,00000000,?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue), ref: 007E30A5
GetLastError.KERNEL32(?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue,00852290,FlsSetValue,00000000,00000364,?,007E2E46), ref: 007E30B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue,00852290,FlsSetValue,00000000), ref: 007E30BF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 21b25d95abe8e4727473bc62f650161a6e36fb394b710fd07915f4c96f78dbe8
Instruction ID: ffe4ef273f0a4e12a9df7f7297eb37be5b9a71668a13bdf0df0555b1d2048d34
Opcode Fuzzy Hash: 21b25d95abe8e4727473bc62f650161a6e36fb394b710fd07915f4c96f78dbe8
Instruction Fuzzy Hash: 1601F736303266ABCB718B7A9C4CA677B9EBF4AB61B200720F905E3140C729D901C6E0

Function 00817464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0081747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00817497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008174AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008174CA

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 650b28fb4d1f4606f36a3286b1f94754efeb9c36d5742fb40b42ceb42fb32aae
Instruction ID: 075e860acb4a582f8c5229e99f74c871f2bc8db29abf888d9e46979e1510225f
Opcode Fuzzy Hash: 650b28fb4d1f4606f36a3286b1f94754efeb9c36d5742fb40b42ceb42fb32aae
Instruction Fuzzy Hash: 99118BB9206315ABE7208F18DD08FD27BFCFF00B04F10856EA656D6191DBB0E984DBA4

Function 0081B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B126

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 48a2ef8fb6b148cdac123c23a5e487312f96d426a28dff42fe670c231cd38b89
Instruction ID: da1fa793a2001e17270a5096d12a3f86bbcd1b0f2dc09c75e3182ef8c50a4a9d
Opcode Fuzzy Hash: 48a2ef8fb6b148cdac123c23a5e487312f96d426a28dff42fe670c231cd38b89
Instruction Fuzzy Hash: 38113931C0292DE7CF00AFE4E958AEEBB7CFF0A711F114089D955B2181DB309690CB51

Function 00847E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00847E33
ScreenToClient.USER32(?,?), ref: 00847E4B
ScreenToClient.USER32(?,?), ref: 00847E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00847E8A

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 650e60726384ca0732650777651d1df83275e1d1b7f884e1c791fbf75fad9e48
Instruction ID: 0ddbd39e18f86e502b8d5086b5f87fbfb66fe1da482e0a9919193be094b3d241
Opcode Fuzzy Hash: 650e60726384ca0732650777651d1df83275e1d1b7f884e1c791fbf75fad9e48
Instruction Fuzzy Hash: 771153B9D0020AAFDB41CF98C884AEEBBF9FF19310F509166E915E3210D735AA54CF90

Function 00812DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00812DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00812DD6
GetCurrentThreadId.KERNEL32 ref: 00812DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00812DE4

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: ee6c6068d4d00478175ac7889816a09b3f5d876ebf92eab2c29cb7e5b680033f
Instruction ID: 47df54622771c2c631a9e814110f028368c56dbe4443fc2fb7b64ba95f0b0cba
Opcode Fuzzy Hash: ee6c6068d4d00478175ac7889816a09b3f5d876ebf92eab2c29cb7e5b680033f
Instruction Fuzzy Hash: 35E0EDB56022287AD7601BA2EC0DEEB7E6CFF57BA1F414119B506D10909AA58981C6B1

Function 00848863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 007C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96A2
Part of subcall function 007C9639: BeginPath.GDI32(?), ref: 007C96B9
Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00848887
LineTo.GDI32(?,?,?), ref: 00848894
EndPath.GDI32(?), ref: 008488A4
StrokePath.GDI32(?), ref: 008488B2

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 1d02b8c2d0304f3b9224204003e37026857f277bb04c0cdb940d10920d9ff681
Instruction ID: 20a38d9ed3dd85ae02279bfa6b9c1a4f6ad8188e8f8fe8181ec2984ddeb694ae
Opcode Fuzzy Hash: 1d02b8c2d0304f3b9224204003e37026857f277bb04c0cdb940d10920d9ff681
Instruction Fuzzy Hash: FFF03A3A042658FADB125F94AC0DFCE3F5DBF16310F448100FA11650E2CB795511CBA9

Function 007C98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 007C98CC
SetTextColor.GDI32(?,?), ref: 007C98D6
SetBkMode.GDI32(?,00000001), ref: 007C98E9
GetStockObject.GDI32(00000005), ref: 007C98F1

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: bb042d19db3b5bb4f6906f3dc882655ad4791df2d0d743e664fc3f8eb4fca947
Instruction ID: 87c73e50b79ce0d56a9dc8e4514ff6f1d15e70f6bbe25832d6a4961b6a7a5c5d
Opcode Fuzzy Hash: bb042d19db3b5bb4f6906f3dc882655ad4791df2d0d743e664fc3f8eb4fca947
Instruction Fuzzy Hash: 10E06D35645680AAEBA15B74AC09BE83F24FB16336F04821AF7FA980E1C7715640DB10

Function 0081162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00811634
OpenThreadToken.ADVAPI32(00000000,?,?,?,008111D9), ref: 0081163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008111D9), ref: 00811648
OpenProcessToken.ADVAPI32(00000000,?,?,?,008111D9), ref: 0081164F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: a078a80f433d401bac9efca365a8b1257342b8008e380df04017da6c866e0e6d
Instruction ID: e64f9d6bbc5286c102c18ad84a9b7e0be76c1581370867597684db660c95620a
Opcode Fuzzy Hash: a078a80f433d401bac9efca365a8b1257342b8008e380df04017da6c866e0e6d
Instruction Fuzzy Hash: AEE04F356022119BDBA01FA19D0DB867B6CFF56791F144809F246C9090D6644480CB50

Function 0080D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0080D858
GetDC.USER32(00000000), ref: 0080D862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0080D882
ReleaseDC.USER32(?), ref: 0080D8A3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 71af866e893cf2f108df2042461eec6fefa9a422a0a2af59f33a3eb0dc9d6d73
Instruction ID: 13321e3ed673f8acc9d190eacb0a759ad6745cbe7fdaf895e1cfbf6239a866b8
Opcode Fuzzy Hash: 71af866e893cf2f108df2042461eec6fefa9a422a0a2af59f33a3eb0dc9d6d73
Instruction Fuzzy Hash: 1AE01AB9801204DFCB919FA0D80CA6DBBB9FB19310F15D45DF806E7260C7388941EF40

Function 0080D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0080D86C
GetDC.USER32(00000000), ref: 0080D876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0080D882
ReleaseDC.USER32(?), ref: 0080D8A3

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 92930487ac24d5aeb003586e5637af17dc9f4d468713c256e5f06a10f4043d81
Instruction ID: fb8f7df383d276537f4b873886af573eceff8f8f58ac5c3633cf56e53c440740
Opcode Fuzzy Hash: 92930487ac24d5aeb003586e5637af17dc9f4d468713c256e5f06a10f4043d81
Instruction Fuzzy Hash: 03E012B9801200EFCB91AFA0D80CA6DBBB9BB18310B15904DF80AE7260CB385901EF40

Function 00824D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00824ED4

Strings

LPT, xrefs: 00824DFB
*, xrefs: 00824E10

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 4486a246dbeed911b2aa277a325ae5d32884325d52cca0758779172d297efda7
Instruction ID: e455c64542f3f60f92b3bc824cbfb99804a26d372fdb64951ebe8365511e19c9
Opcode Fuzzy Hash: 4486a246dbeed911b2aa277a325ae5d32884325d52cca0758779172d297efda7
Instruction Fuzzy Hash: 90915D75A00214DFDB14DF54D584EA9BBF1FF84308F199099E80A9B3A2CB35ED85CBA1

Function 007DE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 007DE30D

Strings

pow, xrefs: 007DE2E5, 007DE302

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c24ba329d51ee94fb4fec6408fa400269111273a5592d596e66f879c91bccf1c
Instruction ID: d1aca00e533d87af2d3d85465686fa6d49425c17236073528bbe33e1683875b8
Opcode Fuzzy Hash: c24ba329d51ee94fb4fec6408fa400269111273a5592d596e66f879c91bccf1c
Instruction Fuzzy Hash: 55517D61A0D24296CB1BB715CD453793BB8FB44741F34899AF0D54A3E9EF3C8C81DA46

Function 007CE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 007CE1B1

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 731caa0cacfd3f05764a35a1f52625675a7d55b90583395a9d3c5173bf92b4da
Instruction ID: a0e0574afa566caabd0df11704e73db328291abee784368646056cd2d93df8d9
Opcode Fuzzy Hash: 731caa0cacfd3f05764a35a1f52625675a7d55b90583395a9d3c5173bf92b4da
Instruction Fuzzy Hash: 4A513335601246DFDB25DF28C885BFA7BA8FF55310F24845DE891DB2C0DA389D42CBA0

Function 007CF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 007CF2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 007CF2BB

Strings

@, xrefs: 007CF2AF

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 4231ab75b2eb5cab69395742c67e2dbbb786614f2f3ecc27fb58f946dee20a4e
Instruction ID: 3bde580d16c01c80ca60aa0703b44a4a87176a18361d47c7f36ffcf31841fa65
Opcode Fuzzy Hash: 4231ab75b2eb5cab69395742c67e2dbbb786614f2f3ecc27fb58f946dee20a4e
Instruction Fuzzy Hash: 26512472418744DBD320AF10D88ABABBBF8FB84300F85885DF199811A5EB748529CB67

Function 00835745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008357E0
_wcslen.LIBCMT ref: 008357EC

Strings

CALLARGARRAY, xrefs: 008357E6, 008357EB

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 2a8cbcd6c6a20a1b1ad6bedc6c3ee26c616fc7a4865f1bb77bcf05fc963859a6
Instruction ID: 9b4aa4ad0486f56b69684687b479536400e46f84f8c4f47c98e3771e86572609
Opcode Fuzzy Hash: 2a8cbcd6c6a20a1b1ad6bedc6c3ee26c616fc7a4865f1bb77bcf05fc963859a6
Instruction Fuzzy Hash: CE417B71A00209DFCB14EFA9C8869AEBBB5FF99724F14406DE505E7291E7349D81CBA0

Function 0082D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0082D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0082D13A

Strings

|, xrefs: 0082D10B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: e6bdfb16a3302687b4c644f36a6cbc6ef092c59fb416fecf6aec27b1ca3c13bc
Instruction ID: 90cb027f29bb1966fd41cade51f9b97d776b7f7d4da69dfbe65080a66a028a56
Opcode Fuzzy Hash: e6bdfb16a3302687b4c644f36a6cbc6ef092c59fb416fecf6aec27b1ca3c13bc
Instruction Fuzzy Hash: DA313D71D00219EBCF15EFA4DC89AEEBFB9FF04304F100019F915A61A2E735AA56CB50

Function 0084356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00843621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0084365C

Strings

static, xrefs: 008435BC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: cde8ff80f452406edd14703b4eca76a618658a3134d7b99c46acd22e846fe70e
Instruction ID: b38273474efd00566f789cc8dc224cdf0dea4106e98ef89d1b150c0d8388403b
Opcode Fuzzy Hash: cde8ff80f452406edd14703b4eca76a618658a3134d7b99c46acd22e846fe70e
Instruction Fuzzy Hash: 2E318B71100208AEDB109F28DC81FFB73A9FF98724F01961DF9A5D7280DA34AD91D760

Function 00844537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0084461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00844634

Strings

', xrefs: 0084458E

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: ddc320d0b2ac1850c42bd35a704b1aa1591d15bcea3de07d3f71126650ad9518
Instruction ID: c4464c42456f18ed92abcffdef0fb7452e3bce76c10ba5e013144f27457a82e5
Opcode Fuzzy Hash: ddc320d0b2ac1850c42bd35a704b1aa1591d15bcea3de07d3f71126650ad9518
Instruction Fuzzy Hash: C1311674A0120A9FEF14CFA9C981BDABBB5FB09304F11516AE904EB341E770A941CF90

Function 008431EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0084327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00843287

Strings

Combobox, xrefs: 00843249

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 0f3fc38bb4fa408a60f52cc42f8321a926c22700b88828db42fa5a3438f93434
Instruction ID: 56c278f566167a7f9c7c240396078fed9a4896da22fac78da8aee52565d0a99f
Opcode Fuzzy Hash: 0f3fc38bb4fa408a60f52cc42f8321a926c22700b88828db42fa5a3438f93434
Instruction Fuzzy Hash: C811E27130021CBFFF219E54DC84EBB376AFB94365F104129F918E7290D6B19D518760

Function 00843710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 007B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
Part of subcall function 007B600E: GetStockObject.GDI32(00000011), ref: 007B6060
Part of subcall function 007B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A

GetWindowRect.USER32(00000000,?), ref: 0084377A
GetSysColor.USER32(00000012), ref: 00843794

Strings

static, xrefs: 00843757

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 98fb6cb6d2af43dfd6a7543cab4fda905cac549e0ee2f579513fbce18c972d3e
Instruction ID: bdebe9097ade9d6eb677833f92052c27917069f6c898326c9138d3eaf3068594
Opcode Fuzzy Hash: 98fb6cb6d2af43dfd6a7543cab4fda905cac549e0ee2f579513fbce18c972d3e
Instruction Fuzzy Hash: 1A1114B2610209AFDB00DFA8CC46AEA7BB8FB19314F014925F995E2250EB35E8519B60

Function 0082CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0082CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0082CDA6

Strings

<local>, xrefs: 0082CD66

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 7546942a85d1c6e1dbfb562718d782b7ccfa52b5ba45c7ef3892fb5f4ae9eb21
Instruction ID: 866c55de97b99e9a797e4d49d9dd54627f7970ff85f50d424ab671f10b64b5c5
Opcode Fuzzy Hash: 7546942a85d1c6e1dbfb562718d782b7ccfa52b5ba45c7ef3892fb5f4ae9eb21
Instruction Fuzzy Hash: CF11C675205635BAE7744B669C45EFBBE6CFF127A8F004226B109C3180D7749885D6F0

Function 00843429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 008434AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008434BA

Strings

edit, xrefs: 0084348F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 0b05aa99c5084f3edc06199eae86ab3daaf553215719654eefe4616b8dbdac49
Instruction ID: 5ffc070907786c82c05a7ef23b8bbafb895468806aa7979e660796b310a58703
Opcode Fuzzy Hash: 0b05aa99c5084f3edc06199eae86ab3daaf553215719654eefe4616b8dbdac49
Instruction Fuzzy Hash: 1E118C7120020CABEB129E68DC44AEB3B6EFB25378F504324FA65D31E0C775DD519B68

Function 00816C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

CharUpperBuffW.USER32(?,?,?), ref: 00816CB6
_wcslen.LIBCMT ref: 00816CC2

Strings

STOP, xrefs: 00816CBC, 00816CC1

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 0de969964638197b9059f1a4e327ba514083c316271e4de17f6dedfea8ee5a6e
Instruction ID: fe1d592cee2147167a732a5a081b95cd2af626aef173e5642108d64bb8716bb8
Opcode Fuzzy Hash: 0de969964638197b9059f1a4e327ba514083c316271e4de17f6dedfea8ee5a6e
Instruction Fuzzy Hash: 2001C832A005268BCB209FBDDC859FF77B9FF617147500524E9A2D6194FB35D990C690

Function 00811CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00811D4C

Strings

ComboBox, xrefs: 00811CEB
ListBox, xrefs: 00811D16

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 44c664b64b4fc40eae469592dcfb40b3089f4f476fe2ffc8a953e8b8bd079b3f
Instruction ID: 355a8ff5885acc09cf363920a7c1f8545435a2eda2ff57a6f7f2e6c743d8a9b7
Opcode Fuzzy Hash: 44c664b64b4fc40eae469592dcfb40b3089f4f476fe2ffc8a953e8b8bd079b3f
Instruction Fuzzy Hash: 3E01D875601218AB8F04EBA4DC59DFE776CFF56350B140519FA36A73C1EA345948C660

Function 00811BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00811C46

Strings

ComboBox, xrefs: 00811BE5
ListBox, xrefs: 00811C10

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: afcc4f6516009f8c547af5e5925e11f1a9e452c6337d5b4a97c9769845ccd119
Instruction ID: 3dbd65f795c5e87bdaf3cc0415f2a458daab8c1434daee9773a16fab64a6404e
Opcode Fuzzy Hash: afcc4f6516009f8c547af5e5925e11f1a9e452c6337d5b4a97c9769845ccd119
Instruction Fuzzy Hash: 24016775781108A7CF14EBA4C959AFFB7ACFF15340F140019BA27B7281EA649E48D6F1

Function 00811C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00811CC8

Strings

ComboBox, xrefs: 00811C69
ListBox, xrefs: 00811C94

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: c929876f72f8c983fd04f0f3843675249c88346ce7b9cad841efd8ec880a2e34
Instruction ID: af2df4fd33fa047b78ba71b34cd1b64b27c7ef02900a72a847b160a2c4dac923
Opcode Fuzzy Hash: c929876f72f8c983fd04f0f3843675249c88346ce7b9cad841efd8ec880a2e34
Instruction Fuzzy Hash: 16016775641118A7CF14E7A4CA59AFE77ACFF11340B540015BA16F3281EA659F48C6F1

Function 00811D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00811DD3

Strings

ComboBox, xrefs: 00811D75
ListBox, xrefs: 00811DA0

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: b9cad59d8d61aa57293a647d1a203afce2228bac2b7668dd5f16f7051381456e
Instruction ID: 8ed1e5e2453ce5bfbb9405e2f0c8d69b5130a39d5efa73596a3fa99c785b1b4a
Opcode Fuzzy Hash: b9cad59d8d61aa57293a647d1a203afce2228bac2b7668dd5f16f7051381456e
Instruction Fuzzy Hash: C7F0A471A41218A7DF04E7A4DC9ABFE776CFF02354F140919BA36E32C1EA64994882A1

Function 0083747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00837493
_wcslen.LIBCMT ref: 008374B9

Strings

3, 3, 16, 1, xrefs: 00837483

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: 9f12e271cb67e940d73a0713f41820832bd969109cbe90b71bf67f98d2b41939
Instruction ID: dc864e4d952e30fa594f8c27769b698985bfc8a4d0c7135bbed5b46ae303ab39
Opcode Fuzzy Hash: 9f12e271cb67e940d73a0713f41820832bd969109cbe90b71bf67f98d2b41939
Instruction Fuzzy Hash: 91E06182305320719331137BDCC597F5699EFC9750B10182BF9C5C236AFAA8ED9193E5

Function 00810B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00810B23

Strings

Error allocating memory., xrefs: 00810B1C
AutoIt, xrefs: 00810B17

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: caba219e3b5da8fe3256ef994c4a29f64d80ae7bb8af87367a6028fbb9836473
Instruction ID: a4b8b483dcb5d5ef85070187c6243648818fb49017b1517cb1003bd9dc536497
Opcode Fuzzy Hash: caba219e3b5da8fe3256ef994c4a29f64d80ae7bb8af87367a6028fbb9836473
Instruction Fuzzy Hash: C9E0923128931876D2102694BC07F897B88EF05B20F10442AF798955C38AE9649046E9

Function 007D0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007CF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007D0D71,?,?,?,007B100A), ref: 007CF7CE

IsDebuggerPresent.KERNEL32(?,?,?,007B100A), ref: 007D0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007B100A), ref: 007D0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007D0D7F

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: e547f1605994cf4680165de67cd9b24f8a37a5bb0e7f236ba47e2b23c8bf0abc
Instruction ID: a4fdf2cc0019c5a3ee43742a9bfa33ad10526c74e515400b607aa2db2b9dba03
Opcode Fuzzy Hash: e547f1605994cf4680165de67cd9b24f8a37a5bb0e7f236ba47e2b23c8bf0abc
Instruction Fuzzy Hash: E7E06D742003118BD3609FB8E4087427BF5BB04741F00492EE482C6752DBF8E444CBE1

Function 00823017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0082302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00823044

Strings

aut, xrefs: 00823038

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 33406ae8aef0cf0af239201b697ae239ba2021ab5c21085c1b2a3ce0146b08ef
Instruction ID: e81a3babe13f0b0b7251f081ce54f30b2f972fbd36cee2666586f44e4729a2d9
Opcode Fuzzy Hash: 33406ae8aef0cf0af239201b697ae239ba2021ab5c21085c1b2a3ce0146b08ef
Instruction Fuzzy Hash: 98D05E7650133867DA60A7A4AC4EFCB7B6CEB05750F0002A1B655E2091EAF4D984CAD4

Function 0080D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0080D220

Strings

X64, xrefs: 0080D2A8
%.3d, xrefs: 0080D22B

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 7110b61ffbe97b82b312c7f374fa5a5703d167400860c87300c3b0d261b88ea1
Instruction ID: df0cb18d1ddec9aa742374055d307fbc4bcf8584641ed9bd7d9ab1f796f90e1b
Opcode Fuzzy Hash: 7110b61ffbe97b82b312c7f374fa5a5703d167400860c87300c3b0d261b88ea1
Instruction Fuzzy Hash: 5BD012A180931CEACBD096E0CC49DB9B37CFB18305F508466F80AD1080D768E948AB61

Function 00842322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0084233F

Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3

Strings

Shell_TrayWnd, xrefs: 00842325

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: c8576065b501445a9aae6b6921dc2c580df56daef686a73fc5c60daae4d3c665
Instruction ID: 936b23977f1e719fe3cf86902c85832c08ded0b433b843a78ac64a7cf2d884d5
Opcode Fuzzy Hash: c8576065b501445a9aae6b6921dc2c580df56daef686a73fc5c60daae4d3c665
Instruction Fuzzy Hash: 20D0A93A381300B6E2E8A7309C0FFCA6A18BB00B00F018A06770AEA1D0C8A4A801CA00

Function 00842356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084236C
PostMessageW.USER32(00000000), ref: 00842373

Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3

Strings

Shell_TrayWnd, xrefs: 00842365

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 4e1c624e1da4bd6ac43389eddc581ab89d77dc7f6dae138402ec877548a2774a
Instruction ID: 2d36e448977bbaa1e62ed39db9f3ddd06f4e3404d43831596448da2c508375ae
Opcode Fuzzy Hash: 4e1c624e1da4bd6ac43389eddc581ab89d77dc7f6dae138402ec877548a2774a
Instruction Fuzzy Hash: A6D0A9363823007AE2E8A7309C0FFCA6A18BB01B00F018A06770AEA1D0C8A4A801CA04

Function 007EBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 007EBE93
GetLastError.KERNEL32 ref: 007EBEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007EBEFC

Memory Dump Source

Source File: 00000000.00000002.2995331170.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2995309572.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995392271.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995446263.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2995464370.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 7b6ada164a8ca295b88806f991881dc366a0924043faf2c6e5892e392aa0dff9
Instruction ID: 6ab9e0bb520bff7adada0835ff20473fbf7aa37c125d7e425345c7e21e527321
Opcode Fuzzy Hash: 7b6ada164a8ca295b88806f991881dc366a0924043faf2c6e5892e392aa0dff9
Instruction Fuzzy Hash: 5341D735602286EFCF218FA6CC84ABB7FA5AF49310F144169F959972A1DB349D01DB60

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre