Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1527551
MD5:	86b442edece0f1e7d7f46682a4e6b6a6
SHA1:	323c00335af743e946abd85b3b255e39cc06974d
SHA256:	304be29a6ee0ea7ac9d692efc23fff85c4e5b6348790e6d30f5ef324dd36da57
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 6740 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 86B442EDECE0F1E7D7F46682A4E6B6A6)

taskkill.exe (PID: 6840 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7052 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4600 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4960 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5728 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 4308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 6740	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_76.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_76.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_88.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_76.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_76.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_88.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_88.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_76.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_76.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_76.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_76.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_76.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_76.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_76.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_76.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_76.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_76.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_76.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_76.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_76.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_88.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_76.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_76.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_88.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_88.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_88.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_88.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_88.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_88.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_76.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_76.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.1753689047.0000000000984000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000002.2984741151.0000000000C38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdir=C:
Source: chromecache_76.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49829 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AFEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00AFEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AFED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00AFED6A

Source: C:\Users\user\Desktop\file.exe

0_2_00AFEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AEAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00AEAA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B19576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00B19576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_4a556535-e
Source: file.exe, 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_9d980d94-7
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_5478b6a0-5
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_b173dcd2-c

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AED5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00AED5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00AE1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AEE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00AEE8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A88060	0_2_00A88060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF2046	0_2_00AF2046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8298	0_2_00AE8298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE4FF	0_2_00ABE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB676B	0_2_00AB676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14873	0_2_00B14873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AACAA0	0_2_00AACAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8CAF0	0_2_00A8CAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9CC39	0_2_00A9CC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB6DD9	0_2_00AB6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9D063	0_2_00A9D063
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A891C0	0_2_00A891C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9B119	0_2_00A9B119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1394	0_2_00AA1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1706	0_2_00AA1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA781B	0_2_00AA781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA19B0	0_2_00AA19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A87920	0_2_00A87920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9997D	0_2_00A9997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA7A4A	0_2_00AA7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA7CA7	0_2_00AA7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1C77	0_2_00AA1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB9EEE	0_2_00AB9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0BE44	0_2_00B0BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA1F32	0_2_00AA1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A9F9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00AA0A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@46/30@12/6

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF37B5 GetLastError,FormatMessageW,

0_2_00AF37B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE10BF AdjustTokenPrivileges,CloseHandle,		0_2_00AE10BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00AE16C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00AF51CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B0A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_00B0A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00AF648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00A842A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2764:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5016:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4944:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6864:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	ReversingLabs: Detection: 23%
Source: file.exe	Virustotal: Detection: 26%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A842DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AA0A76 push ecx; ret

0_2_00AA0A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00A9F98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B11C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00B11C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-96264

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7218			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1775			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.7 %

Source: C:\Users\user\Desktop\file.exe TID: 6764

Thread sleep time: -72180s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7218 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00AEDBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF68EE FindFirstFileW,FindClose,	0_2_00AF68EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00AF698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00AED076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00AED3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00AF9642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00AF979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00AF9B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF5C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00AF5C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A842DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AFEAA2 BlockInput,

0_2_00AFEAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00AB2622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A842DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AA4CE8 mov eax, dword ptr fs:[00000030h]

0_2_00AA4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00AE0B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AB2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AA083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA09D5 SetUnhandledExceptionFilter,	0_2_00AA09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00AA0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00AE1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00AC2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AEB226 SendInput,keybd_event,

0_2_00AEB226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_00B022DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00AE0B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00AE1663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AA0698 cpuid

0_2_00AA0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00AF8195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ADD27A GetUserNameW,

0_2_00ADD27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ABBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00ABBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A842DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 6740, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 6740, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B01204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00B01204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B01806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00B01806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	ReversingLabs	Win32.Trojan.Generic
file.exe	26%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
youtube-ui.l.google.com	0%	Virustotal	Browse
www3.l.google.com	0%	Virustotal	Browse
youtube.com	0%	Virustotal	Browse
accounts.youtube.com	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
www.youtube.com	0%	Virustotal	Browse
play.google.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe
https://youtube.com/t/terms?gl=	0%	Virustotal		Browse
https://play.google.com/log?format=json&hasfast=true&authuser=0	0%	Virustotal		Browse
https://www.google.com/intl/	1%	Virustotal		Browse
https://www.google.com/favicon.ico	0%	Virustotal		Browse
https://play.google.com/work/enroll?identifier=	0%	Virustotal		Browse
https://play.google.com/log?hasfast=true&authuser=0&format=json	0%	Virustotal		Browse
https://play.google.com/log?format=json&hasfast=true	0%	Virustotal		Browse
https://www.google.com	0%	Virustotal		Browse
https://www.youtube.com/t/terms?chromeless=1&hl=	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
youtube-ui.l.google.com	142.250.185.238	true	false	0%, Virustotal, Browse	unknown
www3.l.google.com	142.250.186.46	true	false	0%, Virustotal, Browse	unknown
play.google.com	142.250.181.238	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.184.228	true	false	0%, Virustotal, Browse	unknown
youtube.com	142.250.186.78	true	false	0%, Virustotal, Browse	unknown
accounts.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	0%, Virustotal, Browse	unknown
https://www.google.com/favicon.ico	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_76.13.dr	false	0%, Virustotal, Browse	unknown
https://policies.google.com/technologies/location-data	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_76.13.dr	false	1%, Virustotal, Browse	unknown
https://apis.google.com/js/api.js	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_76.13.dr	false	0%, Virustotal, Browse	unknown
https://policies.google.com/terms/service-specific	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_76.13.dr	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_76.13.dr	false	0%, Virustotal, Browse	unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_76.13.dr	false	0%, Virustotal, Browse	unknown
https://support.google.com/accounts?hl=	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_76.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_76.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	youtube.com	United States	15169	GOOGLEUS	false
142.250.185.238	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
142.250.181.238	play.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527551
Start date and time:	2024-10-07 02:50:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@46/30@12/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 41 Number of non-executed functions: 310
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.185.142, 74.125.71.84, 34.104.35.123, 142.250.186.163, 142.250.184.227, 172.217.16.138, 142.250.184.202, 142.250.184.234, 142.250.185.234, 172.217.18.10, 142.250.186.106, 172.217.18.106, 142.250.186.42, 216.58.206.42, 142.250.185.170, 142.250.186.138, 142.250.186.170, 142.250.181.234, 142.250.186.74, 142.250.185.202, 172.217.16.202, 142.250.74.202, 93.184.221.240, 192.229.221.95, 216.58.206.35, 74.125.206.84, 142.250.186.46
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	Camtech_Korea_Invoice_2024.html	Get hash	malicious	HTMLPhisher	Browse
	http://chiso.dev/	Get hash	malicious	Unknown	Browse
	http://buddycities.com/	Get hash	malicious	Unknown	Browse
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse
	https://wchckwl.org/	Get hash	malicious	Unknown	Browse
	http://www.ngdhqw.blogspot.de/	Get hash	malicious	GRQ Scam	Browse
	https://event.stibee.com/v2/click/NDA4MDIvMjQzMzA0Ny80OTAyMzcv/aHR0cHM6Ly91cHBpdHkuY28ua3IvJWVhJWI3JWI4JWViJTgyJWEwLTUlZWIlYTclOGMtJWVjJTliJTkwJWViJThjJTgwLSVlYyU4MiViYyVlYyVhMCU4NCVlYyU5ZCU4NC0lZWIlYjQlYTQlZWMlOTYlYjQlZWMlOWElOTQtMi8	Get hash	malicious	Unknown	Browse
	http://vpnpanda.org/	Get hash	malicious	Unknown	Browse
	https://ln.run/qHANs	Get hash	malicious	Unknown	Browse
	http://revexhibition.pages.dev/	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www3.l.google.com	http://ak437453-76542337354.com/	Get hash	malicious	Unknown	Browse	216.58.206.46
	https://securepage.cloud/4766af00c255f04f85v8a0cf334e017e26f2.html	Get hash	malicious	Unknown	Browse	142.250.184.206
	http://afcudigital.biz/ebill/	Get hash	malicious	HTMLPhisher	Browse	142.250.184.206
	http://ofreverence.neocities.org/	Get hash	malicious	Unknown	Browse	172.217.18.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	216.58.206.46
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.238
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.74.206
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.184.206
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.184.206
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.181.238

ASNs

⊘No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	SecuriteInfo.com.Trojan.DownLoader47.42925.26493.18247.exe	Get hash	malicious	Amadey	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	Camtech_Korea_Invoice_2024.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	zncaKWwEdq.exe	Get hash	malicious	Vidar	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	http://chiso.dev/	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	http://buddycities.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://wchckwl.org/	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	http://www.ngdhqw.blogspot.de/	Get hash	malicious	GRQ Scam	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://event.stibee.com/v2/click/NDA4MDIvMjQzMzA0Ny80OTAyMzcv/aHR0cHM6Ly91cHBpdHkuY28ua3IvJWVhJWI3JWI4JWViJTgyJWEwLTUlZWIlYTclOGMtJWVjJTliJTkwJWViJThjJTgwLSVlYyU4MiViYyVlYyVhMCU4NCVlYyU5ZCU4NC0lZWIlYjQlYTQlZWMlOTYlYjQlZWMlOWElOTQtMi8	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	http://vpnpanda.org/	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792853825531523
Encrypted:	false
SSDEEP:	6144:x5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:pOeKGSpgu/
MD5:	D6A4595EF381156A4C38FC1268C40783
SHA1:	75B2E4139EE5014416D280B02E1F57724B0A4240
SHA-256:	9E6266EF7F49A5256F373AB78F9D0AE688CA964F542892F5FF0563F05AC6C676
SHA-512:	ACC3385A52ABFA53EE68286C86F2266C2BE7D12350F31AEFD91052616CF417207E5F27A31FEC5FB4B5DDA705C599DD0B724ACA88E9FF682289C3B473902CD79C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEEvjRYpfMDihaNwG0swUsVgVpBIg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583819527071619
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	86b442edece0f1e7d7f46682a4e6b6a6
SHA1:	323c00335af743e946abd85b3b255e39cc06974d
SHA256:	304be29a6ee0ea7ac9d692efc23fff85c4e5b6348790e6d30f5ef324dd36da57
SHA512:	8dfa5438ff3006b6c63842a17b2b1729b121ddef9bd4660737b6eef98437bc44b197fc4e44b7f38fafd2dfa29e72c22fc26faf33731182400e8bb18b48ccce7d
SSDEEP:	24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8a4kK:/TvC/MTQYxsWR7a4
TLSH:	D0159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x670323B0 [Sun Oct 6 23:56:32 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007FB2293B2503h
jmp 00007FB2293B1E0Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FB2293B1FEDh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FB2293B1FBAh
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007FB2293B4BADh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007FB2293B4BF8h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007FB2293B4BE1h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	6bf3112804e1367cce425f5d3b868124	False	0.3167317708333333	data	5.332685302889328	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 02:51:08.571592093 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 7, 2024 02:51:09.996483088 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:09.996531963 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:09.996999979 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:09.998559952 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:09.998574972 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.642353058 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.642550945 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.642564058 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.643317938 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.643382072 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.644751072 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.644799948 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.645735025 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.645817041 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.645896912 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.687402010 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.701308966 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.701322079 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.763806105 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.920799017 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.920864105 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.920887947 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.920996904 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.921056032 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.925278902 CEST	49733	443	192.168.2.4	142.250.186.78
Oct 7, 2024 02:51:10.925309896 CEST	443	49733	142.250.186.78	192.168.2.4
Oct 7, 2024 02:51:10.945611954 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:10.945652962 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:10.945718050 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:10.946269035 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:10.946299076 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.634720087 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.635080099 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.635109901 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.635698080 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.635776997 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.636712074 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.636779070 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.638022900 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.638108969 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.638251066 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.638266087 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.685687065 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.929136992 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.929182053 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.929338932 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:11.929373026 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.929420948 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.933242083 CEST	49736	443	192.168.2.4	142.250.185.238
Oct 7, 2024 02:51:11.933281898 CEST	443	49736	142.250.185.238	192.168.2.4
Oct 7, 2024 02:51:14.514964104 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:14.515059948 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:14.515150070 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:14.515341997 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:14.515381098 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:14.754251003 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:14.754333973 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:14.754467964 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:14.756179094 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:14.756253958 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.167756081 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:15.168112040 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:15.168181896 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:15.169680119 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:15.169866085 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:15.170789957 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:15.170890093 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:15.216269016 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:15.216329098 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:15.263004065 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:15.396032095 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.396261930 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.403639078 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.403693914 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.404071093 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.453774929 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.455163956 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.499475956 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.663203955 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.663263083 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.663459063 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.673985004 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.673985004 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.674052000 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.674086094 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.726142883 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.726241112 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:15.726346970 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.726656914 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:15.726696968 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:16.390698910 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:16.390801907 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:16.393105030 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:16.393126965 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:16.393465042 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:16.394658089 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:16.435401917 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:16.672137022 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:16.672199011 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:16.672267914 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:16.673145056 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:16.673173904 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:16.673192978 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 7, 2024 02:51:16.673202038 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 7, 2024 02:51:21.080343008 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.080456972 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.080533981 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.081248045 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.081284046 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.128595114 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.128632069 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.128716946 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.129208088 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.129232883 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.715935946 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.716149092 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.716183901 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.716691971 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.716763020 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.717689991 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.717752934 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.719635963 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.719721079 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.720104933 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.720122099 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.764946938 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.773262024 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.773497105 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.773511887 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.774532080 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.774591923 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.775557995 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.775619030 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.775723934 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.775805950 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.776094913 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:21.776108027 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:21.826411963 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.129525900 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.129555941 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.129657030 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.129936934 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.129937887 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.129996061 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.130383015 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.130419970 CEST	443	49762	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.130444050 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.130470037 CEST	49762	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.130878925 CEST	49761	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.130894899 CEST	443	49761	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.132062912 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.132124901 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.132277012 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.133308887 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.133338928 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.133462906 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.134062052 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.134098053 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.134406090 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.134417057 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.215502024 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:22.215545893 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:22.215619087 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:22.216869116 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:22.216900110 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:22.767545938 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.767891884 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.767925978 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.768508911 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.768582106 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.769512892 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.769573927 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.769723892 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.769818068 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.769867897 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.769896030 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.769912004 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.790524960 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.790841103 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.790853977 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.791357040 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.791413069 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.792366028 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.792418003 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.792519093 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.792602062 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.792633057 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.792633057 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.792670965 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.810844898 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.842035055 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.842045069 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.891686916 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.983361006 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.984189987 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:22.984601021 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.985560894 CEST	49764	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:22.985600948 CEST	443	49764	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:23.012343884 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:23.013185978 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:23.013272047 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:23.014579058 CEST	49765	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:23.014595985 CEST	443	49765	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:23.021631002 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:23.021708012 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:23.027051926 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:23.027070999 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:23.027426958 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:23.067229986 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:23.121344090 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:23.163436890 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:23.390234947 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:23.390340090 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:23.390465021 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:23.390499115 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:23.390530109 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:23.390559912 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:23.390746117 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:23.391693115 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:23.451916933 CEST	49740	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:51:23.451946974 CEST	443	49740	142.250.184.228	192.168.2.4
Oct 7, 2024 02:51:24.131939888 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:24.140178919 CEST	49723	80	192.168.2.4	199.232.210.172
Oct 7, 2024 02:51:24.145643950 CEST	80	49723	199.232.210.172	192.168.2.4
Oct 7, 2024 02:51:24.145776033 CEST	49723	80	192.168.2.4	199.232.210.172
Oct 7, 2024 02:51:24.179404020 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392435074 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392467976 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392482042 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392498970 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392525911 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:24.392541885 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392595053 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392627954 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:24.392628908 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:24.392631054 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392652035 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:24.392664909 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392690897 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:24.392709017 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:24.392721891 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392743111 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:24.392815113 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:25.054670095 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:25.054711103 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:25.054738045 CEST	49768	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:51:25.054770947 CEST	443	49768	4.175.87.197	192.168.2.4
Oct 7, 2024 02:51:28.719268084 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:28.719327927 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:28.719427109 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:28.719727039 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:28.719755888 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:29.344686031 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:29.344957113 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:29.344986916 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:29.345354080 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:29.345849037 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:29.345917940 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:29.346285105 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:29.346328974 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:29.346340895 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:29.674789906 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:29.675848961 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:29.675916910 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:29.676992893 CEST	49780	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:29.677020073 CEST	443	49780	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:52.167268038 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:52.167357922 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:52.167467117 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:52.167886019 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:52.167926073 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:52.802532911 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:52.802964926 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:52.803025961 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:52.804708958 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:52.805064917 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:52.805228949 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:52.805228949 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:52.805247068 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:52.805293083 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:52.857670069 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.102816105 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.103411913 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.103568077 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.103614092 CEST	49781	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.103635073 CEST	443	49781	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.143841982 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.143887043 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.144157887 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.144239902 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.144256115 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.777478933 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.777762890 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.777825117 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.779088020 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.780678034 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.780841112 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.780841112 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:53.780865908 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.780976057 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:53.827315092 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:54.077534914 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:54.077830076 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:54.078006983 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:54.078387976 CEST	49782	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:54.078449965 CEST	443	49782	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.235479116 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:55.235582113 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.236125946 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:55.236237049 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:55.236268997 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.902275085 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.902614117 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:55.902683020 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.904014111 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.904315948 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:55.904464006 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:55.904484034 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.904508114 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:55.904524088 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.947427988 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:55.951436996 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:56.204869032 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:56.205250978 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:56.205322027 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:56.205415964 CEST	49783	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:51:56.205456972 CEST	443	49783	142.250.181.238	192.168.2.4
Oct 7, 2024 02:51:58.161860943 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:58.161919117 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.162009954 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:58.162350893 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:58.162383080 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.811069965 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.811458111 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:58.814809084 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:58.814845085 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.815351009 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.823916912 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:58.871434927 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.926023960 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.926090002 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.926239967 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.926271915 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:58.926338911 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:58.926374912 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:58.926399946 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.011723042 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.011780977 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.011857986 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.011878014 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.011905909 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.011926889 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.014147997 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.014189959 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.014225960 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.014236927 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.014264107 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.014281988 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.098108053 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.098157883 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.098390102 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.098426104 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.098479986 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.099236012 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.099275112 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.099318981 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.099332094 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.099378109 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.099378109 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.100358009 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.100405931 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.100430965 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.100442886 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.100488901 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.100509882 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.101408005 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.101459026 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.101485014 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.101495981 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.101521015 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.101541996 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.184843063 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.184885025 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.184922934 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.184942961 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.184969902 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.184989929 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.185219049 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.185259104 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.185297966 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.185307980 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.185333014 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.185352087 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.186029911 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.186068058 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.186105013 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.186114073 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.186141014 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.186160088 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.186597109 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.186640024 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.186670065 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.186682940 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.186708927 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.186726093 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.187093973 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.187134981 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.187163115 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.187174082 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.187201023 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.187218904 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.187357903 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.187531948 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.187582016 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.190078020 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.190113068 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.376271963 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.376271963 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.376368046 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.376409054 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.376476049 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.376543999 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.381460905 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.381460905 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.381546974 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.381591082 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.382409096 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.382477999 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.382548094 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.382687092 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.382704973 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.383590937 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.383691072 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.383759975 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.384392023 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.384424925 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.384483099 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.384577990 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.384613991 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:51:59.384641886 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:51:59.384661913 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.021639109 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.022175074 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.022250891 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.022667885 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.022684097 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.022732973 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.023181915 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.023267984 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.023479939 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.023497105 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.024710894 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.024987936 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.025018930 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.025295973 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.025307894 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.036118984 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.036731005 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.036787987 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.037197113 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.037209034 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.082536936 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.082937956 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.082973003 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.083355904 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.083363056 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.120301008 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.120440960 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.120621920 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.120623112 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.120623112 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.122723103 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.122741938 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.122805119 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.122838020 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.122859955 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.122894049 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.122921944 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.123018980 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.123051882 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.123076916 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.123090982 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.123801947 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.123842955 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.123914957 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.124053001 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.124067068 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.125312090 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.125384092 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.125451088 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.125549078 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.125556946 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.125576973 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.125629902 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.125705004 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.125766039 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.125811100 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.125829935 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.125859976 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.125921011 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.125921011 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.125955105 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.125977993 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.127705097 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.127806902 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.127880096 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.127989054 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.128012896 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.140857935 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.140908003 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.141020060 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.141046047 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.141083002 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.141247988 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.141278028 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.141304016 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.141318083 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.143415928 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.143497944 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.143590927 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.143872023 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.143953085 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.187881947 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.188013077 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.188097954 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.188138962 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.188138962 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.188158989 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.188173056 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.190414906 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.190498114 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.190588951 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.190762043 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.190798998 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.420367956 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.420432091 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.800617933 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.801446915 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.801505089 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.801893950 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.801907063 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.815825939 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.816123962 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.816169977 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.816423893 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.816437006 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.823502064 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.823842049 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.823900938 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.824018002 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.824032068 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.826864958 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.827214956 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.827260971 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.827382088 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.827400923 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.835447073 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.835679054 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.835758924 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.836096048 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.836179018 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.908484936 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.908548117 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.908618927 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.908838987 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.908839941 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.908879995 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.908904076 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.911531925 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.911597013 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.911684036 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.911823034 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.911839008 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.922025919 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.922208071 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.922267914 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.922316074 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.922341108 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.922368050 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.922379971 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.923234940 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.923374891 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.923456907 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.923531055 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.923531055 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.923572063 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.923607111 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.924877882 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.924910069 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.924989939 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.925098896 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.925107956 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.925456047 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.925539017 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.925616026 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.925750971 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.925785065 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.932723045 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.932869911 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.933016062 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.933016062 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.933016062 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.934211016 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.934349060 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.934541941 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.934541941 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.934541941 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.934931993 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.935014963 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.935087919 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.935204983 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.935228109 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.936532021 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.936541080 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:00.936599016 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.936701059 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:00.936709881 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.232682943 CEST	49794	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.232762098 CEST	443	49794	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.248231888 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.248254061 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.666764021 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.674763918 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.674788952 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.676248074 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.676328897 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.676651955 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.676656008 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.682674885 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.682693005 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.685794115 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.685815096 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.689383984 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.689389944 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.692749977 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.692754984 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.705954075 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.705957890 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.713021994 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.713104963 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.717057943 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.717057943 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.717113972 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.717190981 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.720638037 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.720693111 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.779588938 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.779679060 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.779743910 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.786705017 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.786860943 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.787066936 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.802359104 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.802406073 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.802433968 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.802453041 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.803400993 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.803561926 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.803612947 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.803836107 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.803860903 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.803872108 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.803888083 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.805782080 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.805787086 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.805797100 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.805799961 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.812602997 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.812746048 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.812910080 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.815923929 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.816067934 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.816257954 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.820290089 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.820333004 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.820396900 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.822475910 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.822475910 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.822540045 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.822568893 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.822766066 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.822834015 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.822895050 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.824011087 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.824011087 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.824017048 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.824028015 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.824035883 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.824050903 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.824106932 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.824223995 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.824244976 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.824357986 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.824388027 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.825959921 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.825995922 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.826612949 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.826625109 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.826790094 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.826941013 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.826956034 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.827186108 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.827270031 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:01.827351093 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.827502966 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:01.827543020 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.107228041 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:02.107311010 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:02.107460022 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:02.108556986 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:02.108639956 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:02.470587015 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.472800016 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.472882032 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.473220110 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.473232985 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.479127884 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.479453087 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.479485035 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.479813099 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.479820967 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.488923073 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.489240885 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.489281893 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.489608049 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.489618063 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.492502928 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.492770910 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.492808104 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.493100882 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.493108034 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.508141994 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.508630037 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.508718967 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.508836985 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.508855104 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.570070982 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.570204020 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.570276022 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.570349932 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.570349932 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.570390940 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.570415974 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.573147058 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.573250055 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.573317051 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.573431969 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.573452950 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.579790115 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.579929113 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.579978943 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.580147028 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.580163956 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.580176115 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.580183029 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.583736897 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.583779097 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.583960056 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.584017038 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.584045887 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.591844082 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.591912985 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.591967106 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.593586922 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.593588114 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.593610048 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.593633890 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.595371008 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.595546961 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.595597029 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.595788956 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.595797062 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.595808029 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.595813036 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.597743034 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.597825050 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.597908020 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.598654032 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.598737001 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.599641085 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.599669933 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.599728107 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.599838018 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.599847078 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.612812996 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.612941980 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.613106012 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.613106012 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.613106012 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.614864111 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.614875078 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.614938021 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.615046024 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.615053892 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.919960976 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:02.920022964 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:02.926393986 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:02.926640987 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:02.928103924 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:02.928157091 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:02.928575993 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:02.939145088 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:02.979474068 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.227282047 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.230663061 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.230731964 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.231632948 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.231647968 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.249197006 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.249557972 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.249573946 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.249917030 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.249921083 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.254962921 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.255204916 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.255215883 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.255494118 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.255497932 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.263138056 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.263499022 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.263581038 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.263832092 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.263860941 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.266841888 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.266910076 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.267030001 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.267105103 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:03.267106056 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:03.267169952 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.267239094 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:03.267824888 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.268013954 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.268013954 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:03.268093109 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:03.268348932 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.268781900 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.268867016 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.269150019 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.269201994 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.271810055 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:03.271847963 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.271877050 CEST	49805	443	192.168.2.4	4.175.87.197
Oct 7, 2024 02:52:03.271892071 CEST	443	49805	4.175.87.197	192.168.2.4
Oct 7, 2024 02:52:03.329771042 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.329905987 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.330004930 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.330156088 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.330156088 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.330195904 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.330220938 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.334001064 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.334084988 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.334191084 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.334359884 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.334388971 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.350672007 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.350735903 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.350797892 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.350989103 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.351003885 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.351032019 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.351037979 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.353092909 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.353174925 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.353602886 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.353602886 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.353735924 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.354410887 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.354557991 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.354633093 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.354711056 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.354716063 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.354741096 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.354744911 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.356911898 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.356997967 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.357393026 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.357600927 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.357636929 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.367216110 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.367362976 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.367748022 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.367748976 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.367748976 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.369467974 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.369492054 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.369568110 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.369683981 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.369709015 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.370317936 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.370449066 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.370654106 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.370654106 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.370655060 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.372788906 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.372872114 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.373445034 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.373445034 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.373574018 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.672271967 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.672333956 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.672347069 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.672406912 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.973741055 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.976250887 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.976337910 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.976711988 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.976767063 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.991714954 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.996004105 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.996038914 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:03.996431112 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:03.996438026 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.018119097 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.019965887 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.020020008 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.020404100 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.020416021 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.025098085 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.033051968 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.033082962 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.033478022 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.033488035 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.039616108 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.072882891 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.073031902 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.073162079 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.074990034 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.075050116 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.075427055 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.075479031 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.075968981 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.075969934 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.076035023 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.076071024 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.078588963 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.078680992 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.078764915 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.078881025 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.078911066 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.097454071 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.097613096 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.097812891 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.100925922 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.100925922 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.100991011 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.101033926 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.116637945 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.116785049 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.116872072 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.122677088 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.122692108 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.122704029 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.122751951 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.122769117 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.122778893 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.122894049 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.132069111 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.132152081 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.136287928 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.136584997 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.136679888 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.138289928 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.138307095 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.138350964 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.138361931 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.142163038 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.142246962 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.142780066 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.148559093 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.148641109 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.174824953 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.174958944 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.175112009 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.175192118 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.175199032 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.175268888 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.178992987 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.178992987 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.179039001 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.179068089 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.199179888 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.199218035 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.219316006 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.219409943 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.219552040 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.219860077 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.219891071 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.724750042 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.725316048 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.725377083 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.725765944 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.725781918 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.772488117 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.773083925 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.773144007 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.773350954 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.773365021 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.799329996 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.799849033 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.799907923 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.799973011 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.799988031 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.811844110 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.812150955 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.812201977 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.812536955 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.812551022 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.850697994 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.850837946 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.850918055 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.850996017 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.850996017 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.851038933 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.851069927 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.853483915 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.853914976 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.853952885 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.854211092 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.854237080 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.854406118 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.854444027 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.854454041 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.854547024 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.854574919 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.870934963 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.871073961 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.871277094 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.871277094 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.871277094 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.873713970 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.873740911 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.873847008 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.873951912 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.873965979 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.899549007 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.899698973 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.899789095 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.899929047 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.899974108 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.900003910 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.900018930 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.902766943 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.902849913 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.902964115 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.903058052 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.903078079 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.914865017 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.915010929 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.915080070 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.915232897 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.915232897 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.915256977 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.915278912 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.917232037 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.917254925 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.917340040 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.917527914 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.917550087 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.953713894 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.953845978 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.953922033 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.954032898 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.954032898 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.954061031 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.954083920 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.956747055 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.956768990 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:04.956842899 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.956980944 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:04.956994057 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.091944933 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.092006922 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.494640112 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.495177031 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.495206118 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.495862007 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.495867014 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.518490076 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.518930912 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.518960953 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.519423962 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.519443035 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.545782089 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.552386999 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.552428007 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.552910089 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.552922964 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.591767073 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.592468023 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.592499018 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.592535973 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.592663050 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.592725992 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.593101978 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.593372107 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.593393087 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.593564987 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.593575001 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.593584061 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.593588114 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.593770981 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.593785048 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.594418049 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.594422102 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.597789049 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.597801924 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.597870111 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.597981930 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.597986937 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.617010117 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.617141962 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.617204905 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.617216110 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.617219925 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.620016098 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.620084047 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.620177984 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.620526075 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.620553970 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.673160076 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.673296928 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.673361063 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.673428059 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.673455954 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.673481941 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.673497915 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.675645113 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.675733089 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.675832033 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.675940990 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.675961971 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.690874100 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.691006899 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.691075087 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.691143990 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.691155910 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.691164970 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.691169977 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.693056107 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.693140030 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.693233013 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.693325996 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.693351984 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.697951078 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.698005915 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.698163033 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.698328972 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.698328972 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.698357105 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.698380947 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.700303078 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.700330973 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:05.700427055 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.700520039 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:05.700546980 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.278760910 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.283696890 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.283718109 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.284543991 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.284550905 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.357211113 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.357661009 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.357728004 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.358093977 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.358107090 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.358710051 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.358952045 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.359030008 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.359231949 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.359246969 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.363162041 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.363377094 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.363461018 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.363672018 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.363688946 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.368200064 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.368520975 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.368555069 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.368870020 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.368880987 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.381819010 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.381887913 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.381948948 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.382045031 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.382057905 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.382069111 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.382074118 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.384486914 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.384567976 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.384660006 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.384778976 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.384793997 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.458173037 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.458235979 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.458309889 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.458550930 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.458569050 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.458587885 CEST	49830	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.458595037 CEST	443	49830	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.461687088 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.461743116 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.461827040 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.461833954 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.461895943 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.461930037 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.462157011 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.462194920 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.462202072 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.462232113 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.462260008 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.462275982 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.464709997 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.464802980 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.464896917 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.465050936 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.465085983 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.468729019 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.468854904 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.468911886 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.468974113 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.468981028 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.468998909 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.469003916 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.471381903 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.471422911 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.471506119 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.471678019 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.471702099 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.491924047 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.492058039 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.492146015 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.492234945 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.492270947 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.492299080 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.492314100 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.494693995 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.494776011 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:06.494862080 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.495042086 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:06.495078087 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.104672909 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.105521917 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.105581045 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.106134892 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.106188059 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.112871885 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.113318920 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.113377094 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.113523960 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.113933086 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.113934040 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.113951921 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.114027977 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.114346981 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.114357948 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.114500999 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.114876986 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.114934921 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.115427017 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.115439892 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.131690979 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.132247925 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.132308006 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.132790089 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.132843018 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.203324080 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.203372002 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.203505993 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.203710079 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.203751087 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.203809977 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.203825951 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.206856966 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.206940889 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.207037926 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.207195044 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.207232952 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.211359978 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.211427927 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.211496115 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.211590052 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.211590052 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.211632967 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.211674929 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.213947058 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.213983059 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.214056015 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.214068890 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.214122057 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.214183092 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.214287043 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.214302063 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.214360952 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.214378119 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.214401007 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.214413881 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.214509964 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.214668989 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.214749098 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.214749098 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.214821100 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.214859009 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.216861963 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.216871977 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.216895103 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.216943026 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.216978073 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.217037916 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.217047930 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.217058897 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.217264891 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.217294931 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.231008053 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.231200933 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.231292009 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.231379032 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.231379032 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.231446028 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.231476068 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.233561039 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.233644009 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.233750105 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.233917952 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.233953953 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.851438999 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.852404118 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.852463007 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.852946997 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.852962017 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.860862017 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.861408949 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.861443996 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.861709118 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.861720085 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.869209051 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.869498014 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.869534969 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.869792938 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.869800091 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.884469032 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.887990952 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.888048887 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.888803005 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.888818026 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.904510975 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.907975912 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.907985926 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.908543110 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.908546925 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.952299118 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.952438116 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.952528000 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.953115940 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.953115940 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.953157902 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.953183889 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.957576036 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.957664013 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.957757950 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.957952976 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.958004951 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.959769011 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.959912062 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.960032940 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.960223913 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.960242033 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.960263968 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.960275888 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.962759972 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.962781906 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.963690996 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.963830948 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.963855982 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.969449997 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.969508886 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.969723940 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.969759941 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.969759941 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.969779015 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.969793081 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.986232042 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.986365080 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.986483097 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.994287968 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.994332075 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.994359970 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.994375944 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.997268915 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.997308969 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.997419119 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.997771025 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.997802973 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.999026060 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.999053955 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:07.999665022 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.999759912 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:07.999773026 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.009448051 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.009510040 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.009594917 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.009732962 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.009747028 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.009757996 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.009766102 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.012120008 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.012150049 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.012214899 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.012366056 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.012372971 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.597745895 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.598340988 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.598417997 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.598799944 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.598814964 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.614579916 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.614970922 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.614986897 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.615565062 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.615575075 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.638590097 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.642004967 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.642025948 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.642821074 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.642826080 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.648789883 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.649197102 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.649255991 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.649770021 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.649784088 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.671895027 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.682063103 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.682084084 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.682584047 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.682590008 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.700613976 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.700977087 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.701041937 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.705770016 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.705812931 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.705841064 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.705857038 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.709465027 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.709497929 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.709575891 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.709893942 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.709904909 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.715012074 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.715168953 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.715224981 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.715277910 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.715308905 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.715339899 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.715349913 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.717983961 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.718008041 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.718074083 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.718189955 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.718204021 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.738409042 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.738543034 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.738604069 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.738667965 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.738677979 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.738688946 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.738692999 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.740820885 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.740858078 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.741009951 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.741131067 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.741154909 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.756195068 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.756321907 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.756402969 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.756587982 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.756587982 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.756630898 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.756659985 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.759022951 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.759108067 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.759188890 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.759373903 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.759423018 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.783442974 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.783488035 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.783544064 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.783710957 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.783724070 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.783734083 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.783737898 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.785989046 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.786014080 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:08.786112070 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.786201000 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:08.786226034 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.363368988 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.373969078 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.374032974 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.374389887 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.374403000 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.374536991 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.374882936 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.374917030 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.375093937 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.375101089 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.424340010 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.424793959 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.424873114 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.425364971 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.425385952 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.432353973 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.432712078 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.432735920 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.433252096 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.433258057 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.452348948 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.452775955 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.452826023 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.453324080 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.453347921 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.472059011 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.472407103 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.472487926 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.472557068 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.472557068 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.472595930 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.472624063 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.474967003 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.474998951 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.475097895 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.475198030 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.475203991 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.475281000 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.475347996 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.475402117 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.475428104 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.475438118 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.475465059 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.475471020 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.477127075 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.477210999 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.477292061 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.477384090 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.477408886 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.523508072 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.523652077 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.523735046 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.523824930 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.523858070 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.523883104 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.523897886 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.526190996 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.526273012 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.526376009 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.526563883 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.526601076 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.536473989 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.536627054 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.536691904 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.536724091 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.536746025 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.536757946 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.536763906 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.539004087 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.539036989 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.539189100 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.539381027 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.539419889 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.559212923 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.559350967 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.559425116 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.559537888 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.559557915 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.559581041 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.559591055 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.561851025 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.561908007 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:09.561996937 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.562103987 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:09.562124014 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.122411013 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.123056889 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.123074055 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.123622894 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.123629093 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.126440048 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.126754045 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.126804113 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.127091885 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.127104044 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.172497034 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.172939062 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.173012018 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.173280954 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.173294067 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.173969030 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.174217939 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.174232006 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.174531937 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.174542904 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.196048021 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.196507931 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.196566105 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.196772099 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.196784973 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.224544048 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.224694967 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.224791050 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.224957943 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.224976063 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.225008965 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.225014925 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.227650881 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.227794886 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.227819920 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.227876902 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.227888107 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.227962017 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.227962017 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.227965117 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.228008032 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.228037119 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.228099108 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.228118896 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.229979038 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.230000973 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.230077982 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.230192900 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.230216026 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.271738052 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.271878004 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.271987915 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.272142887 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.272142887 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.272186995 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.272212982 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.272790909 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.272861004 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.272912025 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.272986889 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.273000956 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.273041964 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.273055077 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.274159908 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.274194002 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.274257898 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.274370909 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.274390936 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.274727106 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.274811983 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.274890900 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.275002003 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.275029898 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.297190905 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.297342062 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.297406912 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.297451973 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.297452927 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.297475100 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.297497034 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.299201012 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.299283028 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.299360991 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.299479008 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.299499989 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.576431990 CEST	49724	80	192.168.2.4	199.232.210.172
Oct 7, 2024 02:52:10.581929922 CEST	80	49724	199.232.210.172	192.168.2.4
Oct 7, 2024 02:52:10.582011938 CEST	49724	80	192.168.2.4	199.232.210.172
Oct 7, 2024 02:52:10.883055925 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.883630037 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.883688927 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.884084940 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.884099960 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.899446964 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.900111914 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.900172949 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.900325060 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.900341988 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.940876961 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.941422939 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.941433907 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.941643000 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.941648006 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.954632998 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.954943895 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.955018044 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.955236912 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.955250978 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.977386951 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.977896929 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.977957010 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.978101969 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.978116989 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.983490944 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.983632088 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.983901024 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.983901024 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.983901024 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.986342907 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.986428022 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:10.986524105 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.986685038 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:10.986711025 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.001188993 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.001759052 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.002120018 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.002120972 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.002120972 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.004084110 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.004167080 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.004259109 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.004390001 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.004424095 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.043657064 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.043796062 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.043906927 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.043921947 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.043932915 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.043940067 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.043945074 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.045727015 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.045809984 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.045887947 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.045989990 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.046009064 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.058435917 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.058588028 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.058799982 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.058885098 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.058885098 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.058928013 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.058974028 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.060954094 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.061034918 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.061117887 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.061244965 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.061281919 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.081618071 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.081784010 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.081844091 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.083885908 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.083885908 CEST	49861	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.083934069 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.083961964 CEST	443	49861	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.086188078 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.086225033 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.086464882 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.086466074 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.086524010 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.201813936 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.201884985 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.311626911 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.311674118 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.632913113 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.644184113 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.678735971 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.683238983 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.683290958 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.684034109 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.684048891 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.684329987 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.684395075 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.684688091 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.684700966 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.700464964 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.701926947 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.704864025 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.704905033 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.712507010 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.712522030 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.712548971 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.712558985 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.725316048 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.727792025 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.727804899 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.733571053 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.733586073 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.733957052 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.733967066 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.780168056 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.780307055 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.780394077 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.782119036 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.782164097 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.782243967 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.782273054 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.786477089 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.810118914 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.810257912 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.810439110 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.833563089 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.833590984 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.833611012 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.833656073 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.833692074 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.833719015 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.833745956 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.833746910 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.833766937 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.833792925 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.833792925 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.833792925 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.833839893 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.876912117 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.876912117 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.876954079 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.876981974 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.878106117 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.878134966 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.878160954 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.878161907 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.878180981 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.878204107 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.878226042 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.878237009 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.879683971 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.879683971 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.879690886 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.879690886 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.879724026 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.879741907 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.879750013 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.879785061 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.883745909 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.883805037 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.883869886 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.884958029 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.884990931 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.885046005 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.885287046 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.885327101 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.885811090 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.885885000 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.885941029 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.886127949 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.886158943 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.886823893 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.886854887 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.886914968 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.886930943 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.886945963 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.887162924 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.887191057 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.888144970 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.888154984 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:11.888206005 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.891390085 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:11.891403913 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.525767088 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.526417971 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.526478052 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.526783943 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.526799917 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.535729885 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.537834883 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.537879944 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.538300037 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.538311958 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.559721947 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.560031891 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.560061932 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.560544014 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.560550928 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.564876080 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.565294027 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.565326929 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.565727949 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.565737963 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.572666883 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.573084116 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.573101997 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.573457956 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.573463917 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.624099970 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.624140978 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.624305010 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.624337912 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.624413013 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.624454975 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.624454975 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.624495983 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.624526978 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.627402067 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.627484083 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.627585888 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.627706051 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.627732992 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.636893034 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.637056112 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.637129068 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.637192011 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.637192011 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.637223959 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.637248993 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.639698029 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.639760971 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.639921904 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.640028954 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.640055895 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.668951988 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.669116974 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.669183016 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.669219971 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.669219971 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.669235945 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.669255972 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.671602011 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.671628952 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.671706915 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.671869040 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.671895027 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.676173925 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.676450968 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.676510096 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.676548004 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.676568985 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.676584959 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.676592112 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.678584099 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.678668022 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.678755999 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.678890944 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.678922892 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.705132961 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.705363989 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.705416918 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.705465078 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.705465078 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.705482960 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.705497026 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.707340956 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.707441092 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:12.707530975 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.707638025 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:12.707675934 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.285010099 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.285821915 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.285878897 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.286154032 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.286168098 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.313807964 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.314347029 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.314408064 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.314560890 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.314578056 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.320427895 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.320677996 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.320698977 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.320987940 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.320997953 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.322367907 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.322607040 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.322664022 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.322912931 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.322927952 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.353812933 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.354289055 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.354348898 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.354739904 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.354793072 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.384309053 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.384464025 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.384639025 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.384942055 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.384943008 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.384974957 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.384994984 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.388648033 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.388685942 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.388967991 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.388968945 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.389005899 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.417609930 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.417762995 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.417839050 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.418019056 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.418019056 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.418067932 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.418102980 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.419358015 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.419564009 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.419656992 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.419789076 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.419806957 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.419831038 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.419843912 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.420114994 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.420130014 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.420192957 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.420315027 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.420327902 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.421777964 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.421792030 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.421881914 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.421962976 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.421974897 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.422135115 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.422158957 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.422188044 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.422199011 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.422199965 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.422214985 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.422240973 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.424046993 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.424103975 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.424184084 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.424300909 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.424319983 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.455221891 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.455400944 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.455495119 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.455574036 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.455574036 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.455615044 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.455646992 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.458189011 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.458229065 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:13.458292007 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.458434105 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:13.458452940 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.030457020 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.031119108 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.031147003 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.031548977 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.031553984 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.060125113 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.060772896 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.060808897 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.061034918 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.061042070 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.064440966 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.064831018 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.064888000 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.065251112 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.065263987 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.074861050 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.075223923 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.075283051 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.075531006 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.075546980 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.090578079 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.090894938 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.090939045 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.091211081 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.091218948 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.129595041 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.129718065 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.129779100 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.130031109 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.130031109 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.130048990 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.130059004 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.132823944 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.132863998 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.132968903 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.133121967 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.133142948 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.158312082 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.158502102 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.158679008 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.158679008 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.158679008 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.160729885 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.160793066 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.160876989 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.160986900 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.161003113 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.162575006 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.162740946 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.162803888 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.162851095 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.162851095 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.162875891 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.162899971 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.164757967 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.164844036 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.164921045 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.165031910 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.165055990 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.174475908 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.174694061 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.174752951 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.174837112 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.174879074 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.175035000 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.175035000 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.175035000 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.177051067 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.177134037 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.177428961 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.177428961 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.177558899 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.190289021 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.190582991 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.190620899 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.190634012 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.190687895 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.190732002 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.190751076 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.190763950 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.190771103 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.192605019 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.192672968 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.192759991 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.192871094 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.192905903 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.466626883 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.466650963 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.482429028 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.482490063 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.508846998 CEST	49887	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:52:14.508935928 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:14.509078026 CEST	49887	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:52:14.509325981 CEST	49887	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:52:14.509361982 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:14.786600113 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.787126064 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.787164927 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.787645102 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.787661076 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.801764965 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.802129984 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.802165031 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.802503109 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.802515984 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.824074984 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.824428082 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.824487925 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.824821949 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.824835062 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.834554911 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.834877014 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.834892988 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.835242987 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.835256100 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.844608068 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.844954967 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.845012903 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.845339060 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.845355988 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.887487888 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.887631893 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.887837887 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.887837887 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.887837887 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.890892982 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.890947104 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.891030073 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.891165972 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.891187906 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.900333881 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.900471926 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.900537968 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.900590897 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.900621891 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.900651932 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.900665998 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.902525902 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.902607918 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.902703047 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.902806997 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.902832031 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.923824072 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.924335003 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.924468994 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.924511909 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.924542904 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.924592972 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.924639940 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.924639940 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.924670935 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.924714088 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.927242994 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.927313089 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.927373886 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.927483082 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.927504063 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.933944941 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.934005976 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.934195042 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.935261965 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.935261965 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.935312986 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.935348034 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.946630955 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.946687937 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.946758032 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.946902990 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.946917057 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.948729038 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.948899984 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.948949099 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.949348927 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.949374914 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.949399948 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.949413061 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.952301979 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.952373981 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:14.952444077 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.952565908 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:14.952591896 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.153506994 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:15.153805017 CEST	49887	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:52:15.153839111 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:15.154567957 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:15.155515909 CEST	49887	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:52:15.155775070 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:15.189352989 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.189383030 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.199101925 CEST	49887	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:52:15.543035984 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.543544054 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.543626070 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.544018984 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.544033051 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.576378107 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.579874039 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.579952002 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.580027103 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.580312967 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.580326080 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.580549955 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.580579996 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.580858946 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.580869913 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.592441082 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.594723940 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.594753027 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.595139980 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.595149040 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.623116970 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.623652935 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.623725891 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.624068975 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.624102116 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.641213894 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.641863108 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.642055035 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.642622948 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.642648935 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.646816015 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.646852970 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.646909952 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.647058010 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.647075891 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.679862022 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.679932117 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.679989100 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.680007935 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.680053949 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.680103064 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.680171967 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.680171967 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.680187941 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.680207968 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.681730032 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.681886911 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.681938887 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.682151079 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.682151079 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.682187080 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.682210922 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.682374001 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.682387114 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.682437897 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.682719946 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.682734966 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.684218884 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.684282064 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.684348106 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.684464931 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.684494972 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.693468094 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.693871975 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.693928957 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.694015980 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.694032907 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.694055080 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.694067955 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.696127892 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.696208000 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.696284056 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.696432114 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.696465969 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.723192930 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.723257065 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.723313093 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.723336935 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.723366022 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.723464966 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.723464966 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.723464966 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.725214005 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.725239992 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:15.725315094 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.725430965 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:15.725445032 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.044372082 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.044445992 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.327826977 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.341847897 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.349231958 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.349271059 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.350543976 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.353241920 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.353249073 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.361175060 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.361191034 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.361515045 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.361521006 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.361699104 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.361763000 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.362003088 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.362015963 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.367176056 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.367456913 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.367469072 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.367790937 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.367795944 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.389188051 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.399360895 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.399435043 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.399722099 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.399736881 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.449147940 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.449311972 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.449393034 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.449605942 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.449628115 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.449640989 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.449649096 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.452694893 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.452728033 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.452810049 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.452929974 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.452946901 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.460654974 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.460792065 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.460861921 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.460925102 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.460926056 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.460963964 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.460988045 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.463221073 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.463305950 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.463454962 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.463546038 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.463572025 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.464319944 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.464451075 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.464513063 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.464565039 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.464565039 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.464584112 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.464598894 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.466716051 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.466799974 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.467062950 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.467062950 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.467226028 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.474205017 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.474355936 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.474411011 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.474436045 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.474443913 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.474452972 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.474457026 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.476330042 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.476418972 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.476505041 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.476636887 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.476660013 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.504481077 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.504930019 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.505002975 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.505023956 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.505188942 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.505188942 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.505188942 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.506937981 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.506961107 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.507028103 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.507159948 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.507183075 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:16.716224909 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:16.716284990 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.096468925 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.096977949 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.097003937 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.097429037 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.097435951 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.110342026 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.110704899 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.110781908 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.111049891 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.111067057 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.118447065 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.118798018 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.118885040 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.118999004 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.119024992 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.148035049 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.148394108 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.148452997 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.148715019 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.148730040 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.171283960 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.171602964 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.171639919 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.171945095 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.171955109 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.195549011 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.195700884 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.195779085 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.195877075 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.195895910 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.195925951 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.195940018 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.198559046 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.198600054 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.198827982 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.198827982 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.198892117 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.208873034 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.209022999 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.209101915 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.209203959 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.209203959 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.209244967 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.209289074 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.211082935 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.211122990 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.211215019 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.211313009 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.211329937 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.218646049 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.218728065 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.218827963 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.218905926 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.218907118 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.219270945 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.219270945 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.219336987 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.219372988 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.220824003 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.220887899 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.220967054 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.221067905 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.221086025 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.247270107 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.247328043 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.247378111 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.247473955 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.247509003 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.247550011 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.247567892 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.250875950 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.250921965 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.251000881 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.251101017 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.251130104 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.273968935 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.274111986 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.274319887 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.274404049 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.274404049 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.274427891 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.274449110 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.276110888 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.276149988 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.276216030 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.276319027 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.276331902 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.852941990 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.853851080 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.853890896 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.854324102 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.854350090 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.865145922 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.865588903 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.865678072 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.865742922 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.865757942 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.874386072 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.874614954 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.874635935 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.874897957 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.874903917 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.889193058 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.889702082 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.889738083 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.890106916 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.890117884 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.924716949 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.925071001 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.925108910 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.925388098 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.925395012 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.951209068 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.951284885 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.951383114 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.951402903 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.951467037 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.951775074 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.951796055 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.951816082 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.951822996 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.954880953 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.954965115 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.955240011 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.955240965 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.955369949 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.967241049 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.967603922 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.967742920 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.967742920 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.967744112 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.969583988 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.969666004 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.969755888 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.969870090 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.969897985 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.975881100 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.976027012 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.976111889 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.976113081 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.976170063 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.976195097 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.978775978 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.978805065 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.978890896 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.979001999 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.979028940 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.987468958 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.987637997 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.987720966 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.987787008 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.987787008 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.987818956 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.987852097 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.989962101 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.990046024 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:17.990156889 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.990297079 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:17.990335941 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.022608995 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.022770882 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.022842884 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.022881031 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.022881031 CEST	49907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.022898912 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.022912025 CEST	443	49907	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.024739981 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.024825096 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.024915934 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.025037050 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.025070906 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.280082941 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.280143976 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.600174904 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.600878954 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.600939035 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.601438999 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.601491928 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.608762026 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.609652996 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.609695911 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.610084057 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.610096931 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.620904922 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.651484013 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.662743092 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.662780046 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.663428068 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.663436890 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.664160013 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.664218903 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.664563894 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.664617062 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.676682949 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.677795887 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.677836895 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.678390026 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.678404093 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.700643063 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.700740099 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.700850010 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.700931072 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.700931072 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.701020002 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.701020002 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.701061010 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.701092005 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.706752062 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.706918001 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.706981897 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.711543083 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.711580038 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.711607933 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.711637974 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.717365026 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.717452049 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.717689037 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.720411062 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.720462084 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.730561972 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.730679035 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.730757952 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.730891943 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.730937958 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.758775949 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.758862972 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.758917093 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.758935928 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.759147882 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.759202003 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.761454105 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.761454105 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.761471987 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.761492014 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.776701927 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.776771069 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.776835918 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.776859045 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.776930094 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.776979923 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.777268887 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.777312994 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.777376890 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.780265093 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.780266047 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.780289888 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.780313015 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.789302111 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.789328098 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.806387901 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.806423903 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.806495905 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.806651115 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.806668997 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.809689045 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.810302019 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.810379982 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.813769102 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.813807964 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.813841105 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.813855886 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.824119091 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.824201107 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:18.824285030 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.824390888 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:18.824435949 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.316293001 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.317117929 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.317181110 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.317606926 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.317661047 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.405517101 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.405895948 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.405925989 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.406342983 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.406351089 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.418479919 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.418628931 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.418699980 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.418771982 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.418771982 CEST	49913	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.418802977 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.418826103 CEST	443	49913	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.422184944 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.422267914 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.422360897 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.422487020 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.422508001 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.488898993 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.489233017 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.489257097 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.489617109 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.489624977 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.500227928 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.501187086 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.501243114 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.501547098 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.501562119 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.502964020 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.503262043 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.503292084 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.503789902 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.503799915 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.509310961 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.509612083 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.509660959 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.509691954 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.509716988 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.509763002 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.509793043 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.509807110 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.509821892 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.509829044 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.512423992 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.512454033 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.512514114 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.512618065 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.512625933 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.586432934 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.586498976 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.586555958 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.586575985 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.586602926 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.586651087 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.586791039 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.586808920 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.586822033 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.586827993 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.589623928 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.589709044 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.589994907 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.589996099 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.590127945 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.599905968 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.600049973 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.600140095 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.600219011 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.600219011 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.600259066 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.600287914 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.601989985 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.602040052 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.602137089 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.602226973 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.602241993 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.608539104 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.608686924 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.608748913 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.608800888 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.608800888 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.608820915 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.608839989 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.610507011 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.610527039 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:19.610610008 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.610708952 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:19.610730886 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.079236031 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.079768896 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.079849005 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.080250025 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.080265045 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.153207064 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.153564930 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.153583050 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.154005051 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.154011011 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.179260969 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.179423094 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.179719925 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.179719925 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.179721117 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.182384968 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.182507038 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.182605028 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.182756901 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.182810068 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.243815899 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.244447947 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.244530916 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.244899988 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.244915009 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.260772943 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.261198997 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.261276960 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.261476040 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.261492968 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.265060902 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.265192032 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.265284061 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.265311003 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.265326023 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.265333891 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.265338898 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.265675068 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.267879963 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.267908096 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.267940044 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.268023014 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.268105984 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.268205881 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.268208027 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.268218040 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.268237114 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.358161926 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.358311892 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.358390093 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.358407974 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.358473063 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.358525991 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.358525991 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.358567953 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.358596087 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.360421896 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.360439062 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.360513926 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.360636950 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.360646963 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.366389990 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.366750002 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.366828918 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.366828918 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.366867065 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.366878033 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.368558884 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.368566990 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.368633032 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.368736982 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.368743896 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.449111938 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.449210882 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.449325085 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.449404955 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.449404955 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.449531078 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.449532032 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.449572086 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.449603081 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.451528072 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.451610088 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.452259064 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.452699900 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.452733994 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.483076096 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.483138084 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.837893009 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.838618994 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.838679075 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.839003086 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.839020967 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.938246965 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.938538074 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.938630104 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.938710928 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.938710928 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.938751936 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.938780069 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.941611052 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.941709995 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.941792965 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.941939116 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.941958904 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.945681095 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.946252108 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.946336031 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:20.946574926 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:20.946589947 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.042268038 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.042752981 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.042767048 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.043181896 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.043186903 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.049896002 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.050224066 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.050415039 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.050415039 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.050415039 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.052962065 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.053018093 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.053226948 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.053273916 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.053287983 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.090293884 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.105403900 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.105482101 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.105732918 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.105747938 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.144999981 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.145148039 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.145309925 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.186642885 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.186642885 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.186678886 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.186691999 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.201647043 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.201805115 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.201984882 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.232346058 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.232346058 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.232409954 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.232441902 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.356204987 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.356214046 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.356236935 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.356300116 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.356319904 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.356389999 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.356442928 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.356453896 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.356529951 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.356551886 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.359241962 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.359271049 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.577510118 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.578212023 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.578286886 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.578672886 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.578685999 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.674988031 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.675158978 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.675219059 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.675251007 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.675324917 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.675405025 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.675554991 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.675585985 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.693137884 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.693249941 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.693320990 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.693623066 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.693655014 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.718952894 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.719403982 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.719439030 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.719844103 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.719852924 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.820682049 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.820904970 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.821011066 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.823359013 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.823359013 CEST	49929	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.823400021 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.823414087 CEST	443	49929	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.823514938 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.823596001 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.823677063 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.823803902 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:21.823858023 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:21.998481989 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.001672029 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.001749039 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.002042055 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.002110004 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.002125978 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.002427101 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.002454996 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.002859116 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.002865076 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.096920013 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.097074986 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.097166061 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.097244024 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.097280025 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.097326994 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.097342968 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.099852085 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.099946022 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.100020885 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.100162983 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.100195885 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.100466967 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.100768089 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.100924969 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.100924969 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.100924969 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.102705956 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.102752924 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.102816105 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.102943897 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.102961063 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.329476118 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.329921961 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.329978943 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.330344915 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.330358028 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.404246092 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.404269934 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.428113937 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.428307056 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.428381920 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.428462029 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.428498030 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.428524017 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.428539038 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.431283951 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.431366920 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.431478977 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.431628942 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.431689024 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.476725101 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.477401018 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.477461100 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.477807999 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.477861881 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.578005075 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.578071117 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.578157902 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.578496933 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.578496933 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.578563929 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.578602076 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.585222006 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.585304022 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.585382938 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.585525036 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.585568905 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.740801096 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.741291046 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.741327047 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.741656065 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.741754055 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.741769075 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.742085934 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.742100954 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.742508888 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.742516041 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.839262009 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.839504957 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.839520931 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.839585066 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.839627028 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.839627028 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.839652061 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.839673996 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.840224028 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.840452909 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.840476990 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.840497017 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.840508938 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.840517044 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.842730045 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.842761993 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.842825890 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.842808008 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.842907906 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.842976093 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.843036890 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.843053102 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:22.843127012 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:22.843163013 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.087650061 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.088455915 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.088546991 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.088582039 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.088597059 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.188114882 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.188271046 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.188369989 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.188554049 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.188554049 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.188554049 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.191451073 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.191535950 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.191853046 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.191853046 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.191987038 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.222805023 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.223366976 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.223478079 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.223737955 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.223754883 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.321075916 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.321217060 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.321424961 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.321507931 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.321507931 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.321578979 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.321611881 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.323749065 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.323832989 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.327117920 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.327543974 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.327599049 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.478943110 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.480159998 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.480240107 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.480568886 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.480587959 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.482917070 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.489053965 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.489113092 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.490772963 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.490797997 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.491251945 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.491259098 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.569014072 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:23.569094896 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:23.569308043 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:23.569402933 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:23.569427967 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:23.577441931 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.577615976 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.577713966 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.577948093 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.577948093 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.577986002 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.578008890 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.580785036 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.580868006 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.581016064 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.581161976 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.581197023 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.586601019 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.586743116 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.586868048 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.587002039 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.587018967 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.587030888 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.587038040 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.588897943 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.588952065 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.589061975 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.589160919 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.589179993 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.837718964 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.838846922 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.838924885 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.839710951 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.839725018 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.935997963 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.936006069 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.936064959 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.936094999 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.936127901 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.936189890 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.936672926 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.936672926 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.936702967 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.936722994 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.939946890 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.939999104 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.940073013 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.940227985 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.940249920 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.963665009 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.964097023 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.964114904 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.964628935 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.964638948 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.995261908 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.995619059 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.995630026 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:23.996093035 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:23.996098042 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.062263012 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.062397957 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.062454939 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.062473059 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.062560081 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.062587023 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.062587023 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.062612057 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.062660933 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.062674046 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.065028906 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.065112114 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.065181017 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.065289021 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.065320015 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.093943119 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.094011068 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.094059944 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.094069004 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.094099045 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.094141960 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.094191074 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.094204903 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.094216108 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.094222069 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.096281052 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.096306086 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.096365929 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.096482038 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.096496105 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.199091911 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:24.199630022 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:24.199692965 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:24.200220108 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:24.200526953 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:24.200619936 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:24.200696945 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:24.200696945 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:24.200748920 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:24.249413967 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.250320911 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.250391960 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.250654936 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.250669003 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.275971889 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.276385069 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.276463032 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.276628017 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.276642084 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.352591991 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.352664948 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.352767944 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.352818012 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.352818966 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.353110075 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.353110075 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.353174925 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.353209972 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.355742931 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.355834007 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.355926991 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.356082916 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.356106997 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.381737947 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.382497072 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.382574081 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.382623911 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.382625103 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.382659912 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.382684946 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.384712934 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.384737968 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.384874105 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.384983063 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.385006905 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.498570919 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:24.499090910 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:24.499159098 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:24.499234915 CEST	49943	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:24.499270916 CEST	443	49943	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:24.592034101 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.592524052 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.592567921 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.593007088 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.593019009 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.695142031 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.695199013 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.695256948 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.695287943 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.695318937 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.695373058 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.695549965 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.695549965 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.695573092 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.695594072 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.698431969 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.698460102 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.698524952 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.698697090 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.698710918 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.704623938 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.704973936 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.705032110 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.705379009 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.705394030 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.745452881 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.745769024 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.745788097 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.746134043 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.746138096 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.807044029 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.807189941 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.807245970 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.807277918 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.807293892 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.807306051 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.807312012 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.809874058 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.809890032 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.809961081 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.810089111 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.810101032 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.844552994 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.844613075 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.844708920 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.844724894 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.844768047 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.844825029 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.844863892 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.844876051 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.844885111 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.844888926 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.847240925 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.847290993 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.847539902 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.847706079 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.847722054 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.996324062 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.996731043 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.996809959 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:24.997085094 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:24.997101068 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.037568092 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.038702011 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.038718939 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.039092064 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.039102077 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.053133011 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:25.053329945 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:25.053395987 CEST	49887	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:52:25.096250057 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.096316099 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.096400023 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.096414089 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.096504927 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.096504927 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.096549034 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.096576929 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.096591949 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.098337889 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.098391056 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.098489046 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.098572969 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.098599911 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.137636900 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.137712955 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.137825966 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.137871027 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.137914896 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.137975931 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.137999058 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.138021946 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.138035059 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.143475056 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.143496990 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.143636942 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.147429943 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.147464037 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.352518082 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.353066921 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.353094101 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.353521109 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.353526115 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.452491999 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.452754021 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.452915907 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.452915907 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.452915907 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.454102993 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.454615116 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.454644918 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.454931974 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.454937935 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.456007004 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.456090927 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.456202984 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.456392050 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.456429005 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.485603094 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.487907887 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.487938881 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.488284111 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.488296986 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.551726103 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.552474022 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.552561045 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.552787066 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.552795887 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.552824974 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.552829027 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.555531979 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.555623055 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.559654951 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.559777021 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.559798956 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.584148884 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.584297895 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.584379911 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.584534883 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.584534883 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.584561110 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.584583044 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.586380959 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.586405993 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.586489916 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.586610079 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.586632967 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.743455887 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.743823051 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.743843079 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.744251013 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.744261026 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.764389992 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.764405012 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.823442936 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.823816061 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.823827028 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.824273109 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.824276924 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.862564087 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.862926006 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.863037109 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.863104105 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.863171101 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.863171101 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.863199949 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.863221884 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.865906000 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.865989923 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.866086006 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.866208076 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.866233110 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.924968958 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.925188065 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.925569057 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.925600052 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.925611973 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.925622940 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.925626993 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.927438021 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.927527905 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:25.927638054 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.927737951 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:25.927767992 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.154282093 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.156208038 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.156267881 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.156687975 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.156742096 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.214370966 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.215034962 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.215073109 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.215369940 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.215404987 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.233867884 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.234216928 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.234251976 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.234611988 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.234627008 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.256537914 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.256665945 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.256751060 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.256774902 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.256864071 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.257077932 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.257077932 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.257126093 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.257153988 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.259902954 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.259988070 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.260082006 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.260246038 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.260270119 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.312834978 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.313189030 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.313261032 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.313352108 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.313352108 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.313395023 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.313420057 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.315356016 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.315455914 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.315538883 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.315689087 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.315727949 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.365556955 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.365582943 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.365621090 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.365675926 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.365792990 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.365793943 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.365809917 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.365830898 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.367767096 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.367835999 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.367929935 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.368051052 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.368087053 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.374663115 CEST	49887	443	192.168.2.4	142.250.184.228
Oct 7, 2024 02:52:26.374726057 CEST	443	49887	142.250.184.228	192.168.2.4
Oct 7, 2024 02:52:26.374871016 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:26.374939919 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:26.375061035 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:26.375293970 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:26.375329971 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:26.510430098 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.510843992 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.510917902 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.511257887 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.511271954 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.570529938 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.571983099 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.572062969 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.572431087 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.572446108 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.611828089 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.612047911 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.612140894 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.612319946 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.612358093 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.612406969 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.612421989 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.614826918 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.614912987 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.615650892 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.615765095 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.615786076 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.669574976 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.669728994 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.669817924 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.670022011 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.670022011 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.670067072 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.670094967 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.672892094 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.672974110 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.673100948 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.673201084 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.673226118 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.912218094 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.912682056 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.912729025 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.913101912 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.913115978 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.990654945 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.991030931 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.991055965 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:26.991430044 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:26.991441011 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.012780905 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.013021946 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.013096094 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.013143063 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.013144016 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.013171911 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.013192892 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.015377045 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.015697002 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.015731096 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.015790939 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.015808105 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.015866995 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.015948057 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.015960932 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.016041994 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.016057014 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.023461103 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:27.023740053 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:27.023782015 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:27.024630070 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:27.024920940 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:27.025073051 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:27.025089979 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:27.025114059 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:27.025166988 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:27.076066017 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:27.302503109 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.302563906 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.302701950 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.302706003 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.302807093 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.302926064 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.302932024 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.302932024 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.302967072 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.303006887 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.303021908 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.303021908 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.303050995 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.305886984 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.305938959 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.305978060 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.306021929 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.306071997 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.306086063 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.306229115 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.306253910 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.306297064 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.306328058 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.323719025 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:27.324057102 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:27.324126005 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:27.324270010 CEST	49964	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:27.324301004 CEST	443	49964	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:27.495043993 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.495491982 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.495553017 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.495944023 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.495958090 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.502604961 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.502975941 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.503015995 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.503235102 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.503246069 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.595077038 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.595323086 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.595400095 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.595433950 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.595448971 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.595464945 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.595472097 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.598169088 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.598252058 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.598365068 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.598494053 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.598515987 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.606455088 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.606554985 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.606606960 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.606617928 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.606662989 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.606707096 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.606719971 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.606733084 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.606733084 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.606739998 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.606749058 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.609139919 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.609236956 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.609316111 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.609467030 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.609498978 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.661170006 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.661709070 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.661747932 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.662050009 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.662056923 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.759838104 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.760272026 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.760320902 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.760329962 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.760377884 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.760437965 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.760437965 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.760437965 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.760468006 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.762723923 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.762789965 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.762868881 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.763031006 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.763056040 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.946716070 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.948051929 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.948117971 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.948607922 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.948622942 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.972973108 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.975029945 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.975076914 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:27.975455046 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:27.975467920 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.045330048 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.045483112 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.045619011 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.045998096 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.045998096 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.046039104 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.046065092 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.048463106 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.048491001 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.048594952 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.048708916 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.048717976 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.060158014 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.060185909 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.075159073 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.075227022 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.075324059 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.075330973 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.076427937 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.120851040 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.120851994 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.120908022 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.120939970 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.126312971 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.126322031 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.126416922 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.126694918 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.126707077 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.253123999 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.254582882 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.294538975 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.306189060 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.306216002 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.306763887 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.306776047 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.307045937 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.307118893 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.307374001 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.307404041 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.402113914 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.402187109 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.402295113 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.402323961 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.402358055 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.402456045 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.402483940 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.402507067 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.402519941 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.405004025 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.405893087 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.405961037 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.407305956 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.407305956 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.407352924 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.407397985 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.410037994 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.410120964 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.410242081 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.410768986 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.410801888 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.411533117 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.411616087 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.411705017 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.411866903 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.411901951 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.420260906 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.420852900 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.420871019 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.421274900 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.421284914 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.520147085 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.520319939 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.520418882 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.520693064 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.520693064 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.520720005 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.520742893 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.522792101 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.522825003 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.522891045 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.523008108 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.523021936 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.686585903 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.687115908 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.687155008 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.687681913 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.687690020 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.785648108 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.785690069 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.785794973 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.785825014 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.785944939 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.785972118 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.785972118 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.785995960 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.786011934 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.786019087 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.788856030 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.788885117 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.788947105 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.789074898 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.789086103 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.805536985 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.805881977 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.805901051 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.806274891 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.806282043 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.910152912 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.910218000 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.910376072 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.910507917 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.910507917 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.910895109 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.910896063 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.910943031 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.910959005 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.913311005 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.913394928 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:28.913511992 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.913633108 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:28.913657904 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.046612978 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.047049999 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.047081947 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.047463894 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.047494888 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.087727070 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.088485956 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.088567019 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.088646889 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.088661909 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.144550085 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.144730091 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.144813061 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.144850969 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.144881964 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.144958019 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.144958019 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.144999981 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.145024061 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.147556067 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.147614002 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.147777081 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.147871017 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.147887945 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.161478043 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.161767960 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.161787033 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.162120104 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.162126064 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.190970898 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.191107988 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.191194057 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.191272020 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.191272974 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.191314936 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.191340923 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.193059921 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.193149090 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.193233967 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.193337917 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.193361998 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.259681940 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.259834051 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.259881973 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.259885073 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.259936094 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.260020018 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.260051012 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.260088921 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.260094881 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.261836052 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.261871099 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.261957884 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.262053013 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.262072086 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.429908037 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.430439949 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.430463076 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.430942059 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.430948019 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.527911901 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.528110981 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.528194904 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.528280020 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.528296947 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.528311014 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.528317928 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.532073975 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.532160997 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.532443047 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.532443047 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.532576084 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.557861090 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.558317900 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.558403015 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.558697939 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.558715105 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.659379959 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.659504890 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.659573078 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.659636021 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.659679890 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.659738064 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.659738064 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.659784079 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.659811020 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.662439108 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.662523031 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.662616968 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.662899017 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.662978888 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.814855099 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.815475941 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.815519094 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.815943003 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.815953970 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.845278025 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.846153021 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.846246004 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.846282005 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.846297026 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.909847021 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.910590887 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.910677910 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.910749912 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.910767078 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.918459892 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.918658018 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.918751001 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.918960094 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.918960094 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.918989897 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.919034958 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.921637058 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.921685934 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.921765089 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.921905994 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.921916962 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.946907997 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.947026968 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.947132111 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.947303057 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.947304010 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.947484016 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.947484016 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.947525978 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.947556973 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.949412107 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.949450970 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:29.949517965 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.949639082 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:29.949662924 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.010348082 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.010622978 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.010735035 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.010735035 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.010842085 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.010880947 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.012933016 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.013015985 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.013103008 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.013453960 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.013535976 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.210833073 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.211322069 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.211435080 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.211842060 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.211926937 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.324248075 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.324604988 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.324683905 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.324982882 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.324996948 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.325444937 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.325504065 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.325573921 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.325598955 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.325671911 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.325673103 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.325793982 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.325833082 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.329562902 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.329612017 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.329693079 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.329843044 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.329863071 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.424618959 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.424778938 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.424844027 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.424988985 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.424988985 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.425033092 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.425059080 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.427563906 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.427658081 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.427746058 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.427876949 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.427900076 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.566004992 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.566507101 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.566526890 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.566992044 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.566998959 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.596359968 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.634109020 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.634129047 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.634758949 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.634764910 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.666599035 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.666743040 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.666826963 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.667176962 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.667197943 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.667234898 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.667243004 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.698906898 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.698966980 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.699047089 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.702207088 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.702254057 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.708733082 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.712160110 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.712220907 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.712641954 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.712693930 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.730437040 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.730508089 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.730608940 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.730779886 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.730961084 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.730984926 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.730997086 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.731004000 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.760994911 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.761082888 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.761185884 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.771080971 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.771157980 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.814524889 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.814694881 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.814874887 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.814874887 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.814956903 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.814994097 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.823074102 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.823143959 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.823232889 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.823546886 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.823575020 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.972193956 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.972796917 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.972877026 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:30.973309040 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:30.973361015 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.070698023 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.071193933 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.071708918 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.071708918 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.071708918 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.074026108 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.074114084 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.074366093 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.074366093 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.074496031 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.094410896 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.094966888 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.095026016 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.095237970 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.095251083 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.199949980 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.200012922 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.200114012 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.200160980 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.200325966 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.200752974 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.200753927 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.200846910 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.200882912 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.203777075 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.203861952 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.203969955 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.204099894 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.204124928 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.348535061 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.349050999 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.349109888 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.349386930 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.349401951 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.373378038 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.373439074 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.435132027 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.437305927 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.437366009 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.437766075 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.437818050 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.447786093 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.447937012 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.448008060 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.448064089 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.448064089 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.448097944 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.448124886 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.450666904 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.450768948 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.450859070 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.450953960 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.450973988 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.503619909 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.505104065 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.505162954 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.505568981 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.505582094 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.538604021 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.538642883 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.538691998 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.538826942 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.538826942 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.538955927 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.538957119 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.538996935 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.539025068 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.541470051 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.541521072 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.541594982 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.541709900 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.541728973 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.602858067 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.603003025 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.603075027 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.603121996 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.603121996 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.603149891 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.603172064 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.605057955 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.605099916 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.605313063 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.605313063 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.605377913 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.766628027 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.766995907 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.767029047 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.767412901 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.767421007 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.869014978 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.869204044 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.869283915 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.869635105 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.869635105 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.869702101 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.869739056 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.869935036 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.870320082 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.870347023 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.870769024 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.870781898 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.872319937 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.872359991 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.872426987 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.872524023 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.872533083 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.970202923 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.970779896 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.970920086 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.970983982 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.970983982 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.971072912 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.971072912 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.971115112 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.971178055 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.973001003 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.973052025 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:31.973124027 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.973252058 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:31.973263025 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.137080908 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.137746096 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.137831926 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.138078928 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.138093948 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.176781893 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.177236080 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.177275896 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.177689075 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.177695036 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.238275051 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.238421917 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.238497019 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.238636017 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.238698006 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.238732100 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.238748074 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.241360903 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.241451025 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.241543055 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.241673946 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.241712093 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.253843069 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.254432917 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.254476070 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.254774094 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.254801035 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.277193069 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.277257919 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.277365923 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.277637959 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.277657986 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.277672052 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.277678013 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.279676914 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.279761076 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.279860020 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.279975891 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.280004025 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.353080034 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.353144884 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.353249073 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.353307009 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.353307009 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.353352070 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.353369951 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.353384972 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.353393078 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.355309963 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.355422020 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.355711937 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.355711937 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.355868101 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.543970108 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.544471979 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.544502974 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.545191050 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.545217037 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.614161968 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.614506006 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.614543915 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.614831924 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.614837885 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.646575928 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.646724939 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.646781921 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.646821976 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.646836042 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.649703979 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.649813890 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.649888039 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.650001049 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.650029898 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.712637901 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.712795019 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.712841988 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.712855101 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.712893963 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.712925911 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.712949038 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.712963104 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.712963104 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.712971926 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.712980032 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.715070009 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.715105057 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.715174913 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.715307951 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.715322971 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.894848108 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.899209976 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.899266005 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.899638891 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.899651051 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.927776098 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.928412914 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.928493977 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.928872108 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:32.928925991 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.996890068 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.997049093 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:32.997127056 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.011028051 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.011084080 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.011117935 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.011135101 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.011938095 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.015328884 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.015443087 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.015742064 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.015768051 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.015824080 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.016160011 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.016212940 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.016267061 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.016307116 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.031084061 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.031152964 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.031280041 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.032082081 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.032083035 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.032149076 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.032186031 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.037210941 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.037292957 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.037399054 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.037619114 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.037657022 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.112592936 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.112787962 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.113038063 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.118844032 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.118906021 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.118968964 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.118988037 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.162623882 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.162668943 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.162744999 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.165987015 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.166002035 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.307336092 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.307804108 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.307879925 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.308295012 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.308309078 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.391861916 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.392549038 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.392587900 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.393079042 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.393085957 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.409286976 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.409356117 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.409465075 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.409591913 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.409591913 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.409826040 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.409826040 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.409869909 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.409899950 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.412578106 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.412620068 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.412898064 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.412898064 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.412961960 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.495656013 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.495803118 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.495907068 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.497904062 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.497904062 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.497914076 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.497925043 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.497940063 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.497956991 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.498030901 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.498130083 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.498137951 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.657805920 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.658891916 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.658972979 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.659239054 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.659291983 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.714838982 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.715506077 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.715583086 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.716020107 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.716072083 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.756979942 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.757055044 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.757153988 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.757232904 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.757234097 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.757319927 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.757319927 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.757359982 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.757390022 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.759980917 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.760031939 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.760097980 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.760206938 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.760215044 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.806238890 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.806570053 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.806586981 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.806956053 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.806962013 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.819344997 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.819531918 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.819700956 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.819701910 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.821657896 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.821696997 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.821778059 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.821813107 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.821837902 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.822001934 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.822010994 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.904838085 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.904906034 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.904948950 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.904958963 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.905005932 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.905025959 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.905047894 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.905062914 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.905064106 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.905076027 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.905085087 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.906667948 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.906737089 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:33.906809092 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.906917095 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:33.906934023 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.050961018 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.051403046 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.051430941 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.051915884 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.051923037 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.138319016 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.138871908 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.138930082 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.139199972 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.139213085 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.148742914 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.148968935 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.149039030 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.149355888 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.149355888 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.149388075 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.149408102 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.151866913 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.151972055 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.152157068 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.152230024 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.152247906 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.238166094 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.238318920 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.238563061 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.238775969 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.238775969 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.238796949 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.238810062 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.241183043 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.241266966 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.241657972 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.241657972 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.241771936 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.450778008 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.451349020 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.451379061 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.451751947 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.451759100 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.471220970 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.471641064 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.471668005 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.471980095 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.471986055 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.558486938 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.558630943 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.558691978 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.558739901 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.558739901 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.558762074 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.558773994 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.560785055 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.562748909 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.562832117 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.562913895 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.563522100 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.563580036 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.564100981 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.564100981 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.564188957 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.564220905 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.572309971 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.572427034 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.572478056 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.572488070 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.572501898 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.572547913 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.572570086 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.572570086 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.572582006 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.572616100 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.574599028 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.574681997 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.574788094 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.574929953 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.574956894 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.661847115 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.662012100 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.662194967 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.662292004 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.662292957 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.662333012 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.662363052 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.664968014 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.665060997 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.665149927 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.665307999 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.665327072 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.793651104 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.794006109 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.794064045 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:34.794385910 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:34.794399023 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.063232899 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.063420057 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.063513041 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.063594103 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.063594103 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.063637018 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.063666105 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.065968037 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.066015005 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.066097021 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.066236019 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.066261053 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.070396900 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.070799112 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.070831060 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.071213961 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.071224928 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.172657013 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.172837019 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.172900915 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.172971964 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.172971964 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.172992945 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.173012972 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.175470114 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.175553083 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.175645113 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.175748110 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.175769091 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.253149986 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.253704071 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.253763914 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.254029989 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.254082918 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.255289078 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.255750895 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.255834103 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.255943060 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.255971909 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.307670116 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.308221102 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.308263063 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.308574915 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.308584929 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.354231119 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.354599953 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.354800940 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.354885101 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.354885101 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.354926109 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.354958057 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.355443954 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.355597019 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.355773926 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.356162071 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.356163025 CEST	50015	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.356228113 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.356262922 CEST	443	50015	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.359908104 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.359949112 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.360143900 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.360821009 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.360877991 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.360940933 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.361438990 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.361465931 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.361536980 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.361553907 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.408304930 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.408438921 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.408617973 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.408618927 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.408618927 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.410434008 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.410453081 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.410510063 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.410645008 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.410659075 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.706139088 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.706773043 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.706820965 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.707258940 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.707268000 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.721467018 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.721489906 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.806942940 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.807104111 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.807178974 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.807285070 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.807307005 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.807329893 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.807343006 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.810079098 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.810111046 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.810189009 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.810337067 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.810353041 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.844959021 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.845627069 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.845712900 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.846007109 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.846061945 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.947097063 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.947201014 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.947299957 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.947479963 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.947479963 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.947566032 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.947566032 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.947607994 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.947642088 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.949623108 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.949657917 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:35.949729919 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.949851990 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:35.949857950 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.002157927 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.002590895 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.002629995 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.002979994 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.003006935 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.015558004 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.015973091 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.016009092 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.016298056 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.016304970 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.063968897 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.064366102 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.064402103 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.064723015 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.064728975 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.101624966 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.101778030 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.101939917 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.102000952 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.102025032 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.102041006 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.102047920 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.104603052 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.104686022 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.104795933 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.104929924 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.104955912 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.116925001 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.116956949 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.117005110 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.117018938 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.117055893 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.117187977 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.117208958 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.117238998 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.117247105 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.119070053 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.119153023 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.119240999 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.119368076 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.119419098 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.164248943 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.164494991 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.164580107 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.164608955 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.164608955 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.164618015 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.164628029 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.166387081 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.166425943 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.166491985 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.166595936 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.166610003 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.476978064 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.477786064 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.477826118 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.478287935 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.478315115 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.579026937 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.579097033 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.579195976 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.579231977 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.579253912 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.579447031 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.579462051 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.579472065 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.579477072 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.581949949 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.582045078 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.582145929 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.582267046 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.582288980 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.604671001 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.605506897 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.605532885 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.605678082 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.605690956 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.706083059 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.706289053 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.706337929 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.706376076 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.706398010 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.706412077 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.706418991 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.708487034 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.708571911 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.708664894 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.708790064 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.708811045 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.752700090 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.753559113 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.753640890 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.753998041 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.754050970 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.781246901 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.781614065 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.781672955 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.782037020 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.782051086 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.850049973 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.850332975 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.850351095 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.850692034 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.850697041 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.851667881 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.851819992 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.851885080 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.851948977 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.851983070 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.852009058 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.852022886 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.854387999 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.854470968 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.854552031 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.854644060 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.854662895 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.881612062 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.881860971 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.881926060 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.881977081 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.881977081 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.882000923 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.882003069 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.884263992 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.884355068 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.884429932 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.884562969 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.884584904 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.952867985 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.952960014 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.953003883 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.953016043 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.953053951 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.953097105 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.953119993 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.953134060 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.953134060 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.953141928 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.953150988 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.954900026 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.954941034 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:36.955003023 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.955112934 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:36.955130100 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.222353935 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.223320961 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.223381042 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.223926067 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.223978996 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.300116062 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.300637007 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.300695896 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.300874949 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.300889969 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.321567059 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.321712017 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.321778059 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.321819067 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.321819067 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.321835995 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.321858883 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.324307919 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.324332952 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.324400902 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.324506998 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.324516058 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.403126001 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.403202057 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.403300047 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.403422117 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.403460026 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.403506041 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.403522015 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.406414986 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.406443119 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.406521082 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.406661987 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.406677961 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.494963884 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.495325089 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.495417118 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.495754004 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.495768070 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.529114008 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.529458046 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.529489994 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.530172110 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.530178070 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.594041109 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.594151974 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.594305992 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.594357967 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.594427109 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.594427109 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.594470978 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.594506979 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.596465111 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.596503019 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.596575022 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.596689939 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.596699953 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.625133991 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.625468969 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.625478029 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.625863075 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.625866890 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.628264904 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.628421068 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.628508091 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.628537893 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.628549099 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.628582001 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.628598928 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.630440950 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.630486012 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.630561113 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.630675077 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.630687952 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.728512049 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.728539944 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.728630066 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.728652954 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.728770018 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.729324102 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.729439974 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.729474068 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.729501009 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.729513884 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.732904911 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.732988119 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.733081102 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.733186960 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.733222008 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.973674059 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.974358082 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.974383116 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:37.974783897 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:37.974787951 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.043663979 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.044151068 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.044177055 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.044527054 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.044531107 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.072515011 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.072571993 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.072643995 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.072658062 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.072696924 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.072848082 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.074120045 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.074127913 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.074139118 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.074143887 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.084589958 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.084672928 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.084767103 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.084969997 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.085005045 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.142354965 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.142379999 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.142458916 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.142458916 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.142509937 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.142597914 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.142606020 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.142615080 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.142617941 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.144589901 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.144681931 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.144769907 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.145008087 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.145045996 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.235511065 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.236124992 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.236217022 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.236660004 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.236665964 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.271210909 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.271686077 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.271761894 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.271965027 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.271979094 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.309520006 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.310142994 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.310231924 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.310550928 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.310605049 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.337970018 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.338022947 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.338141918 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.338155031 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.343738079 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.343738079 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.343786001 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.343822956 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.346134901 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.346216917 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.346810102 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.346924067 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.346955061 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.372291088 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.372426987 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.372526884 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.372632980 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.372673035 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.372778893 CEST	50036	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.372793913 CEST	443	50036	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.375521898 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.375607014 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.375703096 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.375791073 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.375823021 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.408268929 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.408410072 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.408612013 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.408612013 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.408612013 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.410285950 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.410320997 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.410408020 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.410501003 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.410516977 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.716774940 CEST	50037	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.716836929 CEST	443	50037	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.753542900 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.766113043 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.766170025 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.766566038 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.766581059 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.785213947 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.785801888 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.785866022 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.786252975 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.786266088 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.862355947 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.862514019 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.862607956 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.862782955 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.862782955 CEST	50038	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.862823963 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.862849951 CEST	443	50038	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.866523981 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.866578102 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.866656065 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.866890907 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.866921902 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.883352995 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.883531094 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.883620024 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.883671999 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.883671999 CEST	50039	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.883688927 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.883698940 CEST	443	50039	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.885900021 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.885982037 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.886087894 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.886226892 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.886260033 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.995855093 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.996320963 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.996381044 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:38.996725082 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:38.996737957 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.023612022 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.024071932 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.024133921 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.024446964 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.024466038 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.089636087 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.090049982 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.090081930 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.090420961 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.090431929 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.096267939 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.096328020 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.096410990 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.096438885 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.096466064 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.096499920 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.096532106 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.096582890 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.096610069 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.096636057 CEST	50040	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.096648932 CEST	443	50040	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.098604918 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.098643064 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.098745108 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.098936081 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.098953962 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.125547886 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.125612974 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.125716925 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.125746965 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.125773907 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.125844955 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.125897884 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.125927925 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.125927925 CEST	50041	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.125947952 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.125966072 CEST	443	50041	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.128000975 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.128029108 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.128108978 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.128212929 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.128220081 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.196958065 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.196986914 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.197007895 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.197091103 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.197115898 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.197180986 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.287826061 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.287940979 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.287962914 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.287992001 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.288027048 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.288062096 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.288105011 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.288117886 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.290672064 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.290756941 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.290859938 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.290978909 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.291007042 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.310039997 CEST	50042	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.310051918 CEST	443	50042	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.434731007 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.435589075 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.435632944 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.436136961 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.436150074 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.533178091 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.533231020 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.533364058 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.533510923 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.533510923 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.533827066 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.533827066 CEST	50043	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.533859968 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.533884048 CEST	443	50043	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.535381079 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.535866976 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.535952091 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.536124945 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.536142111 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.537094116 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.537122965 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.537213087 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.537398100 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.537419081 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.636753082 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.636814117 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.636856079 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.636976004 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.636976957 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.637044907 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.637128115 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.722450972 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.722515106 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.722661018 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.722799063 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.722800016 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.722940922 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.722940922 CEST	50044	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.722984076 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.723020077 CEST	443	50044	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.725949049 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.725981951 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.726063013 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.726217985 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.726224899 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.753390074 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.753838062 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.753878117 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.754219055 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.754225969 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.775527954 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.775896072 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.775912046 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.776241064 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.776247025 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.860208035 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.860274076 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.860348940 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.860373974 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.860404968 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.860430002 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.860461950 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.861121893 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.861143112 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.861155033 CEST	50045	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.861161947 CEST	443	50045	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.867805958 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.867886066 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.867961884 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.868464947 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.868503094 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.886007071 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.886060953 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.886111975 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.886130095 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.886174917 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.886226892 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.886585951 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.886600971 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.886619091 CEST	50046	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.886625051 CEST	443	50046	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.893246889 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.893285990 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.893347979 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.893865108 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.893882036 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.936973095 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.944190025 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.944250107 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:39.944842100 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:39.944895983 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.039896011 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.039987087 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.040164948 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.040288925 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.040288925 CEST	50047	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.040333986 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.040365934 CEST	443	50047	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.044533014 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.044637918 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.044728994 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.045598984 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.045634031 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.216384888 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.229705095 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.229724884 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.230350018 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.230360031 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.339772940 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.339905977 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.339972019 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.340205908 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.340244055 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.340269089 CEST	50049	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.340285063 CEST	443	50049	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.343370914 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.343453884 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.343547106 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.343744040 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.343761921 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.377743959 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.378695011 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.378710985 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.379021883 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.379038095 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.478923082 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.479075909 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.479175091 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.479350090 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.479413986 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.479453087 CEST	50050	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.479470015 CEST	443	50050	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.482175112 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.482215881 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.482292891 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.482470036 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.482487917 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.516470909 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.517215967 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.517297029 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.517644882 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.517698050 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.583677053 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.584402084 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.584439039 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.584563017 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.584572077 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.616822958 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.616977930 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.617197990 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.617197990 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.617197990 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.620002031 CEST	50056	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.620040894 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.620131969 CEST	50056	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.620357990 CEST	50056	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.620373011 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.688270092 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.688611031 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.688714981 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.688987970 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.688987970 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.690045118 CEST	50052	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.690063953 CEST	443	50052	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.690383911 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.691101074 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.691188097 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.691236973 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.691251993 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.796750069 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.796835899 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.796905994 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.797069073 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.797113895 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.797143936 CEST	50053	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.797158957 CEST	443	50053	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.919297934 CEST	50051	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.919359922 CEST	443	50051	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.983202934 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.983797073 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.983839989 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:40.984251976 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:40.984265089 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.081830978 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.081971884 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.082170963 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.082240105 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.082241058 CEST	50054	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.082273960 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.082298040 CEST	443	50054	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.172538996 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.173150063 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.173192024 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.173820019 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.173860073 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.278511047 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.278650045 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.278750896 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.279087067 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.279087067 CEST	50055	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.279118061 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.279134035 CEST	443	50055	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.280529022 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.282746077 CEST	50056	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.282767057 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.283112049 CEST	50056	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.283118963 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.380858898 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.380981922 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.381057024 CEST	50056	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.381185055 CEST	50056	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.381213903 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:41.381226063 CEST	50056	443	192.168.2.4	13.107.246.45
Oct 7, 2024 02:52:41.381234884 CEST	443	50056	13.107.246.45	192.168.2.4
Oct 7, 2024 02:52:55.565252066 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:55.565310955 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:55.565484047 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:55.565877914 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:55.565895081 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:56.235100031 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:56.235542059 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:56.235564947 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:56.236077070 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:56.236756086 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:56.236835003 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:56.236897945 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:56.236913919 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:56.236927032 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:56.602655888 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:56.602987051 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:56.603082895 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:56.603461981 CEST	50057	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:56.603485107 CEST	443	50057	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:59.535165071 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:59.535228968 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:52:59.535316944 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:59.535660982 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:52:59.535679102 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:53:00.190885067 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:53:00.191483974 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:53:00.191513062 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:53:00.192985058 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:53:00.193550110 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:53:00.193694115 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:53:00.193706036 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:53:00.193717003 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:53:00.193737984 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:53:00.248132944 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:53:00.487333059 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:53:00.487953901 CEST	443	50058	142.250.181.238	192.168.2.4
Oct 7, 2024 02:53:00.488030910 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:53:00.488178968 CEST	50058	443	192.168.2.4	142.250.181.238
Oct 7, 2024 02:53:00.488203049 CEST	443	50058	142.250.181.238	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 02:51:09.942647934 CEST	52219	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:09.942792892 CEST	58807	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:09.949656010 CEST	53	52219	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:09.949928999 CEST	53	58807	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:09.951159000 CEST	53	54181	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:09.953600883 CEST	53	49282	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:10.931339025 CEST	51450	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:10.931792021 CEST	49993	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:10.938335896 CEST	53	51450	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:10.938385010 CEST	53	49993	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:10.993829012 CEST	53	61609	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:14.451245070 CEST	55650	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:14.451401949 CEST	49355	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:14.513293982 CEST	53	55650	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:14.513530016 CEST	53	49355	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:17.090528011 CEST	53	55300	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:19.603580952 CEST	51004	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:19.603749037 CEST	55020	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:19.610392094 CEST	53	51004	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:19.610410929 CEST	53	55020	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:20.994309902 CEST	60973	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:20.994725943 CEST	63399	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:51:21.001257896 CEST	53	60973	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:21.002126932 CEST	53	63399	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:22.198012114 CEST	138	138	192.168.2.4	192.168.2.255
Oct 7, 2024 02:51:22.490792990 CEST	53	49880	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:28.004874945 CEST	53	53701	1.1.1.1	192.168.2.4
Oct 7, 2024 02:51:46.834997892 CEST	53	56970	1.1.1.1	192.168.2.4
Oct 7, 2024 02:52:09.804878950 CEST	53	61372	1.1.1.1	192.168.2.4
Oct 7, 2024 02:52:09.897198915 CEST	53	59125	1.1.1.1	192.168.2.4
Oct 7, 2024 02:52:21.732057095 CEST	53	57512	1.1.1.1	192.168.2.4
Oct 7, 2024 02:52:23.552150011 CEST	64150	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:52:23.552232981 CEST	57584	53	192.168.2.4	1.1.1.1
Oct 7, 2024 02:52:23.559007883 CEST	53	57584	1.1.1.1	192.168.2.4
Oct 7, 2024 02:52:23.559206009 CEST	53	64150	1.1.1.1	192.168.2.4
Oct 7, 2024 02:52:38.226003885 CEST	53	54193	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 02:51:09.942647934 CEST	192.168.2.4	1.1.1.1	0x518c	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:09.942792892 CEST	192.168.2.4	1.1.1.1	0x4180	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 02:51:10.931339025 CEST	192.168.2.4	1.1.1.1	0x95d1	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.931792021 CEST	192.168.2.4	1.1.1.1	0x5f27	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 02:51:14.451245070 CEST	192.168.2.4	1.1.1.1	0x83e9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:14.451401949 CEST	192.168.2.4	1.1.1.1	0x7014	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 02:51:19.603580952 CEST	192.168.2.4	1.1.1.1	0xb478	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:19.603749037 CEST	192.168.2.4	1.1.1.1	0x4fea	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 02:51:20.994309902 CEST	192.168.2.4	1.1.1.1	0xd0fd	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:20.994725943 CEST	192.168.2.4	1.1.1.1	0x4763	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 02:52:23.552150011 CEST	192.168.2.4	1.1.1.1	0xeab	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:52:23.552232981 CEST	192.168.2.4	1.1.1.1	0xba09	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 02:51:09.949656010 CEST	1.1.1.1	192.168.2.4	0x518c	No error (0)	youtube.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:09.949928999 CEST	1.1.1.1	192.168.2.4	0x4180	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938335896 CEST	1.1.1.1	192.168.2.4	0x95d1	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938385010 CEST	1.1.1.1	192.168.2.4	0x5f27	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 02:51:10.938385010 CEST	1.1.1.1	192.168.2.4	0x5f27	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 02:51:14.513293982 CEST	1.1.1.1	192.168.2.4	0x83e9	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:14.513530016 CEST	1.1.1.1	192.168.2.4	0x7014	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 02:51:19.610392094 CEST	1.1.1.1	192.168.2.4	0xb478	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 02:51:19.610392094 CEST	1.1.1.1	192.168.2.4	0xb478	No error (0)	www3.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:51:19.610410929 CEST	1.1.1.1	192.168.2.4	0x4fea	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 02:51:21.001257896 CEST	1.1.1.1	192.168.2.4	0xd0fd	No error (0)	play.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 02:52:23.559206009 CEST	1.1.1.1	192.168.2.4	0xeab	No error (0)	play.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

play.google.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	142.250.186.78	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:10 UTC	851	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 00:51:10 UTC	1919	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 00:51:10 GMT Date: Mon, 07 Oct 2024 00:51:10 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: YSC=omnWoqYJUmg; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	142.250.185.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:11 UTC	894	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: YSC=omnWoqYJUmg
2024-10-07 00:51:11 UTC	2530	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 00:51:11 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Content-Security-Policy: require-trusted-types-for 'script' Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 01:21:11 GMT; Path=/; Secure; HttpOnly Set-Cookie: VISITOR_INFO1_LIVE=Qpa91Fv4dOQ; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 00:51:11 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOw%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 00:51:11 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:15 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 00:51:15 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=230067 Date: Mon, 07 Oct 2024 00:51:15 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:16 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 00:51:16 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=230002 Date: Mon, 07 Oct 2024 00:51:16 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 00:51:16 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49761	142.250.181.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:21 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 00:51:22 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 00:51:21 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49762	142.250.181.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:21 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 00:51:22 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 00:51:21 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49764	142.250.181.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:22 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 00:51:22 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 36 32 32 38 30 32 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728262280287",null,null,null
2024-10-07 00:51:22 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=so-1sNibFdl-6xg7wPia3G7zgkAozEEeGVBirirsaV5D-qfqsSS_-a1zYQgmNq5KUFFHZgveEkKiTP_f5MGr7ydGQis7dJhDWwld8NsN69RUfN18f7clLetxa0N3mXv55HC8aFjEtu3GK2-sbkxkJ8FwIA-RgbtVO1y7sJLBmErScjpwTA; expires=Tue, 08-Apr-2025 00:51:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 00:51:22 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 00:51:22 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 00:51:22 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 00:51:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49765	142.250.181.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:22 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 00:51:22 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 36 32 32 38 30 32 30 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728262280205",null,null,null
2024-10-07 00:51:23 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=XqXSGk8CZxiaCMiwLFRVwsG2tQluZDiR1GeHv-GYN2qxkc4CxtV0kkehhaL_vC-lHBHOFrVZ0DtMoFE4hltcihsBAfG_XKsV1dVm4zl0OcORrh_rNX7k189D_YuqEK0zBGitfKeNj2pX7donU1Sbu2-IeLkiwASuK6ThYvdsKQE24b2aag; expires=Tue, 08-Apr-2025 00:51:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 00:51:22 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 00:51:22 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 00:51:23 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 00:51:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49740	142.250.184.228	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:23 UTC	1213	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=XqXSGk8CZxiaCMiwLFRVwsG2tQluZDiR1GeHv-GYN2qxkc4CxtV0kkehhaL_vC-lHBHOFrVZ0DtMoFE4hltcihsBAfG_XKsV1dVm4zl0OcORrh_rNX7k189D_YuqEK0zBGitfKeNj2pX7donU1Sbu2-IeLkiwASuK6ThYvdsKQE24b2aag
2024-10-07 00:51:23 UTC	704	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 00:35:07 GMT Expires: Tue, 15 Oct 2024 00:35:07 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 976 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 00:51:23 UTC	686	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 00:51:23 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 00:51:23 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 00:51:23 UTC	1390	IN	Data Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 00:51:23 UTC	574	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49768	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:24 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gs1szRCNStTUBPy&MD=nnK7C6a5 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 00:51:24 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 15581627-82c0-4b85-a6ff-9753a93c78a7 MS-RequestId: c6637e06-186f-43c8-adfc-45dbfb1ec0d4 MS-CV: ZwispDiDXkmNOhLl.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 00:51:23 GMT Connection: close Content-Length: 24490
2024-10-07 00:51:24 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 00:51:24 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49780	142.250.181.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:29 UTC	1298	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1218 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=XqXSGk8CZxiaCMiwLFRVwsG2tQluZDiR1GeHv-GYN2qxkc4CxtV0kkehhaL_vC-lHBHOFrVZ0DtMoFE4hltcihsBAfG_XKsV1dVm4zl0OcORrh_rNX7k189D_YuqEK0zBGitfKeNj2pX7donU1Sbu2-IeLkiwASuK6ThYvdsKQE24b2aag
2024-10-07 00:51:29 UTC	1218	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 32 36 32 32 37 37 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728262277000",null,null,null,
2024-10-07 00:51:29 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=AHmchaevCiY7OBgWH4iH5MFRTCn_x2cBuqNt4q04EQCLqCRDqsSzUn5g0YWY53gaDuVUBLRrMFtTW40lRvEYspcb1BtCouoFsePxkXJlP1K8qhAQAdhUp3UU6odAoRjTkCsWk6y7jgN_MG9__Id8NkOYXfrojrz7fQxegJiqkOVtMC-djAHiHjKYPw; expires=Tue, 08-Apr-2025 00:51:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 00:51:29 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 00:51:29 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 00:51:29 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 00:51:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49781	142.250.181.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:52 UTC	1289	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1068 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=AHmchaevCiY7OBgWH4iH5MFRTCn_x2cBuqNt4q04EQCLqCRDqsSzUn5g0YWY53gaDuVUBLRrMFtTW40lRvEYspcb1BtCouoFsePxkXJlP1K8qhAQAdhUp3UU6odAoRjTkCsWk6y7jgN_MG9__Id8NkOYXfrojrz7fQxegJiqkOVtMC-djAHiHjKYPw
2024-10-07 00:51:52 UTC	1068	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-10-07 00:51:53 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 00:51:53 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 00:51:53 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 00:51:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49782	142.250.181.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:53 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1345 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=AHmchaevCiY7OBgWH4iH5MFRTCn_x2cBuqNt4q04EQCLqCRDqsSzUn5g0YWY53gaDuVUBLRrMFtTW40lRvEYspcb1BtCouoFsePxkXJlP1K8qhAQAdhUp3UU6odAoRjTkCsWk6y7jgN_MG9__Id8NkOYXfrojrz7fQxegJiqkOVtMC-djAHiHjKYPw
2024-10-07 00:51:53 UTC	1345	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 36 32 33 31 32 33 35 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728262312357",null,null,null
2024-10-07 00:51:54 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 00:51:53 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 00:51:54 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 00:51:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49783	142.250.181.238	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:55 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1336 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=AHmchaevCiY7OBgWH4iH5MFRTCn_x2cBuqNt4q04EQCLqCRDqsSzUn5g0YWY53gaDuVUBLRrMFtTW40lRvEYspcb1BtCouoFsePxkXJlP1K8qhAQAdhUp3UU6odAoRjTkCsWk6y7jgN_MG9__Id8NkOYXfrojrz7fQxegJiqkOVtMC-djAHiHjKYPw
2024-10-07 00:51:55 UTC	1336	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 36 32 33 31 34 34 34 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728262314448",null,null,null
2024-10-07 00:51:56 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 00:51:56 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 00:51:56 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 00:51:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:51:58 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:51:58 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:51:58 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 04 Oct 2024 23:21:50 GMT ETag: "0x8DCE4CB535A72FA" x-ms-request-id: 4dad204e-401e-005b-4bf5-169c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005158Z-1657d5bbd482tlqpvyz9e93p5400000002w00000000077cn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:51:58 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 00:51:59 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd48q6t9vvmrkd293mg00000002s000000000a4gv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd48f7nlxc7n5fnfzh000000002e0000000007vu5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd487nf59mzf5b3gk8n00000002g0000000000bpb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c59bb0f9-701e-0097-2d01-17b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd48qjg85buwfdynm5w00000002yg000000000n6m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b27588a3-a01e-003d-6001-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd48p2j6x2quer0q02800000002z000000000ayyk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd48vhs7r2p1ky7cs5w000000031g00000000ft2m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd48qjg85buwfdynm5w00000002s000000000tw5w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd482lxwq1dp2t1zwkc00000002dg00000000rha5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd48xlwdx82gahegw4000000002yg00000000bz7s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:00 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:00 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005200Z-1657d5bbd482lxwq1dp2t1zwkc00000002cg00000000v6x6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:00 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:01 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:01 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005201Z-1657d5bbd48jwrqbupe3ktsx9w00000003100000000044vt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:01 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:01 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:01 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005201Z-1657d5bbd48sdh4cyzadbb374800000002gg00000000p1c9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:01 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:01 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005201Z-1657d5bbd48tnj6wmberkg2xy800000002sg00000000nyuf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:01 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005201Z-1657d5bbd48cpbzgkvtewk0wu000000002y0000000001bg2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:01 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005201Z-1657d5bbd48p2j6x2quer0q02800000002zg0000000087x3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:01 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:02 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:02 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005202Z-1657d5bbd48tqvfc1ysmtbdrg000000002qg000000002v7f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:02 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:02 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:02 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005202Z-1657d5bbd48xlwdx82gahegw4000000002yg00000000bzbv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:02 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:02 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:02 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005202Z-1657d5bbd48xlwdx82gahegw4000000002yg00000000bzbw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:02 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:02 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:02 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005202Z-1657d5bbd482krtfgrg72dfbtn00000002k00000000057bk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:02 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:02 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005202Z-1657d5bbd48tnj6wmberkg2xy800000002x0000000004rma x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:02 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49805	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:02 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gs1szRCNStTUBPy&MD=nnK7C6a5 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 00:52:03 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 9b53cdce-6dc8-4f58-abe6-e79a70f9444b MS-RequestId: f3e317a1-389a-4731-a169-fa8a0550a6e5 MS-CV: FKeYsoKEA0aOsZjy.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 00:52:02 GMT Connection: close Content-Length: 30005
2024-10-07 00:52:03 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-07 00:52:03 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:03 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:03 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005203Z-1657d5bbd482tlqpvyz9e93p5400000002v000000000c8yq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:03 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:03 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:03 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005203Z-1657d5bbd48tqvfc1ysmtbdrg000000002pg000000006be1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:03 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:03 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:03 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005203Z-1657d5bbd482tlqpvyz9e93p5400000002r000000000ut4t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:03 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:03 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:03 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005203Z-1657d5bbd48vlsxxpe15ac3q7n00000002p000000000msph x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:03 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:03 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:03 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005203Z-1657d5bbd482tlqpvyz9e93p5400000002x000000000551r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:03 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:03 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:03 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005203Z-1657d5bbd48qjg85buwfdynm5w00000002yg000000000nmd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:03 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd48762wn1qw4s5sd3000000002k000000000nr3h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:04 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd48sdh4cyzadbb374800000002g000000000ruwx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:04 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd48brl8we3nu8cxwgn00000002yg00000000uqnp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:04 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 688d2aae-a01e-0084-3466-179ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd48dfrdj7px744zp8s00000002m0000000002chg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:04 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 4c0632d0-601e-0097-4413-17f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd482tlqpvyz9e93p5400000002t000000000kfr9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:04 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd48sqtlf1huhzuwq7000000002c000000000v1zn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:04 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd48q6t9vvmrkd293mg00000002s000000000a4th x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:04 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd48qjg85buwfdynm5w00000002v000000000cwkg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:04 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: b8f8ddc8-601e-0001-115a-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005204Z-1657d5bbd48sdh4cyzadbb374800000002mg00000000b1ex x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:05 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:05 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005205Z-1657d5bbd48t66tjar5xuq22r800000002sg000000008zmp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:05 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:05 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:05 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005205Z-1657d5bbd48xdq5dkwwugdpzr0000000033g000000008m59 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:05 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:05 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005205Z-1657d5bbd48t66tjar5xuq22r800000002ug000000001are x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:05 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:05 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 11b227e2-601e-0002-7f6b-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005205Z-1657d5bbd482lxwq1dp2t1zwkc00000002hg000000007fwv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:05 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:05 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:05 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 1be548a6-001e-00a2-4166-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005205Z-1657d5bbd48lknvp09v995n79000000002d000000000au63 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:05 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:06 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:06 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 7709e3c3-b01e-0097-5e02-174f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005206Z-1657d5bbd48vlsxxpe15ac3q7n00000002n000000000rcwv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:06 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:06 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:06 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005206Z-1657d5bbd48sdh4cyzadbb374800000002m000000000dhvc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:06 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:06 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:06 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005206Z-1657d5bbd48brl8we3nu8cxwgn000000035g000000000huu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:06 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:06 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:06 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5a5a1e5c-a01e-001e-18f5-1649ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005206Z-1657d5bbd48qjg85buwfdynm5w00000002tg00000000maye x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:06 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:06 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:06 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005206Z-1657d5bbd48t66tjar5xuq22r800000002rg00000000c99e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:06 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 04801829-801e-00ac-6301-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd48p2j6x2quer0q02800000002vg00000000qgcd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd482lxwq1dp2t1zwkc00000002g000000000dvh4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd48vhs7r2p1ky7cs5w000000030000000000nwuu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd48jwrqbupe3ktsx9w00000003200000000009p0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd48dfrdj7px744zp8s00000002mg000000000srn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd48tnj6wmberkg2xy800000002u000000000fvay x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 46a5aa72-701e-0032-6004-17a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd48tnj6wmberkg2xy800000002xg000000003ctu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd482tlqpvyz9e93p5400000002r000000000utc4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd48jwrqbupe3ktsx9w00000002z000000000avw9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:07 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:07 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:07 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 678513bd-b01e-0053-4460-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005207Z-1657d5bbd48762wn1qw4s5sd3000000002pg000000006av9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:08 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:08 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:08 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005208Z-1657d5bbd48q6t9vvmrkd293mg00000002n000000000ts57 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:08 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:08 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:08 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005208Z-1657d5bbd48sqtlf1huhzuwq7000000002f000000000g8s4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:08 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:08 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:08 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005208Z-1657d5bbd48cpbzgkvtewk0wu000000002wg000000007gax x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:08 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:08 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:08 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005208Z-1657d5bbd48tqvfc1ysmtbdrg000000002kg00000000hddu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:08 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:08 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:08 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005208Z-1657d5bbd48dfrdj7px744zp8s00000002e000000000p149 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:08 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:09 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:09 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005209Z-1657d5bbd48xlwdx82gahegw4000000002xg00000000fs5n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:09 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:09 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:09 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005209Z-1657d5bbd48brl8we3nu8cxwgn00000003500000000026xe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:09 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:09 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:09 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005209Z-1657d5bbd48xdq5dkwwugdpzr0000000030000000000qey1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:09 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:09 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:09 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005209Z-1657d5bbd48vhs7r2p1ky7cs5w0000000340000000005yca x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:09 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:09 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:09 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005209Z-1657d5bbd48brl8we3nu8cxwgn000000032000000000ckyg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:09 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48p2j6x2quer0q02800000002z000000000b08u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:10 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: bfab55ab-401e-0015-6202-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48t66tjar5xuq22r800000002u0000000003zzh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:10 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48762wn1qw4s5sd3000000002qg000000002tby x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:10 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48p2j6x2quer0q02800000002zg0000000088nq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:10 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48cpbzgkvtewk0wu000000002t000000000naem x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:10 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: f196d52c-b01e-0002-1604-171b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48p2j6x2quer0q0280000000320000000000bn4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:10 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48dfrdj7px744zp8s00000002dg00000000qebz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:10 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48p2j6x2quer0q02800000002v000000000squd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:11 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48f7nlxc7n5fnfzh000000002fg0000000025qf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:11 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:10 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:10 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005210Z-1657d5bbd48qjg85buwfdynm5w00000002r000000000vyyg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:11 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:11 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:11 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005211Z-1657d5bbd48sdh4cyzadbb374800000002qg000000000rqy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:11 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:11 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:11 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005211Z-1657d5bbd48qjg85buwfdynm5w00000002u000000000h3xw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:11 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:11 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:11 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:11 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005211Z-1657d5bbd48q6t9vvmrkd293mg00000002u0000000003f6c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:11 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:11 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:11 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005211Z-1657d5bbd48jwrqbupe3ktsx9w00000002ug00000000y2z8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:11 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:11 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:11 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005211Z-1657d5bbd4824mj9d6vp65b6n400000002x000000000n13z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:11 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:12 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:12 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005212Z-1657d5bbd48qjg85buwfdynm5w00000002t000000000ms3w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:12 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:12 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:12 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005212Z-1657d5bbd48lknvp09v995n79000000002eg000000004nee x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:12 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:12 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:12 UTC	564	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:12 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: 6418a561-001e-0082-7453-185880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005212Z-1657d5bbd48q6t9vvmrkd293mg00000002r000000000e9fr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-07 00:52:12 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:12 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:12 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005212Z-1657d5bbd48p2j6x2quer0q0280000000320000000000bqc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:12 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:12 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:12 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005212Z-1657d5bbd48p2j6x2quer0q02800000002y000000000drzx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:12 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:13 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:13 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005213Z-1657d5bbd48vlsxxpe15ac3q7n00000002q000000000fq3v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:13 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:13 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:13 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005213Z-1657d5bbd48762wn1qw4s5sd3000000002pg000000006b46 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:13 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:13 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:13 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005213Z-1657d5bbd48xsz2nuzq4vfrzg800000002r000000000156n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:13 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:13 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:13 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005213Z-1657d5bbd48tnj6wmberkg2xy800000002t000000000nenc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:13 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49876	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:13 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:13 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 76165599-601e-000d-1a02-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005213Z-1657d5bbd4824mj9d6vp65b6n400000002y000000000fspb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:13 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49877	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48tnj6wmberkg2xy800000002v000000000btgt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48f7nlxc7n5fnfzh000000002d000000000a93d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	49880	13.107.246.45	443	796	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48sqtlf1huhzuwq7000000002hg000000006dvs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 6f1c5b1d-901e-0048-485a-17b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48xsz2nuzq4vfrzg800000002gg00000000u25y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 3a04fc40-501e-007b-3b73-175ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48gqrfwecymhhbfm800000001n00000000076c1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd482lxwq1dp2t1zwkc00000002fg00000000fyrv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48f7nlxc7n5fnfzh000000002ag00000000pnq1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48xlwdx82gahegw4000000002u000000000y5tf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 52963dc7-601e-0084-0e74-176b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48gqrfwecymhhbfm800000001q0000000000n1c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:14 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:14 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005214Z-1657d5bbd48brl8we3nu8cxwgn000000030000000000nnzm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:14 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:15 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:15 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: f076ebb2-f01e-001f-3766-175dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005215Z-1657d5bbd48sqtlf1huhzuwq7000000002h0000000008f5c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:15 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:15 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:15 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 31868579-401e-008c-0af2-1686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005215Z-1657d5bbd48jwrqbupe3ktsx9w00000002w000000000rnft x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:15 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:15 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:15 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005215Z-1657d5bbd48762wn1qw4s5sd3000000002m000000000g3kf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:15 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:15 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:15 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005215Z-1657d5bbd48762wn1qw4s5sd3000000002fg00000000zkec x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:15 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:15 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:15 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005215Z-1657d5bbd48xdq5dkwwugdpzr00000000350000000002m90 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:15 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:16 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:16 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005216Z-1657d5bbd48f7nlxc7n5fnfzh000000002f00000000042xe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:16 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:16 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:16 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005216Z-1657d5bbd48lknvp09v995n79000000002eg000000004nqf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:16 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:16 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:16 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005216Z-1657d5bbd48f7nlxc7n5fnfzh000000002f00000000042xf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:16 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:16 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005216Z-1657d5bbd48jwrqbupe3ktsx9w000000031g0000000023fs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:16 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 4d5cca78-701e-0021-6ae5-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005216Z-1657d5bbd48cpbzgkvtewk0wu000000002u000000000f8xh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 76dbcc6a-501e-0035-36ed-16c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48vlsxxpe15ac3q7n00000002u0000000002efv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48t66tjar5xuq22r800000002n000000000tfcr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48q6t9vvmrkd293mg00000002rg00000000cc4f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48cpbzgkvtewk0wu000000002r000000000w3pg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48f7nlxc7n5fnfzh000000002ag00000000pnwd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48f7nlxc7n5fnfzh000000002c000000000fadg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48jwrqbupe3ktsx9w00000002w000000000rnky x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48dfrdj7px744zp8s00000002gg00000000a9vt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48vhs7r2p1ky7cs5w00000002zg00000000pcaz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:17 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005217Z-1657d5bbd48q6t9vvmrkd293mg00000002ug000000001k0s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:18 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:18 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:18 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005218Z-1657d5bbd48vlsxxpe15ac3q7n00000002pg00000000k347 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:18 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49909	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:18 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:18 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005218Z-1657d5bbd48dfrdj7px744zp8s00000002g000000000d08y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:18 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	49910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:18 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:18 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005218Z-1657d5bbd48xlwdx82gahegw4000000002yg00000000c0qa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:18 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49911	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:18 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005218Z-1657d5bbd48dfrdj7px744zp8s00000002dg00000000qf0y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49912	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:18 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:18 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005218Z-1657d5bbd48qjg85buwfdynm5w00000002wg00000000731k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:18 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49913	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:19 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:19 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005219Z-1657d5bbd48lknvp09v995n79000000002c000000000f51m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:19 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49914	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:19 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:19 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005219Z-1657d5bbd482lxwq1dp2t1zwkc00000002gg00000000btmw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:19 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49916	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:19 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:19 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005219Z-1657d5bbd48t66tjar5xuq22r800000002pg00000000ktr4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:19 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49917	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:19 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:19 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005219Z-1657d5bbd48t66tjar5xuq22r800000002u00000000040r8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:19 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49915	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:19 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:19 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005219Z-1657d5bbd48vlsxxpe15ac3q7n00000002q000000000fqc4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:19 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49918	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:20 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:20 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:20 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005220Z-1657d5bbd48wd55zet5pcra0cg00000002mg00000000tr49 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:20 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49919	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:20 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:20 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:20 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: b1fbfe33-a01e-003d-4fd4-1698d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005220Z-1657d5bbd48sdh4cyzadbb374800000002hg00000000kg6t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:20 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49920	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:20 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:20 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:20 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 770fdf22-501e-0035-0d02-17c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005220Z-1657d5bbd48vlsxxpe15ac3q7n00000002u0000000002end x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:20 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49922	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 00:52:20 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 00:52:20 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 00:52:20 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 4543d13f-701e-0050-5a04-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T005220Z-1657d5bbd48xsz2nuzq4vfrzg800000002n000000000c1bz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 00:52:20 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Target ID:	0
Start time:	20:51:05
Start date:	06/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa80000
File size:	919'040 bytes
MD5 hash:	86B442EDECE0F1E7D7F46682A4E6B6A6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xae0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xae0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xae0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xae0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xae0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	20:51:06
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	20:51:08
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	20:51:08
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	20:51:20
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	20:51:20
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1988,i,9782021070937754405,12549086448229880714,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.5%
Total number of Nodes:	1630
Total number of Limit Nodes:	58

Executed Functions

Function 00A842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00A8430D

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

GetCurrentProcess.KERNEL32(?,00B1CB64,00000000,?,?), ref: 00A84422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00A84429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A84454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A84466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00A84474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00A8447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00A844A0

Strings

kernel32.dll, xrefs: 00A8444F
|O, xrefs: 00AC36F8
GetNativeSystemInfo, xrefs: 00A84460

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 2daba40f0f0c45baea59a0b80a4b7fa19e3ffb0d23ab8f6025bdc8844bd563d3
Instruction ID: a12c3e87b76067585a16437cf56908e7bcbcdc7b61620875501a7d32c3e0d904
Opcode Fuzzy Hash: 2daba40f0f0c45baea59a0b80a4b7fa19e3ffb0d23ab8f6025bdc8844bd563d3
Instruction Fuzzy Hash: B1A1A17294A3C0FFDB11D76DBC657957FE46F3A346B088CEDD08197A22DA204908CB29

Function 00A842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00A850AA,?,?,00000000,00000000), ref: 00A842B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A850AA,?,?,00000000,00000000), ref: 00A842C9
LoadResource.KERNEL32(?,00000000,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20), ref: 00AC35BE
SizeofResource.KERNEL32(?,00000000,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20), ref: 00AC35D3
LockResource.KERNEL32(00A850AA,?,?,00A850AA,?,?,00000000,00000000,?,?,?,?,?,?,00A84F20,?), ref: 00AC35E6

Strings

SCRIPT, xrefs: 00A842BF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 85003a10613887bc30d01d000a1da82b790a424821b6cf3e3bfc74526d3fd07f
Instruction ID: 0fcefbf236babf106bca2f7f340c77b995cc1ead9adf08d4614e01a0338017dd
Opcode Fuzzy Hash: 85003a10613887bc30d01d000a1da82b790a424821b6cf3e3bfc74526d3fd07f
Instruction Fuzzy Hash: 20117C75244705BFDB219B65DC48FA77FB9EBC9B55F208169B402D7260EB71D8008A60

Function 00AC2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00A82B6B

Part of subcall function 00A83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B51418,?,00A82E7F,?,?,?,00000000), ref: 00A83A78

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00B42224), ref: 00AC2C10
ShellExecuteW.SHELL32(00000000,?,?,00B42224), ref: 00AC2C17

Strings

runas, xrefs: 00AC2C0B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: acde094dd9ac3a445ea1b35529ee2aca92c0824e3871f04c41441cde9796c78d
Instruction ID: 77275fc940becdd42289214fbc3637cd40777a5e6ff395e1c817d7f5a335feca
Opcode Fuzzy Hash: acde094dd9ac3a445ea1b35529ee2aca92c0824e3871f04c41441cde9796c78d
Instruction Fuzzy Hash: 3A11E6322083016ACB15FF64DA56FBEBBE8EF91741F44186DF082571A3CF218A4AD712

Function 00B0A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00B0A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00B0A6BA

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Process32NextW.KERNEL32(00000000,?), ref: 00B0A79C
CloseHandle.KERNELBASE(00000000), ref: 00B0A7AB

Part of subcall function 00A9CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00AC3303,?), ref: 00A9CE8A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 2082fc9f944e2e1444d1e538cdd4522e50ff4ef95366a4627e1d8f2f9f8a6672
Instruction ID: a30ba309ec37bd2a02fdbf6a6e8c1c2587d784fffce5796201de96cceb5c06c3
Opcode Fuzzy Hash: 2082fc9f944e2e1444d1e538cdd4522e50ff4ef95366a4627e1d8f2f9f8a6672
Instruction Fuzzy Hash: D6518B71508311AFD710EF24C986E6BBBE8FF89754F00892DF589A7291EB30D904CB92

Function 00AEDBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00AC5222), ref: 00AEDBCE
GetFileAttributesW.KERNELBASE(?), ref: 00AEDBDD
FindFirstFileW.KERNEL32(?,?), ref: 00AEDBEE
FindClose.KERNEL32(00000000), ref: 00AEDBFA

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: ebc583692d53de2828b80a8887c1e6cae4008d62c028d13602c76f362428763b
Instruction ID: 9f457b526094b801aab967788bd205d82f2437ab4edaf51a0ff85d90e04e75c6
Opcode Fuzzy Hash: ebc583692d53de2828b80a8887c1e6cae4008d62c028d13602c76f362428763b
Instruction Fuzzy Hash: 4FF0E5308509106782206F7CAC0D8EA3B7C9E81374BA08702F836C30F0EFB05D64C6D6

Function 00AA4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000,?,00AB28E9), ref: 00AA4D09
TerminateProcess.KERNEL32(00000000,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000,?,00AB28E9), ref: 00AA4D10
ExitProcess.KERNEL32 ref: 00AA4D22

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 5bb1b2a17f3a737aeaf9709c3e781c15dbdb48926b48b5d6991c0faa4ee85e77
Instruction ID: 9ea91281e2ee7e79e986bade2b91d73a2fe7e39e4072a9294b2e9e5b09409ae9
Opcode Fuzzy Hash: 5bb1b2a17f3a737aeaf9709c3e781c15dbdb48926b48b5d6991c0faa4ee85e77
Instruction Fuzzy Hash: A9E0B631040148AFCF11AF54EE09A997F69EB86785B508014FD159B162DB75DE52CA84

Function 00B0AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00B0B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B1D4
_wcslen.LIBCMT ref: 00B0B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B0B236
_wcslen.LIBCMT ref: 00B0B332

Part of subcall function 00AF05A7: GetStdHandle.KERNEL32(000000F6), ref: 00AF05C6

_wcslen.LIBCMT ref: 00B0B34B
_wcslen.LIBCMT ref: 00B0B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B0B3B6
GetLastError.KERNEL32(00000000), ref: 00B0B407
CloseHandle.KERNEL32(?), ref: 00B0B439
CloseHandle.KERNEL32(00000000), ref: 00B0B44A
CloseHandle.KERNEL32(00000000), ref: 00B0B45C
CloseHandle.KERNEL32(00000000), ref: 00B0B46E
CloseHandle.KERNEL32(?), ref: 00B0B4E3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 7fc7702cc444a615eaa6980cb0b717cf7f57b8318f61d9f04f135cf38d364687
Instruction ID: 84a75d669de812250ced9dbcf58219384ea78f269fd4cb75ddc08877523f732b
Opcode Fuzzy Hash: 7fc7702cc444a615eaa6980cb0b717cf7f57b8318f61d9f04f135cf38d364687
Instruction Fuzzy Hash: 8DF179316082409FCB14EF24C991F6EBBE5EF85714F18859DF8969B2A2DB31EC40CB52

Function 00A8D730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00A8D807
timeGetTime.WINMM ref: 00A8DA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A8DB28
TranslateMessage.USER32(?), ref: 00A8DB7B
DispatchMessageW.USER32(?), ref: 00A8DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A8DB9F
Sleep.KERNELBASE(0000000A), ref: 00A8DBB1

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 7636c28afd8dff2e40569867f6bb8c346e8396f0ff1d294debea69e2bff7aa58
Instruction ID: 9285d1ac9cbe51205aec4b9fd44bb01f8637e5279b84b84cc65359ee4cfe942d
Opcode Fuzzy Hash: 7636c28afd8dff2e40569867f6bb8c346e8396f0ff1d294debea69e2bff7aa58
Instruction Fuzzy Hash: 5A42B070608341EFDB28EF24C844BAABBF1BF95314F54895AE496873D1DB71E844CB92

Function 00A82CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00A82D07
RegisterClassExW.USER32(00000030), ref: 00A82D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A82D42
InitCommonControlsEx.COMCTL32(?), ref: 00A82D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A82D6F
LoadIconW.USER32(000000A9), ref: 00A82D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A82D94

Strings

+, xrefs: 00A82CF0
TaskbarCreated, xrefs: 00A82D37
AutoIt v3 GUI, xrefs: 00A82D23
0, xrefs: 00A82CE9

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 504febea6c5a04ef5edd32c8cd47d249444efe217b8ebf30bea1df15f7552814
Instruction ID: d8e38f2812a2ba2a49bfd77f8378c0f3c9fcca840cbabab9049218e78158254c
Opcode Fuzzy Hash: 504febea6c5a04ef5edd32c8cd47d249444efe217b8ebf30bea1df15f7552814
Instruction Fuzzy Hash: 6D21E2B5941308AFDB01DFA8EC49BDDBFB8FB08701F00855AE511A72A0DBB14A408F94

Function 00AC065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00AC039A: CreateFileW.KERNELBASE(00000000,00000000,?,00AC0704,?,?,00000000,?,00AC0704,00000000,0000000C), ref: 00AC03B7

GetLastError.KERNEL32 ref: 00AC076F
__dosmaperr.LIBCMT ref: 00AC0776
GetFileType.KERNELBASE(00000000), ref: 00AC0782
GetLastError.KERNEL32 ref: 00AC078C
__dosmaperr.LIBCMT ref: 00AC0795
CloseHandle.KERNEL32(00000000), ref: 00AC07B5
CloseHandle.KERNEL32(?), ref: 00AC08FF
GetLastError.KERNEL32 ref: 00AC0931
__dosmaperr.LIBCMT ref: 00AC0938

Strings

H, xrefs: 00AC08BD

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 44da0d9f7eb6bddf88f4bd1263be9cf9bee0ff5170a668ded8b81303be7eb903
Instruction ID: 6e6d6cee9604562667a8f03f2b8962965b9ab54e18f9f9ebf7e6893b9190babe
Opcode Fuzzy Hash: 44da0d9f7eb6bddf88f4bd1263be9cf9bee0ff5170a668ded8b81303be7eb903
Instruction Fuzzy Hash: 4CA11332A14608CFDF19AF68D851FAE7BA0AB0A320F15415DF815AF3D2DB359D12CB91

Function 00A8344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A83A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B51418,?,00A82E7F,?,?,?,00000000), ref: 00A83A78

Part of subcall function 00A83357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A83379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A8356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00AC318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00AC31CE
RegCloseKey.ADVAPI32(?), ref: 00AC3210
_wcslen.LIBCMT ref: 00AC3277
_wcslen.LIBCMT ref: 00AC3286

Strings

Software\AutoIt v3\AutoIt, xrefs: 00A83560
\, xrefs: 00AC328C
Include, xrefs: 00AC3184, 00AC31C5
\Include\, xrefs: 00A83527

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 3ca0258fb77be5eee2a87063fa2eba8a11f51ab58b39ca4430bdb9215e945803
Instruction ID: 4171e989bc7f7dde88da8843430b5b2870a5c10daa931c9bf056b65294f3a303
Opcode Fuzzy Hash: 3ca0258fb77be5eee2a87063fa2eba8a11f51ab58b39ca4430bdb9215e945803
Instruction Fuzzy Hash: CF71C0724093019ED704EF65DD82EABBBE8FF9A740F80446EF545931B0EB309A48CB56

Function 00A82B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00A82B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00A82B9D
LoadIconW.USER32(00000063), ref: 00A82BB3
LoadIconW.USER32(000000A4), ref: 00A82BC5
LoadIconW.USER32(000000A2), ref: 00A82BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A82BEF
RegisterClassExW.USER32(?), ref: 00A82C40

Part of subcall function 00A82CD4: GetSysColorBrush.USER32(0000000F), ref: 00A82D07
Part of subcall function 00A82CD4: RegisterClassExW.USER32(00000030), ref: 00A82D31
Part of subcall function 00A82CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A82D42
Part of subcall function 00A82CD4: InitCommonControlsEx.COMCTL32(?), ref: 00A82D5F
Part of subcall function 00A82CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A82D6F
Part of subcall function 00A82CD4: LoadIconW.USER32(000000A9), ref: 00A82D85
Part of subcall function 00A82CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A82D94

Strings

AutoIt v3, xrefs: 00A82C2F
0, xrefs: 00A82C0F
#, xrefs: 00A82C16

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: d7f64807fe60971398ed0aba6b74f68be2dc469206431c2d37ca88c87158b472
Instruction ID: 54526442a090729edbbcc61b396d3b91548e50ad8275af774ee989adf1f81d2f
Opcode Fuzzy Hash: d7f64807fe60971398ed0aba6b74f68be2dc469206431c2d37ca88c87158b472
Instruction Fuzzy Hash: C4212C75E40314BBDB10DFA9EC65BA97FB4FB48B51F00459AE500A76A0DBB14940CF98

Function 00A83170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A8316A,?,?), ref: 00A831D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00A8316A,?,?), ref: 00A83204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A83227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A8316A,?,?), ref: 00A83232
CreatePopupMenu.USER32 ref: 00A83246
PostQuitMessage.USER32(00000000), ref: 00A83267

Strings

TaskbarCreated, xrefs: 00A8322D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 33c18494d445df9e494200de268b79de4644cb3adba58965af3a9432c1f5a6d0
Instruction ID: 9b0149b6478a09dd753a8d20c413d155d5059194fc730feed1608fcc10f2b3bf
Opcode Fuzzy Hash: 33c18494d445df9e494200de268b79de4644cb3adba58965af3a9432c1f5a6d0
Instruction Fuzzy Hash: 6E412533240204AADF157F7C9D1DBBD3E69EB15F01F0446A9FA02872E1EFA19E418B61

Function 00A81410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A81459
CoUninitialize.COMBASE ref: 00A814F8
UnregisterHotKey.USER32(?), ref: 00A816DD
DestroyWindow.USER32(?), ref: 00AC24B9
FreeLibrary.KERNEL32(?), ref: 00AC251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00AC254B

Strings

close all, xrefs: 00A81454

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 6f43d49d8b27856b5f5105b09179bb5d33f972158c1d5b41ef1c13ba89febb30
Instruction ID: 42f2b75d863bb9aefb37cdfdd6617b3fd0d6a239fd7d1a5c799e6a494b5c37f7
Opcode Fuzzy Hash: 6f43d49d8b27856b5f5105b09179bb5d33f972158c1d5b41ef1c13ba89febb30
Instruction Fuzzy Hash: 5AD147317012128FDB29EF15CA99F69F7A4BF05700F2542ADE44AAB261DB30AD13CF91

Function 00A82C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A82C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A82CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00A81CAD,?), ref: 00A82CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00A81CAD,?), ref: 00A82CCF

Strings

edit, xrefs: 00A82CAC
AutoIt v3, xrefs: 00A82C89, 00A82C8E, 00A82C8F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: bf50a22d434c1d8f88b70657125570ebf30489f6c666d950fcd335ac5d8bb63f
Instruction ID: 8528698cb382afb30aa0f3d6e6dbde41c8832322707d82442e96f1870251e032
Opcode Fuzzy Hash: bf50a22d434c1d8f88b70657125570ebf30489f6c666d950fcd335ac5d8bb63f
Instruction Fuzzy Hash: 68F03A755803907AEB310B1BAC18FB72EBDD7C6F61F01449AF900A31B0CA610840DAB8

Function 00A83B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00A83B0F,SwapMouseButtons,00000004,?), ref: 00A83B83

Strings

Control Panel\Mouse, xrefs: 00A83B3E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 148d19427e73264f1114dbdda428912a4c5d2e0bfb974549c12ca7f7d289ec99
Instruction ID: 361b2ea40ddbd2c0bdd26b0bea4f9cfc8d8bbc5217ac4b3ea8ac4c131837ca48
Opcode Fuzzy Hash: 148d19427e73264f1114dbdda428912a4c5d2e0bfb974549c12ca7f7d289ec99
Instruction Fuzzy Hash: AE112AB6510208FFDF21DFA5DC48AEEBBB8EF04B84B108459A806D7110E6719F409760

Function 00A83923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00AC33A2

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A83A04

Strings

Line: , xrefs: 00AC33EB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: d043f14bb0d7be4e81a1cebde926df53bce52c2d425dff2c99b1ecb1f06e92c7
Instruction ID: 1d9184d3b820dbe5e820ba810f4b5c3302222c4d65204b057a2426f1375e4262
Opcode Fuzzy Hash: d043f14bb0d7be4e81a1cebde926df53bce52c2d425dff2c99b1ecb1f06e92c7
Instruction Fuzzy Hash: 5D31CF72408300AADB25FB24DC55BEBB7E8AB40B10F00496EF59A97191EF709A49C7C6

Function 00A9FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00AA0668

Part of subcall function 00AA32A4: RaiseException.KERNEL32(?,?,?,00AA068A,?,00B51444,?,?,?,?,?,?,00AA068A,00A81129,00B48738,00A81129), ref: 00AA3304

__CxxThrowException@8.LIBVCRUNTIME ref: 00AA0685

Strings

Unknown exception, xrefs: 00AA0692

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 548fe742a9dbf0c7a0897a1bd2c3eebed39ad751fb1ad7e37c63cbf756e48b8b
Instruction ID: 6c6003fee8d07ef2c1664903574ff9d568f2106e6c024a855b707f42aacf11cf
Opcode Fuzzy Hash: 548fe742a9dbf0c7a0897a1bd2c3eebed39ad751fb1ad7e37c63cbf756e48b8b
Instruction Fuzzy Hash: 56F0C234A0020D7B8F00B7A4D946DAE77AC5E42358B604171B814D75E1EFB1EB69C5C0

Function 00A810F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A81BF4
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A81BFC
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A81C07
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A81C12
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A81C1A
Part of subcall function 00A81BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A81C22

Part of subcall function 00A81B4A: RegisterWindowMessageW.USER32(00000004,?,00A812C4), ref: 00A81BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A8136A
OleInitialize.OLE32 ref: 00A81388
CloseHandle.KERNEL32(00000000,00000000), ref: 00AC24AB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: a4137cd03fefac0c8f3cbd276562f7e815aa6cb6189caf7d701ebf479c50db77
Instruction ID: 0c6c20a70c9c906960dedff233462016d040db3903a9d540716ea9b5d35e0570
Opcode Fuzzy Hash: a4137cd03fefac0c8f3cbd276562f7e815aa6cb6189caf7d701ebf479c50db77
Instruction Fuzzy Hash: 9C71B6B59023008ED785EF7DBA457A53AE4BBA83867548EEAD41AC7361FF304885CF50

Function 00AEC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A83A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00AEC259
KillTimer.USER32(?,00000001,?,?), ref: 00AEC261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AEC270

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: de86bf545dfab11a608d1b97e1cea2f833eb61513923be0e1f050f0ff208a1b3
Instruction ID: ce7f237684f6463f448543216748aec29aa9c1d8523436476f6d771ece699384
Opcode Fuzzy Hash: de86bf545dfab11a608d1b97e1cea2f833eb61513923be0e1f050f0ff208a1b3
Instruction Fuzzy Hash: 3031D570904384AFEB32AF758855BEBBBFC9F06314F00449EE2DA97241C7745A86CB51

Function 00AB86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00AB85CC,?,00B48CC8,0000000C), ref: 00AB8704
GetLastError.KERNEL32(?,00AB85CC,?,00B48CC8,0000000C), ref: 00AB870E
__dosmaperr.LIBCMT ref: 00AB8739

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 299b072e0650dbac25d41e5f2659b23fbe58cf6c4931d76a04147778d4b27163
Instruction ID: b62a99bbf24d58527a8fe573d6f09779fcaad0f927a05f5d1d45a97ae0688036
Opcode Fuzzy Hash: 299b072e0650dbac25d41e5f2659b23fbe58cf6c4931d76a04147778d4b27163
Instruction Fuzzy Hash: 6A014E32A0572026D664733CA9557FE6B9D4B92778F390159F8148F1D3DEB8CC81D150

Function 00A8DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00A8DB7B
DispatchMessageW.USER32(?), ref: 00A8DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A8DB9F
Sleep.KERNELBASE(0000000A), ref: 00A8DBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00AD1CC9

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 532381368b20759fbc6d05a6ec66bc7410ac4042e9b18cb7237c19efa933bfb5
Instruction ID: 2d122ac9e5dd2bba04406a4d8872e69f75ce5623849c35a9d8c58cdbb2af5f10
Opcode Fuzzy Hash: 532381368b20759fbc6d05a6ec66bc7410ac4042e9b18cb7237c19efa933bfb5
Instruction Fuzzy Hash: 7BF05E306443409BEB30DB608C49FEA77A9EB45311F508919E65A830C0DF7098488B25

Function 00A91310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00A917F6

Strings

CALL, xrefs: 00A917C6

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 363cc4c46b67d86bd052997b67432d3a44f126241fc410e27db93737dca169cb
Instruction ID: 4debb884a98a4e51ae94e70994ae7b005391f74b850ff663eeddb282c6023a84
Opcode Fuzzy Hash: 363cc4c46b67d86bd052997b67432d3a44f126241fc410e27db93737dca169cb
Instruction Fuzzy Hash: 6C228BB46083029FCB14DF14C584B2ABBF1BF89314F29895DF5968B3A2D731E945CB92

Function 00A82DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00AC2C8C

Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2

Part of subcall function 00A82DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A82DC4

Strings

X, xrefs: 00AC2C5A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 1fc35abb5930b04289a46070919c3417fec31fcc686c8c2664dceb735db7c33b
Instruction ID: 58a730e53c2986fa6dacd10e5caa5d173b8820fdceba1fdf916e44cbb634ab3f
Opcode Fuzzy Hash: 1fc35abb5930b04289a46070919c3417fec31fcc686c8c2664dceb735db7c33b
Instruction Fuzzy Hash: F021B771A002589FDF01EF94C949BEE7BFCAF49715F008059E405B7241DBB45A898FA1

Function 00A83837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A83908

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 5f51b6139bddc1288164ebce9e8d5268362626f8cfd22a46c5f1e999caa8f299
Instruction ID: d3945723bd1b4a6c517635ae33e366bb7befa1b8834c6eb82645ef614a0ee4bb
Opcode Fuzzy Hash: 5f51b6139bddc1288164ebce9e8d5268362626f8cfd22a46c5f1e999caa8f299
Instruction Fuzzy Hash: DE3193715043019FDB20EF24D894797BBE4FB49709F00096EF59987250EB71AA44CB52

Function 00A9F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00A9F661

Part of subcall function 00A8D730: GetInputState.USER32 ref: 00A8D807

Sleep.KERNEL32(00000000), ref: 00ADF2DE

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 1252358bc7003941cf336eab2a456d0f6e38ebdde1d2ad200ff403fd39da929f
Instruction ID: 25ab10f43cad830e668693b51d421d2dc2a17f265661ef3880d331c36ea51415
Opcode Fuzzy Hash: 1252358bc7003941cf336eab2a456d0f6e38ebdde1d2ad200ff403fd39da929f
Instruction Fuzzy Hash: 7BF082712803059FD314FF65D545B9ABBE4EF45760F004029E85AC73A1DB70A800CB90

Function 00A8B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00A8BB4E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 85f7d678ea5678c9868280b80a993fc580baeb6a71313f14d573fb1485649781
Instruction ID: 67d1596d4480087d191de2c349764e16a96255bdd43d0a00e6f755b58ba38a9a
Opcode Fuzzy Hash: 85f7d678ea5678c9868280b80a993fc580baeb6a71313f14d573fb1485649781
Instruction Fuzzy Hash: F832AB34A002099FDB24EF54C894FBEB7B9EF45340F18809AE916AB361D774ED41CBA1

Function 00A84ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A84E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E9C
Part of subcall function 00A84E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A84EAE
Part of subcall function 00A84E90: FreeLibrary.KERNEL32(00000000,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EFD

Part of subcall function 00A84E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E62
Part of subcall function 00A84E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A84E74
Part of subcall function 00A84E59: FreeLibrary.KERNEL32(00000000,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E87

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: f936b5ab68e8235e9745e8c89b56583751af2a5be0fcc924dc47e68579162d5c
Instruction ID: 5a8df62306b267249aa0ab9d9c43d4dfddee8159d0fe6ccf55c420d43da0ca0c
Opcode Fuzzy Hash: f936b5ab68e8235e9745e8c89b56583751af2a5be0fcc924dc47e68579162d5c
Instruction Fuzzy Hash: 8B11E332600206AACF14FF70DE02FED77A5AF48B14F20842EF642A61D1EE709E459B90

Function 00AB8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00AB8440

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: cb9d16bfaefe56ca91b4ce430b0448bf34a4900a5faadc3b1034f3fe3c0e7357
Instruction ID: 2c065155f934ae03b318901469a2de5f674d7456fcb1080a86ed429e3a6202e1
Opcode Fuzzy Hash: cb9d16bfaefe56ca91b4ce430b0448bf34a4900a5faadc3b1034f3fe3c0e7357
Instruction Fuzzy Hash: 9B11187590420AAFCF05DF58E941ADA7BF9EF48314F114199FC08AB312DA31DA11CBA5

Function 00AB5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00AB4C7D: RtlAllocateHeap.NTDLL(00000008,00A81129,00000000,?,00AB2E29,00000001,00000364,?,?,?,00AAF2DE,00AB3863,00B51444,?,00A9FDF5,?), ref: 00AB4CBE

_free.LIBCMT ref: 00AB506C

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: c8e7dcaf21eb0d827b6ea6d2929e0235ee3f89299a7351171537db92ebd8601e
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: 0A0149726047056FE3319F65D881ADAFBECFB89370F25052DE184832C2EA30A905C7B4

Function 00B129BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,00B114B5,?), ref: 00B12A01

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 1203ff758a2badfeb36dd41635d1bf5c760bae75d7f83d4c70129d931961ae8f
Instruction ID: 67aa28cc21d77dd34d6e614707fad01c9280eb3fe801809fc021c91efc2c38d5
Opcode Fuzzy Hash: 1203ff758a2badfeb36dd41635d1bf5c760bae75d7f83d4c70129d931961ae8f
Instruction Fuzzy Hash: EF019E36350A419FD3258B6CC494BA23BD2EF85354FA984A8C0478B251DB32EC92C7A0

Function 00AAE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 5c720be89bbabe7fa1cdbdf1bbe034fe030e169de2f175af08e4c741acb0de7d
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 3DF0F432511A10AAD6317B698E05B9A739C9F53330F100F1AF425931D3DB74D80586A5

Function 00AB4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00A81129,00000000,?,00AB2E29,00000001,00000364,?,?,?,00AAF2DE,00AB3863,00B51444,?,00A9FDF5,?), ref: 00AB4CBE

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b4027969909b799f02409888a5c1918f98d9eeb6e9087febe266085ba1a746f9
Instruction ID: 2a13cc43aff9c2ed5cad346139aef5b3bc9f3a5b41f95fa960d41f7c8411e908
Opcode Fuzzy Hash: b4027969909b799f02409888a5c1918f98d9eeb6e9087febe266085ba1a746f9
Instruction Fuzzy Hash: 10F0B43164632466DB215F669D05BDA3F9CAF8BFA1B144121F919A71C3CB71DC1046E0

Function 00AB3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0aec889a6b9f3c72acd47269aaa1ab68b9e5b3ae521b2c47b0c8e5569108ff6c
Instruction ID: 3fce964ddd8493587830abb293876afe77533f575295570838016d861941c32e
Opcode Fuzzy Hash: 0aec889a6b9f3c72acd47269aaa1ab68b9e5b3ae521b2c47b0c8e5569108ff6c
Instruction Fuzzy Hash: AEE0A0331423246ADE212BFA9D00BDA365CAB827B0F160021BC04934D2DB509D0181E2

Function 00A84F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84F6D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 9c96fc223ef94cc3b11c5fb8a728f0f37be2fc7ae0e447c01174fcda7ceb6ea0
Instruction ID: 0ca0cee64526943acd640547917ef84d0493d2687fead791ffe23d9f852ed2fa
Opcode Fuzzy Hash: 9c96fc223ef94cc3b11c5fb8a728f0f37be2fc7ae0e447c01174fcda7ceb6ea0
Instruction Fuzzy Hash: 58F03971105752CFDB34AF64D590822BBF4BF187293258A7EE2EA83621CB319C44DF10

Function 00B12A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00B12A66

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 02e25c0b6ad95ae7cafde8bcd6894ed507e6e6b1cf8d69f1dad70af69c22664f
Instruction ID: 743c129c650ea516b4bbc2e4c7f69103f9dea92e33dd7f6cae489d60006be3c5
Opcode Fuzzy Hash: 02e25c0b6ad95ae7cafde8bcd6894ed507e6e6b1cf8d69f1dad70af69c22664f
Instruction Fuzzy Hash: 4CE04F363A011AAACB14EB31DCC48FA779CEF55395750457ABC16C3100DB30A9A586A0

Function 00A830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A8314E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 3a8c518591d812c2fe3cfb3f74b9f7a48e7d5087baba076fa8f6f3e5d41240d3
Instruction ID: fc0d8fa4b39032ca15a5b506a5978329eea1e987c8e48436dda56af65649558c
Opcode Fuzzy Hash: 3a8c518591d812c2fe3cfb3f74b9f7a48e7d5087baba076fa8f6f3e5d41240d3
Instruction Fuzzy Hash: D5F03070914318AFEB529B28DC4A7DA7BBCAB01708F0005E9A68897292DB745B89CF55

Function 00A82DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A82DC4

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: ea94aa46a1f3da6d77362688306c5342cfe30d907f9202d6fb3661b0534c8ecc
Instruction ID: dc883996c23a11785ed340b6d548cef69ecc23eeec340073b971e92afbb7fd81
Opcode Fuzzy Hash: ea94aa46a1f3da6d77362688306c5342cfe30d907f9202d6fb3661b0534c8ecc
Instruction Fuzzy Hash: 2EE0C272A002245BCB20A6989C0AFEA77EDDFC8794F0540B6FD09E7248DA70ED808690

Function 00A82B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00A83837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A83908

Part of subcall function 00A8D730: GetInputState.USER32 ref: 00A8D807

SetCurrentDirectoryW.KERNEL32(?), ref: 00A82B6B

Part of subcall function 00A830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A8314E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 1965a6841f35da200d937a17d9fcf6a2b4bb73988a08b83b65120c3855cc7259
Instruction ID: ee4ed1403ae1cbdda77576167731a2d719a7774724a9e0a37059b7efbeec7c09
Opcode Fuzzy Hash: 1965a6841f35da200d937a17d9fcf6a2b4bb73988a08b83b65120c3855cc7259
Instruction Fuzzy Hash: B2E0863370424406CE04BB74AA566BDA7599BD1756F40197EF542472A2CE2449494752

Function 00AC039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00AC0704,?,?,00000000,?,00AC0704,00000000,0000000C), ref: 00AC03B7

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b776737d84c988da700726b8a564ee3827695a029b094eb2d6f945b055fef015
Instruction ID: b8d9eef3d3a76fbbd67537f88c4555b729ddf64e3224afe741e551ec1f067939
Opcode Fuzzy Hash: b776737d84c988da700726b8a564ee3827695a029b094eb2d6f945b055fef015
Instruction Fuzzy Hash: FFD06C3208010DBBDF028F84DD06EDA3FAAFB48714F018000BE18A6020C732E831AB90

Function 00A81CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00A81CBC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 4f2b0f2ea3f7cef68d2ae65e25af08b6b3f84da139c69aeafe108f947fabd59c
Instruction ID: 896f58e01bf12f7d65285ee406927c5d629dfadd85666f3ef4bce10debaf113c
Opcode Fuzzy Hash: 4f2b0f2ea3f7cef68d2ae65e25af08b6b3f84da139c69aeafe108f947fabd59c
Instruction Fuzzy Hash: 79C092362C1304AFF2158B84BC5BF507B65A368B02F448841FA09AB5F3DBA22820EA54

Non-executed Functions

Function 00B19576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00B1961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B1965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00B1969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B196C9
SendMessageW.USER32 ref: 00B196F2
GetKeyState.USER32(00000011), ref: 00B1978B
GetKeyState.USER32(00000009), ref: 00B19798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B197AE
GetKeyState.USER32(00000010), ref: 00B197B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B197E9
SendMessageW.USER32 ref: 00B19810
SendMessageW.USER32(?,00001030,?,00B17E95), ref: 00B19918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00B1992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00B19941
SetCapture.USER32(?), ref: 00B1994A
ClientToScreen.USER32(?,?), ref: 00B199AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00B199BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B199D6
ReleaseCapture.USER32 ref: 00B199E1
GetCursorPos.USER32(?), ref: 00B19A19
ScreenToClient.USER32(?,?), ref: 00B19A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00B19A80
SendMessageW.USER32 ref: 00B19AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00B19AEB
SendMessageW.USER32 ref: 00B19B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00B19B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00B19B4A
GetCursorPos.USER32(?), ref: 00B19B68
ScreenToClient.USER32(?,?), ref: 00B19B75
GetParent.USER32(?), ref: 00B19B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00B19BFA
SendMessageW.USER32 ref: 00B19C2B
ClientToScreen.USER32(?,?), ref: 00B19C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B19CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00B19CDE
SendMessageW.USER32 ref: 00B19D01
ClientToScreen.USER32(?,?), ref: 00B19D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00B19D82

Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952

GetWindowLongW.USER32(?,000000F0), ref: 00B19E05

Strings

F, xrefs: 00B19D07
@GUI_DRAGID, xrefs: 00B1997D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 3866d577d0f1ff954937800a6b954fd7da64b38b6ab993bae16e650ad8da3f46
Instruction ID: f75a0bb681a6c8f04a267088a8e453b4697d732d0f7b81e759a8ffa1cd1e6a82
Opcode Fuzzy Hash: 3866d577d0f1ff954937800a6b954fd7da64b38b6ab993bae16e650ad8da3f46
Instruction Fuzzy Hash: A9428F71204281EFD724CF28CC54BEABBE5FF89310F544AA9F595872A1DB319C94CB51

Function 00B14873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00B148F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00B14908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00B14927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00B1494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00B1495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00B1497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00B149AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00B149D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00B14A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B14A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B14A7E
IsMenu.USER32(?), ref: 00B14A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B14AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B14B20
GetWindowLongW.USER32(?,000000F0), ref: 00B14B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00B14BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00B14C82
wsprintfW.USER32 ref: 00B14CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B14CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00B14CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00B14D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B14D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00B14D5A

Strings

%d/%02d/%02d, xrefs: 00B14CA8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 1af160657e7a5c0f4b68de4df2eff3514680c37979a76d7cb2e4648fcb8c4c9f
Instruction ID: 1622c0225e5d3a54343e3b479537721362b75bd8010a1413382bde88818bf174
Opcode Fuzzy Hash: 1af160657e7a5c0f4b68de4df2eff3514680c37979a76d7cb2e4648fcb8c4c9f
Instruction Fuzzy Hash: BE12BB71640214AFEB248F28CC89FEE7BE8EF45710F5441A9F51AEB2A1DB749981CB50

Function 00A9F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A9F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00ADF474
IsIconic.USER32(00000000), ref: 00ADF47D
ShowWindow.USER32(00000000,00000009), ref: 00ADF48A
SetForegroundWindow.USER32(00000000), ref: 00ADF494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00ADF4AA
GetCurrentThreadId.KERNEL32 ref: 00ADF4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00ADF4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00ADF4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00ADF4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00ADF4DE
SetForegroundWindow.USER32(00000000), ref: 00ADF4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF4F6
keybd_event.USER32(00000012,00000000), ref: 00ADF501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF50B
keybd_event.USER32(00000012,00000000), ref: 00ADF510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF519
keybd_event.USER32(00000012,00000000), ref: 00ADF51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00ADF528
keybd_event.USER32(00000012,00000000), ref: 00ADF52D
SetForegroundWindow.USER32(00000000), ref: 00ADF530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00ADF557

Strings

Shell_TrayWnd, xrefs: 00ADF46F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: cdf5eeaa24ae4d422551c607b9086bc818a39103724c9c4e71df259906ca73b2
Instruction ID: c99001258ad5bb2b62d7ed78150cad3b029e570d632f910afa8f94cfde8ed0a4
Opcode Fuzzy Hash: cdf5eeaa24ae4d422551c607b9086bc818a39103724c9c4e71df259906ca73b2
Instruction Fuzzy Hash: D2314371A80318BFEB216BB55C4AFBF7E6DEB44B50F504066FA02E71D1CBB15D00AA60

Function 00AE1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00AE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
Part of subcall function 00AE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
Part of subcall function 00AE16C3: GetLastError.KERNEL32 ref: 00AE174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00AE1286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00AE12A8
CloseHandle.KERNEL32(?), ref: 00AE12B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00AE12D1
GetProcessWindowStation.USER32 ref: 00AE12EA
SetProcessWindowStation.USER32(00000000), ref: 00AE12F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00AE1310

Part of subcall function 00AE10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AE11FC), ref: 00AE10D4
Part of subcall function 00AE10BF: CloseHandle.KERNEL32(?,?,00AE11FC), ref: 00AE10E9

Strings

, xrefs: 00AE125A
winsta0, xrefs: 00AE12CC
default, xrefs: 00AE130B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 9fb00876ce6bbd3a74c7126db11ed938893fb9962e45c4f654ced4797dd83ede
Instruction ID: 5d4cbb71dcbaec49513a16278a315e0ddb304006866b55c26275bbea0534c9c8
Opcode Fuzzy Hash: 9fb00876ce6bbd3a74c7126db11ed938893fb9962e45c4f654ced4797dd83ede
Instruction Fuzzy Hash: 0581A0B1A40299AFDF219FA5DD49FEE7FB9EF04704F148129F911A72A0DB708954CB20

Function 00AE0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
Part of subcall function 00AE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
Part of subcall function 00AE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
Part of subcall function 00AE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AE0BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AE0C00
GetLengthSid.ADVAPI32(?), ref: 00AE0C17
GetAce.ADVAPI32(?,00000000,?), ref: 00AE0C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AE0C6D
GetLengthSid.ADVAPI32(?), ref: 00AE0C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00AE0C8C
HeapAlloc.KERNEL32(00000000), ref: 00AE0C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AE0CB4
CopySid.ADVAPI32(00000000), ref: 00AE0CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AE0CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AE0D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AE0D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D45
HeapFree.KERNEL32(00000000), ref: 00AE0D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D55
HeapFree.KERNEL32(00000000), ref: 00AE0D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0D65
HeapFree.KERNEL32(00000000), ref: 00AE0D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00AE0D78
HeapFree.KERNEL32(00000000), ref: 00AE0D7F

Part of subcall function 00AE1193: GetProcessHeap.KERNEL32(00000008,00AE0BB1,?,00000000,?,00AE0BB1,?), ref: 00AE11A1
Part of subcall function 00AE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00AE0BB1,?), ref: 00AE11A8
Part of subcall function 00AE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00AE0BB1,?), ref: 00AE11B7

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 0a6519f26cdedf87c125d92ea647da77c897df16680e61e79d0fc460b81d1c97
Instruction ID: c29a2b3d2f78f0dda76b0ccf5bd91b40ceb7d7517ae2e483afc2710b6248f80c
Opcode Fuzzy Hash: 0a6519f26cdedf87c125d92ea647da77c897df16680e61e79d0fc460b81d1c97
Instruction Fuzzy Hash: 23715C7294024AEBDF10DFA5DC88FEEBBB8FF08300F148515E915A7191DBB5AA45CB60

Function 00AFEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00B1CC08), ref: 00AFEB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00AFEB37
GetClipboardData.USER32(0000000D), ref: 00AFEB43
CloseClipboard.USER32 ref: 00AFEB4F
GlobalLock.KERNEL32(00000000), ref: 00AFEB87
CloseClipboard.USER32 ref: 00AFEB91
GlobalUnlock.KERNEL32(00000000), ref: 00AFEBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00AFEBC9
GetClipboardData.USER32(00000001), ref: 00AFEBD1
GlobalLock.KERNEL32(00000000), ref: 00AFEBE2
GlobalUnlock.KERNEL32(00000000), ref: 00AFEC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00AFEC38
GetClipboardData.USER32(0000000F), ref: 00AFEC44
GlobalLock.KERNEL32(00000000), ref: 00AFEC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00AFEC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00AFEC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00AFECD2
GlobalUnlock.KERNEL32(00000000), ref: 00AFECF3
CountClipboardFormats.USER32 ref: 00AFED14
CloseClipboard.USER32 ref: 00AFED59

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 61213cf9bfa17d5f22bba42af2de622772183f134fc391e5bcf9384712aac4a9
Instruction ID: 65eca84ac2b1f306c65b8878b438251491c362fc5de42e0834144c4ea3ce4857
Opcode Fuzzy Hash: 61213cf9bfa17d5f22bba42af2de622772183f134fc391e5bcf9384712aac4a9
Instruction Fuzzy Hash: 8761BC34244205AFD310EFA4C888FBA7BA4AF84704F488559F596972A2DF31DD06CBA2

Function 00AF698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00AF69BE
FindClose.KERNEL32(00000000), ref: 00AF6A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AF6A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AF6A75

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00AF6AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00AF6ADF

Strings

%4d, xrefs: 00AF6BB1
%4d%02d%02d%02d%02d%02d, xrefs: 00AF6B6A
%03d, xrefs: 00AF6DA2
%02d, xrefs: 00AF6C00, 00AF6C0A, 00AF6C5A, 00AF6CAA, 00AF6CFA, 00AF6D4A
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00AF6B32

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 03bce68515b9d767fb44ef4151beda1e36e693f5189286deaa4d904197ef0f93
Instruction ID: 0093f9f673340a60752115da354e22f2e5807072404a167676b0d3663c19d43a
Opcode Fuzzy Hash: 03bce68515b9d767fb44ef4151beda1e36e693f5189286deaa4d904197ef0f93
Instruction Fuzzy Hash: DAD13DB2508304AFC714EBA4C982EBBB7ECAF98704F44491DF685D7191EB74DA44CB62

Function 00AF9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00AF9663
GetFileAttributesW.KERNEL32(?), ref: 00AF96A1
SetFileAttributesW.KERNEL32(?,?), ref: 00AF96BB
FindNextFileW.KERNEL32(00000000,?), ref: 00AF96D3
FindClose.KERNEL32(00000000), ref: 00AF96DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00AF96FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF974A
SetCurrentDirectoryW.KERNEL32(00B46B7C), ref: 00AF9768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AF9772
FindClose.KERNEL32(00000000), ref: 00AF977F
FindClose.KERNEL32(00000000), ref: 00AF978F

Strings

*.*, xrefs: 00AF96F5

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: a9cfb5805ae896988455e6bd8094d7331c686cd179c2810adc18969c4a9f8894
Instruction ID: 11d4a5826fd1e9724d2e095fe0442cc07d55f1f7bea7e66dc8dc90fcf03e5d77
Opcode Fuzzy Hash: a9cfb5805ae896988455e6bd8094d7331c686cd179c2810adc18969c4a9f8894
Instruction Fuzzy Hash: AB31A23254021D6BDB14AFF4EC49BEF7BAC9F09321F508195FA15E30A0DB74DE448A54

Function 00AF979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00AF97BE
FindNextFileW.KERNEL32(00000000,?), ref: 00AF9819
FindClose.KERNEL32(00000000), ref: 00AF9824
FindFirstFileW.KERNEL32(*.*,?), ref: 00AF9840
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF9890
SetCurrentDirectoryW.KERNEL32(00B46B7C), ref: 00AF98AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AF98B8
FindClose.KERNEL32(00000000), ref: 00AF98C5
FindClose.KERNEL32(00000000), ref: 00AF98D5

Part of subcall function 00AEDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00AEDB00

Strings

*.*, xrefs: 00AF983B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 09ce8a1625d62c58f1ac1851d5b743f652b012de5517657bd785fa251ab5e530
Instruction ID: 36ca15ffe86da62074de78293d6bbdf106d1f098afa0aef23a14294c0f6bc2d4
Opcode Fuzzy Hash: 09ce8a1625d62c58f1ac1851d5b743f652b012de5517657bd785fa251ab5e530
Instruction Fuzzy Hash: D831C33254021D6ADB14AFF4EC49BEF7BACDF06360F108195F954A31E0DB70DE848AA4

Function 00B0BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00B0BFA9
RegCloseKey.ADVAPI32(00000000), ref: 00B0BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00B0C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00B0C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B0C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B0C382
RegCloseKey.ADVAPI32(00000000), ref: 00B0C38F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: 28947d4787c5738a90f9964365a1747e7b0ddb2bbd175626c73bb3500969f365
Instruction ID: ad52027597cc51c446224256ad45da65a8f745b7090da2df40bf37fe4fabfe1b
Opcode Fuzzy Hash: 28947d4787c5738a90f9964365a1747e7b0ddb2bbd175626c73bb3500969f365
Instruction Fuzzy Hash: 9B025D716042009FD714DF28C995E2ABBE5EF89318F18C59DF84ADB2A2DB31EC45CB52

Function 00AF8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00AF8257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00AF8267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00AF8273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AF8310
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8324
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AF838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8395

Strings

*.*, xrefs: 00AF839B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 6bcbbe268e0b1ce39d3d4e4b2a5395bfd85a6e0149ce47cab6c67746e537fb95
Instruction ID: 32051b9cfd1a9c4e8bd9f59beef77782e6ad2a027ac8bacbc800ef5eb93e65ce
Opcode Fuzzy Hash: 6bcbbe268e0b1ce39d3d4e4b2a5395bfd85a6e0149ce47cab6c67746e537fb95
Instruction Fuzzy Hash: 57618BB25043099FCB10EF60C9409AFB7E8FF89714F04891EFA9987251DB35E945CB92

Function 00AED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2

Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A

FindFirstFileW.KERNEL32(?,?), ref: 00AED122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00AED1DD
MoveFileW.KERNEL32(?,?), ref: 00AED1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00AED20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AED237

Part of subcall function 00AED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00AED21C,?,?), ref: 00AED2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00AED253
FindClose.KERNEL32(00000000), ref: 00AED264

Strings

\*.*, xrefs: 00AED0CD, 00AED0D6, 00AED0EB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 19a1fbfb2723afd52e01d474c34abc81014f0d70c3c0f3f8052e5a1eaa492cb6
Instruction ID: 773eb41713eccbf4402595b0baabc6cd8e261d1d8bdf2197a5bd629b8caa02ae
Opcode Fuzzy Hash: 19a1fbfb2723afd52e01d474c34abc81014f0d70c3c0f3f8052e5a1eaa492cb6
Instruction Fuzzy Hash: 0B615B3180514DABCF05FBE1CA929FEBBB5AF25300F648169E40277191EB31AF09DB61

Function 00AFED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00AFED91
EmptyClipboard.USER32 ref: 00AFED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00AFEDAC
CloseClipboard.USER32 ref: 00AFEEA3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: af9a3ef8ef8e53c79e328b08e274697bdcd5115abc236c349af198df0037c115
Instruction ID: 79a95a6904572e620bdd06bbf713174e58427e41e2642bfe31d36e9f6eebb1a1
Opcode Fuzzy Hash: af9a3ef8ef8e53c79e328b08e274697bdcd5115abc236c349af198df0037c115
Instruction Fuzzy Hash: 4441BE35204611AFE320DF55E888B69BBE5FF44328F54C4A9F5558BA72CB35EC41CB90

Function 00AEE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
Part of subcall function 00AE16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
Part of subcall function 00AE16C3: GetLastError.KERNEL32 ref: 00AE174A

ExitWindowsEx.USER32(?,00000000), ref: 00AEE932

Strings

@, xrefs: 00AEE925
, xrefs: 00AEE920
, xrefs: 00AEE95C
SeShutdownPrivilege, xrefs: 00AEE902

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 51cbaaf0018f5be85d6040b6eea9415b9a15a5306df5722d4c4e7233fc8c1ea1
Instruction ID: 3b91874b001344c0658f943144be4fe9e4ff5367617d301409d7b6b0e21bdedd
Opcode Fuzzy Hash: 51cbaaf0018f5be85d6040b6eea9415b9a15a5306df5722d4c4e7233fc8c1ea1
Instruction Fuzzy Hash: E601F972650251ABEB54A7B69C8AFFFB2EC9718750F154422FC13E71D3EAB09C4481A4

Function 00B01204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00B01276
WSAGetLastError.WSOCK32 ref: 00B01283
bind.WSOCK32(00000000,?,00000010), ref: 00B012BA
WSAGetLastError.WSOCK32 ref: 00B012C5
closesocket.WSOCK32(00000000), ref: 00B012F4
listen.WSOCK32(00000000,00000005), ref: 00B01303
WSAGetLastError.WSOCK32 ref: 00B0130D
closesocket.WSOCK32(00000000), ref: 00B0133C

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: ba38ec928b4b33a0d8c8afdc366d59270b205a32d2068a2c6bf2ba908bc8e29d
Instruction ID: a1aebc5216adb2995f8d11420cccc0a5127f33027ed4e272f202f5520e213c01
Opcode Fuzzy Hash: ba38ec928b4b33a0d8c8afdc366d59270b205a32d2068a2c6bf2ba908bc8e29d
Instruction Fuzzy Hash: 2D416D71600100AFD714DF68C588B69BFE5EF46318F588598E8569F2D2C771ED81CBA1

Function 00AED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2

Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A

FindFirstFileW.KERNEL32(?,?), ref: 00AED420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00AED470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AED481
FindClose.KERNEL32(00000000), ref: 00AED498
FindClose.KERNEL32(00000000), ref: 00AED4A1

Strings

\*.*, xrefs: 00AED3F2

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 67c5d8d39828dd213384b6cc03f0e89c868a3327b08bacc3335e4eb6ae2d5ccd
Instruction ID: 6389eb92870ed2a4460581f46f2fb2ae23b88ff0ab0923a6cc9d7d0600328c36
Opcode Fuzzy Hash: 67c5d8d39828dd213384b6cc03f0e89c868a3327b08bacc3335e4eb6ae2d5ccd
Instruction Fuzzy Hash: 683160710083859BC305FF64D9958AFB7E8AEA5314F844A1EF4D593191EB30AA09D763

Function 00ABE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00ABE645

Strings

1#IND, xrefs: 00ABF83D
1#SNAN, xrefs: 00ABF844
1#QNAN, xrefs: 00ABF84B
1#INF, xrefs: 00ABF852

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 51c0e5b5be58e30553588eb440b76362d54d8e536541d8e4bad2bbb0069bde29
Instruction ID: cd4ce8154468fbca8f16f78984a23dbf18b6545926ebb2fced6c69dc5689510d
Opcode Fuzzy Hash: 51c0e5b5be58e30553588eb440b76362d54d8e536541d8e4bad2bbb0069bde29
Instruction Fuzzy Hash: 07C23C71E046288FDB25CF68DD407EAB7B9EB49305F1841EAD84DE7242E775AE818F40

Function 00AF648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00AF64DC
CoInitialize.OLE32(00000000), ref: 00AF6639
CoCreateInstance.OLE32(00B1FCF8,00000000,00000001,00B1FB68,?), ref: 00AF6650
CoUninitialize.OLE32 ref: 00AF68D4

Strings

.lnk, xrefs: 00AF64BA, 00AF6524, 00AF65E0

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: a0266997ead616ea7ab75e835d9747c8b8c722686cc185b6dbe9e17d3c395cdf
Instruction ID: f61de2b5f63e1271355a7624d815bde2df4a44444e55f8140a4a2555e3adea20
Opcode Fuzzy Hash: a0266997ead616ea7ab75e835d9747c8b8c722686cc185b6dbe9e17d3c395cdf
Instruction Fuzzy Hash: DAD16971508305AFD304EF64C981A6BB7E8FF98704F14496DF5959B2A1EB30ED09CBA2

Function 00B022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00B022E8

Part of subcall function 00AFE4EC: GetWindowRect.USER32(?,?), ref: 00AFE504

GetDesktopWindow.USER32 ref: 00B02312
GetWindowRect.USER32(00000000), ref: 00B02319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00B02355
GetCursorPos.USER32(?), ref: 00B02381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B023DF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 1765d3caa64d80a1587d510bab4b29c8a205e170d1e0a899996c76d8e8ab8c97
Instruction ID: 88da68813256f7e9850c19172f89eb056ee1ad26fa6af38e578ecc8abdc07233
Opcode Fuzzy Hash: 1765d3caa64d80a1587d510bab4b29c8a205e170d1e0a899996c76d8e8ab8c97
Instruction Fuzzy Hash: 3931E072504315AFCB20DF54D849B9BBBEAFF84310F00491AF98997191DB34EA08CB96

Function 00AF9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00AF9B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00AF9C8B

Part of subcall function 00AF3874: GetInputState.USER32 ref: 00AF38CB
Part of subcall function 00AF3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AF3966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00AF9BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00AF9C75

Strings

*.*, xrefs: 00AF9B5D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 7f77bf3ed768aa6d69fb27b30746c5032e3b44c374662ba4db3bc5dc9ed82144
Instruction ID: cc1a6a485f660a2999425aa291ef1bb4c73862f42a523b1f08e711134dcda93e
Opcode Fuzzy Hash: 7f77bf3ed768aa6d69fb27b30746c5032e3b44c374662ba4db3bc5dc9ed82144
Instruction Fuzzy Hash: 3241487194420EAFCF54EFA4C985BEEBBB8EF05310F244056F905A2191EB309E85CBA1

Function 00A9997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00A99A4E
GetSysColor.USER32(0000000F), ref: 00A99B23
SetBkColor.GDI32(?,00000000), ref: 00A99B36

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 0294db8c13c6a8bb74973c56e25de81460fc95eeeb2703865debb6d2be8b7817
Instruction ID: 4851ccfee9d54217e2d49a0f5b77b3d55825c50a0c5994b336fdbc43a106b223
Opcode Fuzzy Hash: 0294db8c13c6a8bb74973c56e25de81460fc95eeeb2703865debb6d2be8b7817
Instruction Fuzzy Hash: 5FA1E770308544BFEF299B2C8C99FBF36EDEB46380B14454EF503D6A91EA259D42D272

Function 00B01806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B0307A
Part of subcall function 00B0304E: _wcslen.LIBCMT ref: 00B0309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00B0185D
WSAGetLastError.WSOCK32 ref: 00B01884
bind.WSOCK32(00000000,?,00000010), ref: 00B018DB
WSAGetLastError.WSOCK32 ref: 00B018E6
closesocket.WSOCK32(00000000), ref: 00B01915

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 1ab6ed3fe6fa37056753b71dae8808e3ab93f1cf0ffabd7f083431573ace8e61
Instruction ID: ed31004820fa7e4204fd8e7235f5b45ac07afa22149476e45ddd7bea7461ec5e
Opcode Fuzzy Hash: 1ab6ed3fe6fa37056753b71dae8808e3ab93f1cf0ffabd7f083431573ace8e61
Instruction Fuzzy Hash: A751D471A002109FEB14AF28C986F6A7BE5EB44718F54C498F9065F3D3D771AD41CBA1

Function 00B11C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00B11CC0
IsWindowEnabled.USER32 ref: 00B11CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00B11CDB
IsIconic.USER32 ref: 00B11CE9
IsZoomed.USER32 ref: 00B11CF7

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 57d3bb5c4de6186ae37357a9f86f093586edfbbd7d550940bb5f7d024aa240c7
Instruction ID: 4ef54ba1977b7beb262436abf541f01f71dc7f6b56f6c839ce2bb59516dba315
Opcode Fuzzy Hash: 57d3bb5c4de6186ae37357a9f86f093586edfbbd7d550940bb5f7d024aa240c7
Instruction Fuzzy Hash: 1221A3317802115FD7209F2ED884BAA7BE5EF95324B9984A8E946CF351CB71DC82CBD0

Function 00A88060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00A8843C
VUUU, xrefs: 00A883E8
ERCP, xrefs: 00A8813C
VUUU, xrefs: 00A883FA
VUUU, xrefs: 00AC5DF0

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: a023ddc79a74144d865e5eae7ae11a1cc9a7547bd328cd0132b88779c6d9ec58
Instruction ID: 83abbdf3cc227138b27a6a861a5d0fb10c6efc6637a94c267baddb7105d16d7c
Opcode Fuzzy Hash: a023ddc79a74144d865e5eae7ae11a1cc9a7547bd328cd0132b88779c6d9ec58
Instruction Fuzzy Hash: 82A27171E0061ACBDF24DF58C940BEEB7B1BF54310F6581AAE815AB285EB749D81CF90

Function 00AEAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00AEAAAC
SetKeyboardState.USER32(00000080), ref: 00AEAAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00AEAB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00AEAB88

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: a4e66b3ef7f87116fa97e82dbdb61a17f41e5a53f520163d1668c568f4c0e29d
Instruction ID: f0af9e119849d5cca53902eab971261c663e93c7afcc52f709b4be8123edd5f0
Opcode Fuzzy Hash: a4e66b3ef7f87116fa97e82dbdb61a17f41e5a53f520163d1668c568f4c0e29d
Instruction Fuzzy Hash: 72310870A80388AEFF35CB66CC05BFA7BA6EB64310F04821AF581961D1D775AD85C762

Function 00ABBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00ABBB7F

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

GetTimeZoneInformation.KERNEL32 ref: 00ABBB91
WideCharToMultiByte.KERNEL32(00000000,?,00B5121C,000000FF,?,0000003F,?,?), ref: 00ABBC09
WideCharToMultiByte.KERNEL32(00000000,?,00B51270,000000FF,?,0000003F,?,?,?,00B5121C,000000FF,?,0000003F,?,?), ref: 00ABBC36

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: 4ff3f41808ef8472b43faa447929b95ec9ef9c1d830394cbdf2d055626078925
Instruction ID: 4b0efcfdc5a201d768f9cecd981520641478f27daf93c7fe1680cde98a1cbace
Opcode Fuzzy Hash: 4ff3f41808ef8472b43faa447929b95ec9ef9c1d830394cbdf2d055626078925
Instruction Fuzzy Hash: 3E31C070944205EFCB11DF68CC80AADBFBCBF46311B144AAAE014DB2A2DB719E40CB60

Function 00AFCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00AFCE89
GetLastError.KERNEL32(?,00000000), ref: 00AFCEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00AFCEFE

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: e2c9fbc0d6ce9420b7f98fe1bacd4bc78ad7c46bbfccbe5bc0454bac0ed2af19
Instruction ID: d2b0068455f9208002f408f2bc4f67e4db9802e09096e65faa4c298778e18467
Opcode Fuzzy Hash: e2c9fbc0d6ce9420b7f98fe1bacd4bc78ad7c46bbfccbe5bc0454bac0ed2af19
Instruction Fuzzy Hash: 32215E7154070DABD720DFA6DA44BA6BBF8EF50364F10841AF646D3151EB74EE048B54

Function 00AE8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00AE82AA

Strings

(, xrefs: 00AE82F0
|, xrefs: 00AE82DA

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: b0b0b169828a664d3c0d25298dd80fae242ce2571c2a6197ca92a2754aa57427
Instruction ID: e82fe329077f8f6dcfc38cceaaa592bd125d409cd3bb082516382997063adf51
Opcode Fuzzy Hash: b0b0b169828a664d3c0d25298dd80fae242ce2571c2a6197ca92a2754aa57427
Instruction Fuzzy Hash: F0323575A007469FCB28CF5AC481A6AB7F0FF48710B15C56EE49ADB3A1EB74E941CB40

Function 00AF5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00AF5CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00AF5D17
FindClose.KERNEL32(?), ref: 00AF5D5F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 527ecaeca86188e0b75e909112e5344ffc7d790f704110c2721b64397c290ffa
Instruction ID: 5df8178655b7a0fc9449b36c3e5a66f3839fa7dc4fae917aa3de97bc884d2d42
Opcode Fuzzy Hash: 527ecaeca86188e0b75e909112e5344ffc7d790f704110c2721b64397c290ffa
Instruction Fuzzy Hash: 1551AC34A046059FC714DF68C484AA6B7E4FF0A324F14855DFA9A8B3A1DB30ED04CF91

Function 00AB2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00AB271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AB2724
UnhandledExceptionFilter.KERNEL32(?), ref: 00AB2731

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: c8ec7c3abe1992cca2fa021a7a76b6e0a8bc7bf99e76673835b057dc4c9fcc2a
Instruction ID: 4f33a31608c5fb75d33d16ecadde4b2f2727c541a0e9b8a0fbe8029d40ff41c5
Opcode Fuzzy Hash: c8ec7c3abe1992cca2fa021a7a76b6e0a8bc7bf99e76673835b057dc4c9fcc2a
Instruction Fuzzy Hash: 3D31D5749412189BCB21DF68DD88BDDBBB8AF08310F5041EAE41CA72A1EB309F818F44

Function 00AF51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AF51DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00AF5238
SetErrorMode.KERNEL32(00000000), ref: 00AF52A1

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: a1bde0c2520100abf49debae49f31a890a2c5fd11a78ef0024e6bb699dedfc3f
Instruction ID: 5d0bd1ca2b7b7bab36a5adf33afe96e1a9e82b29c00c8fac127b04531b2c8709
Opcode Fuzzy Hash: a1bde0c2520100abf49debae49f31a890a2c5fd11a78ef0024e6bb699dedfc3f
Instruction Fuzzy Hash: 2D314F75A00518DFDB00DF94D884EEDBBB4FF49314F048099E905AB352DB31E855CBA0

Function 00AE16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00A9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00AA0668
Part of subcall function 00A9FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00AA0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE173A
GetLastError.KERNEL32 ref: 00AE174A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 0a44bc970848e3bd27a9b75e65008f08b8360b5d62df1e3984e81f81d6b22ab0
Instruction ID: 7d224c814fc1e6a073da4e7e16bdc074093fefbe7f7b01424c1f9c795938d91e
Opcode Fuzzy Hash: 0a44bc970848e3bd27a9b75e65008f08b8360b5d62df1e3984e81f81d6b22ab0
Instruction Fuzzy Hash: 3B11CEB2510304AFD718AF54EC86DAABBF9EB08B14B20852EE05697641EB70BC41CA24

Function 00AED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AED608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00AED645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AED650

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 295a834c4fb48881058d8742ed6f72e6316353c022275d871a4485b1ac2d7c80
Instruction ID: c340cceead0974c0ff8891070722e609ab7d8a4acb19cf3434a6924f8e0a887f
Opcode Fuzzy Hash: 295a834c4fb48881058d8742ed6f72e6316353c022275d871a4485b1ac2d7c80
Instruction Fuzzy Hash: 13113C75E45228BBDB108F95AC45FEFBFBCEB45B50F108115F914E7290D6704A058BA1

Function 00AE1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00AE168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00AE16A1
FreeSid.ADVAPI32(?), ref: 00AE16B1

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 55e50b9a131c8b7de9fcc8df639eb9d6386ea525acebe73111ad181170e71f64
Instruction ID: 8aa8dde40552bf11f4b27a7b9f3a7a757650272b79daf6b338e387d9f20e2156
Opcode Fuzzy Hash: 55e50b9a131c8b7de9fcc8df639eb9d6386ea525acebe73111ad181170e71f64
Instruction Fuzzy Hash: EDF0F471990309FBDB00DFE49C89EAEBBBCEB08604F508565E501E2181E774AA448A50

Function 00ADD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00ADD28C

Strings

X64, xrefs: 00ADD2A8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 9b8c01fb8d14535b421e9fbc08af6a3fedd016068bd12aad8b884ec8403ca338
Instruction ID: 88e7a58779805b86ea4b82cd9bf63e583fbd2eb44ba1f488c513cbdfe351344f
Opcode Fuzzy Hash: 9b8c01fb8d14535b421e9fbc08af6a3fedd016068bd12aad8b884ec8403ca338
Instruction Fuzzy Hash: 0FD0CAB480122DEACF94CBA0EC88DDAB7BCBB08345F204292F146A2100DB3096888F20

Function 00AACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: f0c1a4aec0f960fa73f5699264b99f5ea929de64bbb3b2cf06fbe6dddf5bfdb7
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: A3021E71E002199FEF24CFA9C9806ADFBF1EF49324F258169D919E7384D731AE418B94

Function 00AF68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00AF6918
FindClose.KERNEL32(00000000), ref: 00AF6961

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: a4e76a629afdb182037d4414f731fb9629bd4c09b121a4b2678116809cf4d58c
Instruction ID: 63e788d81139e1af7025120fbba72a8b35b15c6a39bec8c93a09892d9db5daef
Opcode Fuzzy Hash: a4e76a629afdb182037d4414f731fb9629bd4c09b121a4b2678116809cf4d58c
Instruction Fuzzy Hash: 04118E316042049FD710DF69D4C4A26BBE5FF85328F54C699F5698F6A2CB70EC05CB91

Function 00AF37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00B04891,?,?,00000035,?), ref: 00AF37E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00B04891,?,?,00000035,?), ref: 00AF37F4

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 7cbaa96a44db0fdd4a4948804079b96c27f3ed4bfb8234607a58e278da4ed3a3
Instruction ID: 03bf59dc581deae2dfd1d9fcb77b94dbb49adb7a5fe4a611bb915d3bfccb2040
Opcode Fuzzy Hash: 7cbaa96a44db0fdd4a4948804079b96c27f3ed4bfb8234607a58e278da4ed3a3
Instruction Fuzzy Hash: BFF0E5B17042282AEB2067A69D4DFEB7AAEEFC5761F000165F609D3281D9B09944C7F0

Function 00AEB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00AEB25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00AEB270

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 0e5dc09109001a7520f32620cc6b3709cea88dcd9a5467bbdb60d0a555c2a2e1
Instruction ID: 61319686cab56b46569ad4ba33ad315c86924ce7a658fcaf326dad5630381ccb
Opcode Fuzzy Hash: 0e5dc09109001a7520f32620cc6b3709cea88dcd9a5467bbdb60d0a555c2a2e1
Instruction Fuzzy Hash: E4F01D7185428DABDB059FA1C806BEE7FB4FF04305F008009F965A6191C77986119FA4

Function 00AE10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AE11FC), ref: 00AE10D4
CloseHandle.KERNEL32(?,?,00AE11FC), ref: 00AE10E9

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 398573e59dbfe708dc32079ae5a071a9b000df335066ce30ce7fc8f2f183ff53
Instruction ID: 9081938c69fe2dd503b008352a19035cc8bd0b3bfba0a271510cfe69b4128066
Opcode Fuzzy Hash: 398573e59dbfe708dc32079ae5a071a9b000df335066ce30ce7fc8f2f183ff53
Instruction Fuzzy Hash: B7E0BF72154610AFEB252B51FD09EB77BE9EB04310B24C82DF5A5814B1DB726C90DB54

Function 00A8CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00AD0C40

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: 734f1855d61c729895fc9b037d5fdda8a5b8daa20527d10a6e3d7f6c64f107e5
Instruction ID: 2421e9ef46bf31b118aef2a658d247f8d2e2932c4e9c995e38817fc0536a48e2
Opcode Fuzzy Hash: 734f1855d61c729895fc9b037d5fdda8a5b8daa20527d10a6e3d7f6c64f107e5
Instruction Fuzzy Hash: 75328870900218DFDF14EF94D985BEDBBB5BF05318F14806AE806AB292DB75AE45CF60

Function 00AB676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00AB6766,?,?,00000008,?,?,00ABFEFE,00000000), ref: 00AB6998

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 12bef984b4ab182706006702ab22c3bbce86294f813a5abd93abe0d2210101d3
Instruction ID: 160671e1170b19a4320203e91a1d1b925265550ec699a9206cf4fae5e03816e5
Opcode Fuzzy Hash: 12bef984b4ab182706006702ab22c3bbce86294f813a5abd93abe0d2210101d3
Instruction Fuzzy Hash: 53B13C726106089FDB15CF28C486BA57BF4FF45364F29865CE899CF2A2C739E991CB40

Function 00A9B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00AD851F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b1cba6e7569677588b1b643648cc5afc5b5b88ee3987ca758300f807d47eef20
Instruction ID: 0631869903f56784e7b3c6475d3f37f94b91e250edfb82566ddbdb6536389d65
Opcode Fuzzy Hash: b1cba6e7569677588b1b643648cc5afc5b5b88ee3987ca758300f807d47eef20
Instruction Fuzzy Hash: 58126D75A10229DBCF24CF58D9806EEB7F5FF48710F14819AE809EB255DB349A81DFA0

Function 00AFEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00AFEABD

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 328a42b25f79e97a3c9d6f6bac3ee599497e31db378295745a474670c037834a
Instruction ID: fda4c20d486e2f09378efa38786bf5c0ab2dde09f5a40b0022d0443a8d566bc7
Opcode Fuzzy Hash: 328a42b25f79e97a3c9d6f6bac3ee599497e31db378295745a474670c037834a
Instruction Fuzzy Hash: 71E01A312102049FD710EF99D804E9ABBE9AF987A0F408426FD4AC7261DB70A8408BA0

Function 00AA09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00AA03EE), ref: 00AA09DA

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 4dc7be7a3a4dabee086e78310ec363755923758dc53211666dcb6ccf1e263271
Instruction ID: 7fe7c3d36912501d4df602322a8e1ab339a458c759d7d57127d6181e343f5337
Opcode Fuzzy Hash: 4dc7be7a3a4dabee086e78310ec363755923758dc53211666dcb6ccf1e263271
Instruction Fuzzy Hash:

Function 00AA781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00AA798B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 36071676543707f8f74878427c837d6691ef61e1d017ca905ae6f8476c02bf0f
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 5551557260C7056BDB3887688D5EBBF63A99B0B340F18051BD886D72C2CB1DDE85D356

Function 00AB6DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ee080141789b6b802c942246ef3edc073ae1d853912c57b0a76b69b3789f3e
Instruction ID: 2cccfcec255029e85f56d26afc1bac7bf817e3db9d046ed82912cf5df2423e46
Opcode Fuzzy Hash: 95ee080141789b6b802c942246ef3edc073ae1d853912c57b0a76b69b3789f3e
Instruction Fuzzy Hash: AB320022D29F414DD7339634C822339A65DAFB73C5F15D737E81AB69AAEF69C4834100

Function 00A9CC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61a63bb8b4adcfff60ba35267b64d96007e5cab59dd6070381b01fa1f638f80b
Instruction ID: f7302250b88250565732704f09020a26930520a079ddf4bef231cee01807d756
Opcode Fuzzy Hash: 61a63bb8b4adcfff60ba35267b64d96007e5cab59dd6070381b01fa1f638f80b
Instruction Fuzzy Hash: 9432E131B401168BDF28CB69C4946BD7BF2EB45330FA8856BD49B9B392D634DE81DB40

Function 00A87920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c6b74540e2e6fb6d10f3ba60de6a81a6a968f5993e0f5a12b28695176caf906
Instruction ID: 1f513b970b14c9cefb652aacb93709e7d4488baed12615294f9b45d008960ba5
Opcode Fuzzy Hash: 2c6b74540e2e6fb6d10f3ba60de6a81a6a968f5993e0f5a12b28695176caf906
Instruction Fuzzy Hash: BF228F70E046099FDF14DFA5C981BAEB7F6FF44300F244529E816AB291EB35E951CB50

Function 00A891C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3884660c1fc7da1ffe71c068612c49bddbac38417b6175299b2def69fdc296
Instruction ID: 51b4c00f11c00933c3ae81e48db03469c54e59f413f57b477c2b2788b431d99b
Opcode Fuzzy Hash: cf3884660c1fc7da1ffe71c068612c49bddbac38417b6175299b2def69fdc296
Instruction Fuzzy Hash: F70280B1A0020AEFDF04DF54D981BAEB7F1FF44340F158169E816DB291EB31AA21CB95

Function 00AB9EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a741f98128e3f170f3c25c4e2ad1c575ff62b1df76b115259c6a460a5fe445
Instruction ID: a93be53529e9004efe11b325dd427d76790308967ac044447f059c02d66dfd55
Opcode Fuzzy Hash: d9a741f98128e3f170f3c25c4e2ad1c575ff62b1df76b115259c6a460a5fe445
Instruction Fuzzy Hash: DFB1F220D2AF414DD32396398871336B69CAFBB6D5F91D71BFC2675D22EF2686834140

Function 00AA1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 4e36eb484c560cbb63633f516119c626051bcc5d79c30b1d7cb7cb93eedef793
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 569153726080A35ADB29473A857407EFFE15A933B2B1A079ED4F2CB1C5FF249964D620

Function 00AA1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 5e829aecc28e684111fe55ee5fd4f9fcfc46f005b644cf1a9b16d502cac15660
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: EF912F722090A34EDB69473D857453EFFE15A933A171A079EE4F2CB1C5EF248964E720

Function 00AA19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: 96d52092c10e8c1ab45088d8743351ec65cf85cf093652d2eb3d7e33c3889cdc
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: 549130722090A35EDB69477A857403EFFF15A933A2B1A079ED4F2CB1C1FF248965D620

Function 00AA7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf312025fd685482e07da92bcadefc8b07612218551987a7ef8ca380c887fb1
Instruction ID: 27f845dc10b4906fc426ee2810f3034d68a0585c799b5820c95135d1b2c08dd0
Opcode Fuzzy Hash: ebf312025fd685482e07da92bcadefc8b07612218551987a7ef8ca380c887fb1
Instruction Fuzzy Hash: F96137B1708709A6DE349B288D95BBF63A8DF43750F24091AE843DB2C1DB159E42C775

Function 00AA7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0de080297a5409d978f6569f19a908afe248f3a4ecbd8095941aeb785e659bbe
Instruction ID: 447c52a392f2bf35b438ffcdc35c8f3f7e386d4dfbedc3361b3748c028e9deaf
Opcode Fuzzy Hash: 0de080297a5409d978f6569f19a908afe248f3a4ecbd8095941aeb785e659bbe
Instruction Fuzzy Hash: A661997160870967DF388B288DA5BBF63A8EF43704F14095AE943DB2C1EB16ED428B55

Function 00AA1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: f3064c1ef404cf326a88a49b6cc334b914c53b16a87077993816bddc45391849
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 848174726090A31DDB6D473A857443EFFE15A933A1B1A079DD4F2CB1C1EF24C954E620

Function 00A9D063 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258c31b98c21070db14766f0e04f80bb9f7ca5d19298dc7472ee0d830283b858
Instruction ID: 0b40acc8305f8a9403fc51106febde4f8529244de17a77a5ac17b760e15b7156
Opcode Fuzzy Hash: 258c31b98c21070db14766f0e04f80bb9f7ca5d19298dc7472ee0d830283b858
Instruction Fuzzy Hash: 75512A9985FBDA1FDB179734886A198FFB0AC1726174887CFD8825E8CBD381041AC75B

Function 00AF2046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 284c4cdcf42df3814828f3ca44ad4ee68e879d544a6254c94109ab6f711dac70
Instruction ID: ff8ae548ba247c5f1dbd8e70ac8d45b9f1502eab957b2bb6343cb0f9cd3f8453
Opcode Fuzzy Hash: 284c4cdcf42df3814828f3ca44ad4ee68e879d544a6254c94109ab6f711dac70
Instruction Fuzzy Hash: B521A5326216158BDB28CF79C82277A73E5A764311F15866EE4A7C37D0DE39AD04CB80

Function 00B02ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00B02B30
DeleteObject.GDI32(00000000), ref: 00B02B43
DestroyWindow.USER32 ref: 00B02B52
GetDesktopWindow.USER32 ref: 00B02B6D
GetWindowRect.USER32(00000000), ref: 00B02B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00B02CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00B02CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02CF8
GetClientRect.USER32(00000000,?), ref: 00B02D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B02D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D80
GlobalLock.KERNEL32(00000000), ref: 00B02D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02D98
GlobalUnlock.KERNEL32(00000000), ref: 00B02DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02DA8
GlobalFree.KERNEL32(00000000), ref: 00B02DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00B1FC38,00000000), ref: 00B02DDB
GlobalFree.KERNEL32(00000000), ref: 00B02DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00B02E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00B02E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B02E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B0303F

Strings

DISPLAY, xrefs: 00B02EA2
static, xrefs: 00B02D3A, 00B02E91
AutoIt v3, xrefs: 00B02CF2
, xrefs: 00B02FC5

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 4be34078b4bc6f0c90c18eac45af2728118c252187ddd736e904d7701c257b78
Instruction ID: 114e6cd75076a1fa9b2eedb53aa4ff41fe7ef931a7424e0efc35b3106dfc52b2
Opcode Fuzzy Hash: 4be34078b4bc6f0c90c18eac45af2728118c252187ddd736e904d7701c257b78
Instruction Fuzzy Hash: 93028A71940205AFDB14DFA4CD89EAE7FB9FB49711F108598F915AB2A1DB70ED00CB60

Function 00B170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00B1712F
GetSysColorBrush.USER32(0000000F), ref: 00B17160
GetSysColor.USER32(0000000F), ref: 00B1716C
SetBkColor.GDI32(?,000000FF), ref: 00B17186
SelectObject.GDI32(?,?), ref: 00B17195
InflateRect.USER32(?,000000FF,000000FF), ref: 00B171C0
GetSysColor.USER32(00000010), ref: 00B171C8
CreateSolidBrush.GDI32(00000000), ref: 00B171CF
FrameRect.USER32(?,?,00000000), ref: 00B171DE
DeleteObject.GDI32(00000000), ref: 00B171E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00B17230
FillRect.USER32(?,?,?), ref: 00B17262
GetWindowLongW.USER32(?,000000F0), ref: 00B17284

Part of subcall function 00B173E8: GetSysColor.USER32(00000012), ref: 00B17421
Part of subcall function 00B173E8: SetTextColor.GDI32(?,?), ref: 00B17425
Part of subcall function 00B173E8: GetSysColorBrush.USER32(0000000F), ref: 00B1743B
Part of subcall function 00B173E8: GetSysColor.USER32(0000000F), ref: 00B17446
Part of subcall function 00B173E8: GetSysColor.USER32(00000011), ref: 00B17463
Part of subcall function 00B173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B17471
Part of subcall function 00B173E8: SelectObject.GDI32(?,00000000), ref: 00B17482
Part of subcall function 00B173E8: SetBkColor.GDI32(?,00000000), ref: 00B1748B
Part of subcall function 00B173E8: SelectObject.GDI32(?,?), ref: 00B17498
Part of subcall function 00B173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00B174B7
Part of subcall function 00B173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B174CE
Part of subcall function 00B173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00B174DB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: ef87c5385ef2b42ec6c8dec7964396e558489849ff6f9acab757863d4658c667
Instruction ID: 67a98e6c50c074cbc8980a448beced26829d9f7290243ed250c0af910e11ddac
Opcode Fuzzy Hash: ef87c5385ef2b42ec6c8dec7964396e558489849ff6f9acab757863d4658c667
Instruction Fuzzy Hash: 97A18E72088301FFDB019F60DC48A9A7BF9FB49320F904A19F962A71A1DB70E9458B91

Function 00A98D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00A98E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00AD6AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00AD6AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00AD6F43

Part of subcall function 00A98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A98BE8,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98FC5

SendMessageW.USER32(?,00001053), ref: 00AD6F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00AD6F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00AD6FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00AD6FB7

Strings

0, xrefs: 00AD6DCF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: cb2483d5b6115b5d6543f3e5b04dccfb840690307f0985d43e11a8c42e384042
Instruction ID: 2a0e38c1869611c395d7a9e4d0ee0e79f2711b21d637197e988245edd346806f
Opcode Fuzzy Hash: cb2483d5b6115b5d6543f3e5b04dccfb840690307f0985d43e11a8c42e384042
Instruction Fuzzy Hash: CC12AD30600611DFDB25CF28D994BAABBF5FB49301F54846AF4968B261CB35EC52CB91

Function 00B02711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00B0273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B0286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00B028A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00B028B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00B02900
GetClientRect.USER32(00000000,?), ref: 00B0290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00B02955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B02964
GetStockObject.GDI32(00000011), ref: 00B02974
SelectObject.GDI32(00000000,00000000), ref: 00B02978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00B02988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B02991
DeleteDC.GDI32(00000000), ref: 00B0299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B029C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00B029DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00B02A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B02A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00B02A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00B02A77
GetStockObject.GDI32(00000011), ref: 00B02A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B02A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00B02A97

Strings

DISPLAY, xrefs: 00B0295A
static, xrefs: 00B0294F, 00B02A71
AutoIt v3, xrefs: 00B028F8
msctls_progress32, xrefs: 00B02A13

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 5f767fc5a62092cdf3d4206eca6d3c4e67c98b84da7feb3cd4439abc359f9ade
Instruction ID: b0e68b093fa5918c586f4fed15160483d76e85cb7301fafc6201f1eb26616f2b
Opcode Fuzzy Hash: 5f767fc5a62092cdf3d4206eca6d3c4e67c98b84da7feb3cd4439abc359f9ade
Instruction Fuzzy Hash: BCB14971A40215BFEB14DFA8CD89FAE7BB9EB08711F108554F915E72A0DB70AD40CBA4

Function 00AF4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AF4AED
GetDriveTypeW.KERNEL32(?,00B1CB68,?,\\.\,00B1CC08), ref: 00AF4BCA
SetErrorMode.KERNEL32(00000000,00B1CB68,?,\\.\,00B1CC08), ref: 00AF4D36

Strings

1394, xrefs: 00AF4C9F
\\.\, xrefs: 00AF4B3F
Virtual, xrefs: 00AF4CE5
Unknown, xrefs: 00AF4BED, 00AF4C83
SCSI, xrefs: 00AF4C8A
SSA, xrefs: 00AF4CA6
RAMDisk, xrefs: 00AF4BF4
SAS, xrefs: 00AF4CC9
Fibre, xrefs: 00AF4CAD
Fixed, xrefs: 00AF4C09
FileBackedVirtual, xrefs: 00AF4CEC
iSCSI, xrefs: 00AF4CC2
Network, xrefs: 00AF4C02
PhysicalDrive, xrefs: 00AF4B76
CDROM, xrefs: 00AF4BFB
Removable, xrefs: 00AF4C10, 00AF4C15
ATAPI, xrefs: 00AF4C91
SSD, xrefs: 00AF4C4A
USB, xrefs: 00AF4CB4
MMC, xrefs: 00AF4CDE
SATA, xrefs: 00AF4CD0
RAID, xrefs: 00AF4CBB
ATA, xrefs: 00AF4C98

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 85a8120173ab2d3a797613af03d81fc28dbbba477c88595718beb95cc3163432
Instruction ID: 5c7d31d69e6bdf5435c16c32d068931689cad9e41a63c4203d512441a16b6797
Opcode Fuzzy Hash: 85a8120173ab2d3a797613af03d81fc28dbbba477c88595718beb95cc3163432
Instruction Fuzzy Hash: 7E61D430A4520D9BCB04DFA4CA8197E77F0EB4D714B249065F906AB262DB35DE42EB52

Function 00B173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00B17421
SetTextColor.GDI32(?,?), ref: 00B17425
GetSysColorBrush.USER32(0000000F), ref: 00B1743B
GetSysColor.USER32(0000000F), ref: 00B17446
CreateSolidBrush.GDI32(?), ref: 00B1744B
GetSysColor.USER32(00000011), ref: 00B17463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B17471
SelectObject.GDI32(?,00000000), ref: 00B17482
SetBkColor.GDI32(?,00000000), ref: 00B1748B
SelectObject.GDI32(?,?), ref: 00B17498
InflateRect.USER32(?,000000FF,000000FF), ref: 00B174B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B174CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00B174DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B1752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00B17554
InflateRect.USER32(?,000000FD,000000FD), ref: 00B17572
DrawFocusRect.USER32(?,?), ref: 00B1757D
GetSysColor.USER32(00000011), ref: 00B1758E
SetTextColor.GDI32(?,00000000), ref: 00B17596
DrawTextW.USER32(?,00B170F5,000000FF,?,00000000), ref: 00B175A8
SelectObject.GDI32(?,?), ref: 00B175BF
DeleteObject.GDI32(?), ref: 00B175CA
SelectObject.GDI32(?,?), ref: 00B175D0
DeleteObject.GDI32(?), ref: 00B175D5
SetTextColor.GDI32(?,?), ref: 00B175DB
SetBkColor.GDI32(?,?), ref: 00B175E5

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: d339a52be2e05f165b85a34f77b9fa53cbadc31d2ebe8acf19f7f9503c979af2
Instruction ID: 20c9c8fa4ffc88904643ec9b3ad3a3364225fb471cbfa23273ce1911398c66c0
Opcode Fuzzy Hash: d339a52be2e05f165b85a34f77b9fa53cbadc31d2ebe8acf19f7f9503c979af2
Instruction Fuzzy Hash: 02615D72984218FFDF019FA4DC49AEE7FB9EB08320F618155F915BB2A1DB749940CB90

Function 00B10FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00B11128
GetDesktopWindow.USER32 ref: 00B1113D
GetWindowRect.USER32(00000000), ref: 00B11144
GetWindowLongW.USER32(?,000000F0), ref: 00B11199
DestroyWindow.USER32(?), ref: 00B111B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B111ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B1120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B1121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00B11232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00B11245
IsWindowVisible.USER32(00000000), ref: 00B112A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00B112BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00B112D0
GetWindowRect.USER32(00000000,?), ref: 00B112E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00B1130E
GetMonitorInfoW.USER32(00000000,?), ref: 00B11328
CopyRect.USER32(?,?), ref: 00B1133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00B113AA

Strings

tooltips_class32, xrefs: 00B111E6
0, xrefs: 00B110D3
(, xrefs: 00B1131B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 61546cc84ab6ce67390fc6e5fed97a534542c60d0ea1000c209956d57b5879a9
Instruction ID: 36c76d7c6fe2e35d55136b50c7b14d2c49946b01c6232ddb803493fd5f7228a2
Opcode Fuzzy Hash: 61546cc84ab6ce67390fc6e5fed97a534542c60d0ea1000c209956d57b5879a9
Instruction Fuzzy Hash: 5AB19E71604341AFD704DF68C985BAEBBE4FF88750F408958FA999B2A1CB31DC44CBA1

Function 00A98891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A98968
GetSystemMetrics.USER32(00000007), ref: 00A98970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A9899B
GetSystemMetrics.USER32(00000008), ref: 00A989A3
GetSystemMetrics.USER32(00000004), ref: 00A989C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A989E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A989F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A98A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A98A3C
GetClientRect.USER32(00000000,000000FF), ref: 00A98A5A
GetStockObject.GDI32(00000011), ref: 00A98A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00A98A81

Part of subcall function 00A9912D: GetCursorPos.USER32(?), ref: 00A99141
Part of subcall function 00A9912D: ScreenToClient.USER32(00000000,?), ref: 00A9915E
Part of subcall function 00A9912D: GetAsyncKeyState.USER32(00000001), ref: 00A99183
Part of subcall function 00A9912D: GetAsyncKeyState.USER32(00000002), ref: 00A9919D

SetTimer.USER32(00000000,00000000,00000028,00A990FC), ref: 00A98AA8

Strings

AutoIt v3 GUI, xrefs: 00A98A20

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: cbb68c01de623015d40f64880b3e00c46bcdd138b521046526d7ad059d4ea7f4
Instruction ID: 7f5d2e9f72d1df0a4983efe84fbd597f26768798f4b8c47dc79b7b0c5b4b082a
Opcode Fuzzy Hash: cbb68c01de623015d40f64880b3e00c46bcdd138b521046526d7ad059d4ea7f4
Instruction Fuzzy Hash: E7B16C71A40209AFDF14DFA8CD45BEE3BF5FB48315F10856AFA16A7290DB34A841CB50

Function 00AE0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
Part of subcall function 00AE10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
Part of subcall function 00AE10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
Part of subcall function 00AE10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
Part of subcall function 00AE10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AE0DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AE0E29
GetLengthSid.ADVAPI32(?), ref: 00AE0E40
GetAce.ADVAPI32(?,00000000,?), ref: 00AE0E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AE0E96
GetLengthSid.ADVAPI32(?), ref: 00AE0EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00AE0EB5
HeapAlloc.KERNEL32(00000000), ref: 00AE0EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AE0EDD
CopySid.ADVAPI32(00000000), ref: 00AE0EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AE0F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AE0F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AE0F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F6E
HeapFree.KERNEL32(00000000), ref: 00AE0F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F7E
HeapFree.KERNEL32(00000000), ref: 00AE0F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE0F8E
HeapFree.KERNEL32(00000000), ref: 00AE0F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00AE0FA1
HeapFree.KERNEL32(00000000), ref: 00AE0FA8

Part of subcall function 00AE1193: GetProcessHeap.KERNEL32(00000008,00AE0BB1,?,00000000,?,00AE0BB1,?), ref: 00AE11A1
Part of subcall function 00AE1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00AE0BB1,?), ref: 00AE11A8
Part of subcall function 00AE1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00AE0BB1,?), ref: 00AE11B7

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 580e6f562cc295c66c843e4d46a42da7f810d4f0c1a15c65fd50a88fd5b766b7
Instruction ID: 5580bcdc49d0f757909d8c1cebcad1b28946db06283d7b4ae86d51dd22fd186a
Opcode Fuzzy Hash: 580e6f562cc295c66c843e4d46a42da7f810d4f0c1a15c65fd50a88fd5b766b7
Instruction Fuzzy Hash: CA717B7294024AABDB209FA5DC48FEEBBB8BF08300F148115F959E7191DB709E55CB60

Function 00B0C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00B1CC08,00000000,?,00000000,?,?), ref: 00B0C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00B0C5A4
_wcslen.LIBCMT ref: 00B0C5F4
_wcslen.LIBCMT ref: 00B0C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00B0C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00B0C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00B0C84D
RegCloseKey.ADVAPI32(?), ref: 00B0C881
RegCloseKey.ADVAPI32(00000000), ref: 00B0C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00B0C960

Strings

REG_SZ, xrefs: 00B0C644
REG_QWORD, xrefs: 00B0C8C3
REG_MULTI_SZ, xrefs: 00B0C6F5
REG_EXPAND_SZ, xrefs: 00B0C5CD
REG_DWORD, xrefs: 00B0C804
REG_BINARY, xrefs: 00B0C913

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 23fdccc0e82ba5ca5072c1a971ef3fd7bd069e6903686e9ff3c2db61d91019e7
Instruction ID: ca5ab5113f6a5354c19319ee68ccea4a9315b43483174edfa740231d19ae225d
Opcode Fuzzy Hash: 23fdccc0e82ba5ca5072c1a971ef3fd7bd069e6903686e9ff3c2db61d91019e7
Instruction Fuzzy Hash: 181269356042019FDB14EF14C981A2ABBE5FF88714F14899CF89A9B3A2DB31FD41CB95

Function 00B1091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00B109C6
_wcslen.LIBCMT ref: 00B10A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B10A54
_wcslen.LIBCMT ref: 00B10A8A
_wcslen.LIBCMT ref: 00B10B06
_wcslen.LIBCMT ref: 00B10B81

Part of subcall function 00A9F9F2: _wcslen.LIBCMT ref: 00A9F9FD

Part of subcall function 00AE2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AE2BFA

Strings

UNCHECK, xrefs: 00B10D3E
COLLAPSE, xrefs: 00B10B01, 00B10B1C
EXISTS, xrefs: 00B10B7C, 00B10B97
GETTEXT, xrefs: 00B10C97
EXPAND, xrefs: 00B10BF8
ISCHECKED, xrefs: 00B10CE1
GETTOTALCOUNT, xrefs: 00B109F2, 00B10A17
SELECT, xrefs: 00B10D11
GETITEMCOUNT, xrefs: 00B10C1E
CHECK, xrefs: 00B10A85, 00B10AA0
GETSELECTED, xrefs: 00B10C4E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 0e269150fd342cf76365a0d2f9f27fca3bfe8d5a49fb774ac847393a8305c68b
Instruction ID: 0d91e5beded7437b4d56776ff64acdfc1b132441ba983bb82e9cfbe63e362c70
Opcode Fuzzy Hash: 0e269150fd342cf76365a0d2f9f27fca3bfe8d5a49fb774ac847393a8305c68b
Instruction Fuzzy Hash: 3BE1AF312283418FCB14EF24C59096AB7E1FF98314F94899DF8969B362DB70ED85CB91

Function 00B0C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
_wcslen.LIBCMT ref: 00B0C9F1
_wcslen.LIBCMT ref: 00B0CA68
_wcslen.LIBCMT ref: 00B0CA9E
_wcslen.LIBCMT ref: 00B0CAF9
_wcslen.LIBCMT ref: 00B0CB2F
_wcslen.LIBCMT ref: 00B0CB7F

Strings

HKCR, xrefs: 00B0CB29, 00B0CB2E
HKU, xrefs: 00B0CBF0
HKEY_CLASSES_ROOT, xrefs: 00B0CAF3, 00B0CAF8
HKLM, xrefs: 00B0CA98, 00B0CA9D
HKEY_USERS, xrefs: 00B0CBDF
HKEY_CURRENT_USER, xrefs: 00B0CBBD
HKEY_LOCAL_MACHINE, xrefs: 00B0CA62, 00B0CA67
HKCC, xrefs: 00B0CBAC
HKCU, xrefs: 00B0CBCE
HKEY_CURRENT_CONFIG, xrefs: 00B0CB79, 00B0CB7E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 782b0024cbd1fc9c6cb47b2810e48cc5fc2768cb721c49f9bdded7a34ec4f72c
Instruction ID: f61031300e11efba1ca26e588e472f23d4fae8c92f01c0ecb75d87bb3eccf6f6
Opcode Fuzzy Hash: 782b0024cbd1fc9c6cb47b2810e48cc5fc2768cb721c49f9bdded7a34ec4f72c
Instruction Fuzzy Hash: 2871E13360016A8BDB20DF6CC9415BB3FD5EBA1750B6507A8F866972D8EB30CE45D3A0

Function 00B1833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B1835A
_wcslen.LIBCMT ref: 00B1836E
_wcslen.LIBCMT ref: 00B18391
_wcslen.LIBCMT ref: 00B183B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B183F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00B1361A,?), ref: 00B1844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B18487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B184CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B18501
FreeLibrary.KERNEL32(?), ref: 00B1850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B1851D
DestroyIcon.USER32(?), ref: 00B1852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B18549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B18555

Strings

.dll, xrefs: 00B183AB
.exe, xrefs: 00B18388
.icl, xrefs: 00B18368

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 6b9e146e384dca60765044d0ad9f27ea82be78c2dbbd3cee56ff4e67cb8e4922
Instruction ID: 29e6ed438dbe608c480323990dcc36ac5822c26489e369eab03f4ee408bde6b4
Opcode Fuzzy Hash: 6b9e146e384dca60765044d0ad9f27ea82be78c2dbbd3cee56ff4e67cb8e4922
Instruction Fuzzy Hash: EB61CF71540205BAEB14DF64DC81BFE7BA8FB18B11F508649F815D71D1DFB4AA90CBA0

Function 00A87778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#pragma compile, xrefs: 00A877D3
#requireadmin, xrefs: 00A877FF
#notrayicon, xrefs: 00A877E7
Cannot parse #include, xrefs: 00AC5279
Bad directive syntax error, xrefs: 00AC519A
', xrefs: 00AC5169
#include-once, xrefs: 00A8782F
#cs, xrefs: 00A87873, 00A878C5
", xrefs: 00AC5153
#ce, xrefs: 00A878ED
Unterminated group of comments, xrefs: 00AC528C
#include, xrefs: 00A87847
#comments-start, xrefs: 00A8785F, 00A878B1
#comments-end, xrefs: 00A878D9
#OnAutoItStartRegister, xrefs: 00A87817

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 994a5d87104a90436c2ca938b36d7817e773d056cbf2ce42806934971e99bf21
Instruction ID: 6b4dcbba685b4aae6d6ef73fdf8841f87a23eeb22aecdf7522661659f3f08898
Opcode Fuzzy Hash: 994a5d87104a90436c2ca938b36d7817e773d056cbf2ce42806934971e99bf21
Instruction Fuzzy Hash: 9C81D071A44605BBDB20BF60CD42FAF7BB8AF15300F154068F805AB1D6EB74EA91C7A1

Function 00AF3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00AF3EF8
_wcslen.LIBCMT ref: 00AF3F03
_wcslen.LIBCMT ref: 00AF3F5A
_wcslen.LIBCMT ref: 00AF3F98
GetDriveTypeW.KERNEL32(?), ref: 00AF3FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF4059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF4087

Strings

type cdaudio alias cd wait, xrefs: 00AF4001
wait, xrefs: 00AF4044
open, xrefs: 00AF3F54, 00AF3F59
close, xrefs: 00AF3EFE, 00AF3F18
close cd wait, xrefs: 00AF4072
open , xrefs: 00AF3FE5
closed, xrefs: 00AF3F08, 00AF3F2D, 00AF3F46, 00AF3F7E, 00AF3F97
set cd door , xrefs: 00AF4028

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 02ce18d7ca4d04462a49f861ade83d91702b28cce1ceab91d1775d75a4684af6
Instruction ID: b9e938064f59cbf9ed921c97bd564fad0dc61479abd496abb8357e2b3859fa43
Opcode Fuzzy Hash: 02ce18d7ca4d04462a49f861ade83d91702b28cce1ceab91d1775d75a4684af6
Instruction Fuzzy Hash: F171CD32A042069FC710EF24C98197BB7F4EF99758F00492DFA9697261EB30DE45CB92

Function 00AE5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00AE5A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00AE5A40
SetWindowTextW.USER32(?,?), ref: 00AE5A57
GetDlgItem.USER32(?,000003EA), ref: 00AE5A6C
SetWindowTextW.USER32(00000000,?), ref: 00AE5A72
GetDlgItem.USER32(?,000003E9), ref: 00AE5A82
SetWindowTextW.USER32(00000000,?), ref: 00AE5A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00AE5AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00AE5AC3
GetWindowRect.USER32(?,?), ref: 00AE5ACC
_wcslen.LIBCMT ref: 00AE5B33
SetWindowTextW.USER32(?,?), ref: 00AE5B6F
GetDesktopWindow.USER32 ref: 00AE5B75
GetWindowRect.USER32(00000000), ref: 00AE5B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00AE5BD3
GetClientRect.USER32(?,?), ref: 00AE5BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00AE5C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00AE5C2F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: d69c05e5c3708ba00e86ebb76acd45ac9aa233596fd33451fd400d0ab00a630e
Instruction ID: c3ed702d0f3d9a3039073a7642d0487925b6fb6e64666b79552a15f56a423bcf
Opcode Fuzzy Hash: d69c05e5c3708ba00e86ebb76acd45ac9aa233596fd33451fd400d0ab00a630e
Instruction Fuzzy Hash: 4A715D31900B49AFDB20DFB9DE85AAEBBF5FF48708F104518E542A35A0DB75E944CB50

Function 00AFFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00AFFE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00AFFE32
LoadCursorW.USER32(00000000,00007F00), ref: 00AFFE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00AFFE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00AFFE53
LoadCursorW.USER32(00000000,00007F01), ref: 00AFFE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00AFFE69
LoadCursorW.USER32(00000000,00007F88), ref: 00AFFE74
LoadCursorW.USER32(00000000,00007F80), ref: 00AFFE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00AFFE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00AFFE95
LoadCursorW.USER32(00000000,00007F85), ref: 00AFFEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00AFFEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00AFFEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00AFFEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00AFFECC
GetCursorInfo.USER32(?), ref: 00AFFEDC
GetLastError.KERNEL32 ref: 00AFFF1E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 6d15f25c2c41ccaee6fb90310c070c3be2ec058f426e0eb6fef4479af3602b17
Instruction ID: 4379941068ccfc1d76dfbb101ac3fab2477320f40f762b4872c3d35bfed16523
Opcode Fuzzy Hash: 6d15f25c2c41ccaee6fb90310c070c3be2ec058f426e0eb6fef4479af3602b17
Instruction Fuzzy Hash: 914144B0D443196EDB109FBA8C8586EBFE8FF04754B50852AF11DE7291DB789901CF91

Function 00AA00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00AA00C6

Part of subcall function 00AA00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00B5070C,00000FA0,39DD5126,?,?,?,?,00AC23B3,000000FF), ref: 00AA011C
Part of subcall function 00AA00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00AC23B3,000000FF), ref: 00AA0127
Part of subcall function 00AA00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00AC23B3,000000FF), ref: 00AA0138
Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00AA014E
Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00AA015C
Part of subcall function 00AA00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00AA016A
Part of subcall function 00AA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00AA0195
Part of subcall function 00AA00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00AA01A0

___scrt_fastfail.LIBCMT ref: 00AA00E7

Part of subcall function 00AA00A3: __onexit.LIBCMT ref: 00AA00A9

Strings

WakeAllConditionVariable, xrefs: 00AA0162
SleepConditionVariableCS, xrefs: 00AA0154
InitializeConditionVariable, xrefs: 00AA0148
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00AA0122
kernel32.dll, xrefs: 00AA0133

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 6884776bada938eb51a3e19e87eb8e0559789972622ec0947303c8f16696194c
Instruction ID: 79abcac19d06b2f2bd67a667436abab71b1a80dc5d3b22565183389b89791149
Opcode Fuzzy Hash: 6884776bada938eb51a3e19e87eb8e0559789972622ec0947303c8f16696194c
Instruction Fuzzy Hash: 4C21A7326847116FDB116B64BD46FF937E4EB46F51F404679F805E72E1DF649C008A90

Function 00AE30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00AE318D
_wcslen.LIBCMT ref: 00AE31F8

Strings

TEXT, xrefs: 00AE347C
REGEXPCLASS, xrefs: 00AE3255, 00AE3266
CLASSNN, xrefs: 00AE31F3, 00AE3204
CLASS, xrefs: 00AE3188, 00AE31A5
INSTANCE, xrefs: 00AE3453
NAME, xrefs: 00AE3335, 00AE3346

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 61275be9a411a77fd9613d5249f347637e12c4f570e7d71930248f212677f045
Instruction ID: 9794f90fa1bfc526857457daad236012ad3f2e5269384052b9b78c111a3146de
Opcode Fuzzy Hash: 61275be9a411a77fd9613d5249f347637e12c4f570e7d71930248f212677f045
Instruction Fuzzy Hash: 54E10533A00556AFCF249F69C859BEEFBB0BF54710F548169E456E7280DB30AF8587A0

Function 00AF44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00B1CC08), ref: 00AF4527
_wcslen.LIBCMT ref: 00AF453B
_wcslen.LIBCMT ref: 00AF4599
_wcslen.LIBCMT ref: 00AF45F4
_wcslen.LIBCMT ref: 00AF463F
_wcslen.LIBCMT ref: 00AF46A7

Part of subcall function 00A9F9F2: _wcslen.LIBCMT ref: 00A9F9FD

GetDriveTypeW.KERNEL32(?,00B46BF0,00000061), ref: 00AF4743

Strings

removable, xrefs: 00AF45EA, 00AF45EF
all, xrefs: 00AF4531, 00AF4536
ramdisk, xrefs: 00AF46F1
network, xrefs: 00AF469D, 00AF46A2
cdrom, xrefs: 00AF458F, 00AF4594
fixed, xrefs: 00AF4635, 00AF463A
unknown, xrefs: 00AF4708

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 8ad8f9f54649984c3a2c5bb941911e29afa4b885b835880e59663612ce0a70df
Instruction ID: e85c7a5e8ea5f341bb405b944d3311624819cbcfa615270e006d7eac04896af9
Opcode Fuzzy Hash: 8ad8f9f54649984c3a2c5bb941911e29afa4b885b835880e59663612ce0a70df
Instruction Fuzzy Hash: 3AB1FE316083069FC710EF68C990A7BB7E5AFAA760F50491DF696C7291E730DD44CBA2

Function 00B03FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00B1CC08), ref: 00B040BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00B040CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00B1CC08), ref: 00B040F2
FreeLibrary.KERNEL32(00000000,?,00B1CC08), ref: 00B0413E
StringFromGUID2.OLE32(?,?,00000028,?,00B1CC08), ref: 00B041A8
SysFreeString.OLEAUT32(00000009), ref: 00B04262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00B042C8
SysFreeString.OLEAUT32(?), ref: 00B042F2

Strings

kernel32.dll, xrefs: 00B040B6
GetModuleHandleExW, xrefs: 00B040C7

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 7a8d7e57bb5623e0e961b0b216ba36c5e6dac8c81ccff3b9de9a41804da7831f
Instruction ID: fb81b6a5fcaf284728b403996695fa8a86214e13bd36bcdc3467b0bab8009544
Opcode Fuzzy Hash: 7a8d7e57bb5623e0e961b0b216ba36c5e6dac8c81ccff3b9de9a41804da7831f
Instruction Fuzzy Hash: C5122DB5A00115EFDB14DF54C984EAEBBF5FF45314F248098EA05AB2A1DB31ED46CBA0

Function 00A8326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00B51990), ref: 00AC2F8D
GetMenuItemCount.USER32(00B51990), ref: 00AC303D
GetCursorPos.USER32(?), ref: 00AC3081
SetForegroundWindow.USER32(00000000), ref: 00AC308A
TrackPopupMenuEx.USER32(00B51990,00000000,?,00000000,00000000,00000000), ref: 00AC309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00AC30A9

Strings

0, xrefs: 00A8327D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: ac935da290b6de1fed706a5ef7077354ea4b09d1a5494100668a30690bce8cd0
Instruction ID: 141ab43e7b33296edc4bf19085d2cfeadc82b5a4b7ffdae74730998697256630
Opcode Fuzzy Hash: ac935da290b6de1fed706a5ef7077354ea4b09d1a5494100668a30690bce8cd0
Instruction Fuzzy Hash: 3F71F771644209BEEF259F28CC49FEABF75FF15764F20421AF5146A1E0CBB1A920DB90

Function 00B16CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00B16DEB

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B16E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B16E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B16E94
DestroyWindow.USER32(?), ref: 00B16EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A80000,00000000), ref: 00B16EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B16EFD
GetDesktopWindow.USER32 ref: 00B16F16
GetWindowRect.USER32(00000000), ref: 00B16F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B16F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B16F4D

Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952

Strings

tooltips_class32, xrefs: 00B16E58, 00B16EDD
0, xrefs: 00B16D98

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: bff4677d6128856f33ceadcbb249768a8d25dc0b9397a33c7d501c057eaaebbb
Instruction ID: 15053bc37e102afaae2ffa40bd2ce864a492e125f5c70df000bfdff56dd02c52
Opcode Fuzzy Hash: bff4677d6128856f33ceadcbb249768a8d25dc0b9397a33c7d501c057eaaebbb
Instruction Fuzzy Hash: 5B716675244340AFDB21CF18DC48BAABBE9FB89304F84499DF99987261CB70A946CB11

Function 00B1911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

DragQueryPoint.SHELL32(?,?), ref: 00B19147

Part of subcall function 00B17674: ClientToScreen.USER32(?,?), ref: 00B1769A
Part of subcall function 00B17674: GetWindowRect.USER32(?,?), ref: 00B17710
Part of subcall function 00B17674: PtInRect.USER32(?,?,00B18B89), ref: 00B17720

SendMessageW.USER32(?,000000B0,?,?), ref: 00B191B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B191BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B191DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B19225
SendMessageW.USER32(?,000000B0,?,?), ref: 00B1923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00B19255
SendMessageW.USER32(?,000000B1,?,?), ref: 00B19277
DragFinish.SHELL32(?), ref: 00B1927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00B19371

Strings

@GUI_DRAGFILE, xrefs: 00B19320
@GUI_DRAGID, xrefs: 00B192E9
@GUI_DROPID, xrefs: 00B1929E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: b4e52cc1c8e08cdb63b7bb87072aa73438e9f2df8da808fc15e02ca4e880e331
Instruction ID: 282fa3b120a7d97c5ad1f7affd4a96ef959be645a79398ba93f88f72a59f9c46
Opcode Fuzzy Hash: b4e52cc1c8e08cdb63b7bb87072aa73438e9f2df8da808fc15e02ca4e880e331
Instruction Fuzzy Hash: 59618B71108301AFD701EF64DD85EAFBBE8EF88750F40496EF595931A0DB309A49CB92

Function 00AFC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AFC4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00AFC4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00AFC4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00AFC4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00AFC533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00AFC549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AFC554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AFC584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00AFC5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00AFC5F0
InternetCloseHandle.WININET(00000000), ref: 00AFC5FB

Strings

, xrefs: 00AFC575

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: a0407e5ea6e6f641900205757226428c3e1f7864f9f8bf4f88b97e7959b91733
Instruction ID: 32d8e2ccb387509c6ea1c6f12623558ce3e441e1341021c3a9b53b25391a98bc
Opcode Fuzzy Hash: a0407e5ea6e6f641900205757226428c3e1f7864f9f8bf4f88b97e7959b91733
Instruction Fuzzy Hash: 5C513CB158020DBFDB218FA1CA48ABB7BBCFB08764F008419FA46D7250DB74E944DB60

Function 00B1856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00B18592
GetFileSize.KERNEL32(00000000,00000000), ref: 00B185A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 00B185AD
CloseHandle.KERNEL32(00000000), ref: 00B185BA
GlobalLock.KERNEL32(00000000), ref: 00B185C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00B185D7
GlobalUnlock.KERNEL32(00000000), ref: 00B185E0
CloseHandle.KERNEL32(00000000), ref: 00B185E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00B185F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,00B1FC38,?), ref: 00B18611
GlobalFree.KERNEL32(00000000), ref: 00B18621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00B18641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00B18671
DeleteObject.GDI32(00000000), ref: 00B18699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B186AF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 7c2353177f3917d8b73fd33b5dee5abba946b4936fee608287be541991d9d964
Instruction ID: e8e8b301c7cf7dfe1f11ea4fc56579c18c52a40627c5a79cea4f842f99ab6e7b
Opcode Fuzzy Hash: 7c2353177f3917d8b73fd33b5dee5abba946b4936fee608287be541991d9d964
Instruction Fuzzy Hash: 55411875640208BFDB119FA5DC88EEA7BBDFF89B11F508068F905E7260DB309A41CB60

Function 00AF14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00AF1502
VariantCopy.OLEAUT32(?,?), ref: 00AF150B
VariantClear.OLEAUT32(?), ref: 00AF1517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00AF15FB
VarR8FromDec.OLEAUT32(?,?), ref: 00AF1657
VariantInit.OLEAUT32(?), ref: 00AF1708
SysFreeString.OLEAUT32(?), ref: 00AF178C
VariantClear.OLEAUT32(?), ref: 00AF17D8
VariantClear.OLEAUT32(?), ref: 00AF17E7
VariantInit.OLEAUT32(00000000), ref: 00AF1823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00AF1625
Default, xrefs: 00AF16AF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 2289a317dd05e3b5218c6ca2496fb912d2554d1162f29cbf0a26e51125d2ff5c
Instruction ID: 3d52d88536be9c308f109e6d7ad932be72ebf7691cd2a864c8f877043a5805d5
Opcode Fuzzy Hash: 2289a317dd05e3b5218c6ca2496fb912d2554d1162f29cbf0a26e51125d2ff5c
Instruction Fuzzy Hash: 8DD1E071A04219EFDF04AFA5D985BB9B7F6BF44700F148056FA06AB280DB30EC41DBA1

Function 00B0B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0B772
RegDeleteValueW.ADVAPI32(?,?), ref: 00B0B80A
RegCloseKey.ADVAPI32(?), ref: 00B0B87E
RegCloseKey.ADVAPI32(?), ref: 00B0B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00B0B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B0B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00B0B922
FreeLibrary.KERNEL32(00000000), ref: 00B0B983
RegCloseKey.ADVAPI32(00000000), ref: 00B0B994

Strings

RegDeleteKeyExW, xrefs: 00B0B8FE
advapi32.dll, xrefs: 00B0B8ED

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: a01bba633c413f8fa09bf4ffebf3e457e89959b5b95f3eb74e65b1312e5a7dbb
Instruction ID: eb970285cfd0070d7bc615b0f1b4babc2c9b4a4f92c3101b2656d8dd2cae8f7f
Opcode Fuzzy Hash: a01bba633c413f8fa09bf4ffebf3e457e89959b5b95f3eb74e65b1312e5a7dbb
Instruction Fuzzy Hash: DBC16B35208201AFD714DF24C495F2ABBE5FF84318F54859CF5AA8B2A2CB71ED45CB92

Function 00B0255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00B025D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B025E8
CreateCompatibleDC.GDI32(?), ref: 00B025F4
SelectObject.GDI32(00000000,?), ref: 00B02601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00B0266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00B026AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00B026D0
SelectObject.GDI32(?,?), ref: 00B026D8
DeleteObject.GDI32(?), ref: 00B026E1
DeleteDC.GDI32(?), ref: 00B026E8
ReleaseDC.USER32(00000000,?), ref: 00B026F3

Strings

(, xrefs: 00B0268D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 236407f7137f73bc2155349f66cc7ed37cfcb6429bd173db9a5cd83d5d40a61d
Instruction ID: 0fbfd9a91acc403864170d9ab1136931f79c3800fae381c80a3a6a91c98ce381
Opcode Fuzzy Hash: 236407f7137f73bc2155349f66cc7ed37cfcb6429bd173db9a5cd83d5d40a61d
Instruction Fuzzy Hash: DC61E275D00219EFCF04CFA4D888AAEBBF6FF48310F208569E955A7250D771A951CF50

Function 00ABDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00ABDAA1

Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD659
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD66B
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD67D
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD68F
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6A1
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6B3
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6C5
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6D7
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6E9
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD6FB
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD70D
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD71F
Part of subcall function 00ABD63C: _free.LIBCMT ref: 00ABD731

_free.LIBCMT ref: 00ABDA96

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00ABDAB8
_free.LIBCMT ref: 00ABDACD
_free.LIBCMT ref: 00ABDAD8
_free.LIBCMT ref: 00ABDAFA
_free.LIBCMT ref: 00ABDB0D
_free.LIBCMT ref: 00ABDB1B
_free.LIBCMT ref: 00ABDB26
_free.LIBCMT ref: 00ABDB5E
_free.LIBCMT ref: 00ABDB65
_free.LIBCMT ref: 00ABDB82
_free.LIBCMT ref: 00ABDB9A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 921339c503ddfbf06274601934e45e211732a45472e6d7c2e25a0c1875aeec6c
Instruction ID: a27b927b7bf38ecaf30e75b4e6ccfa324c2f3442af1d7ecd18af0515840fe100
Opcode Fuzzy Hash: 921339c503ddfbf06274601934e45e211732a45472e6d7c2e25a0c1875aeec6c
Instruction Fuzzy Hash: B2313D31604705AFEB21AB39E945BD6BBEDFF40350F15481AE449D7193EF31AC508724

Function 00AE365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00AE369C
_wcslen.LIBCMT ref: 00AE36A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00AE3797
GetClassNameW.USER32(?,?,00000400), ref: 00AE380C
GetDlgCtrlID.USER32(?), ref: 00AE385D
GetWindowRect.USER32(?,?), ref: 00AE3882
GetParent.USER32(?), ref: 00AE38A0
ScreenToClient.USER32(00000000), ref: 00AE38A7
GetClassNameW.USER32(?,?,00000100), ref: 00AE3921
GetWindowTextW.USER32(?,?,00000400), ref: 00AE395D

Strings

%s%u, xrefs: 00AE3734

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 057434578bd9d82e7b8a133ea4e325e6ca5d83dfe7d09136a24d728e64a78c14
Instruction ID: 63e2b7191d9d8533b311f9673281e67d00b9e9b58812e686b138734a99f3eaaa
Opcode Fuzzy Hash: 057434578bd9d82e7b8a133ea4e325e6ca5d83dfe7d09136a24d728e64a78c14
Instruction Fuzzy Hash: 5E91C272204746AFDB18DF26C899BEAF7A8FF44350F408529F999C3191DB30EA45CB91

Function 00AE4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00AE4994
GetWindowTextW.USER32(?,?,00000400), ref: 00AE49DA
_wcslen.LIBCMT ref: 00AE49EB
CharUpperBuffW.USER32(?,00000000), ref: 00AE49F7
_wcsstr.LIBVCRUNTIME ref: 00AE4A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00AE4A64
GetWindowTextW.USER32(?,?,00000400), ref: 00AE4A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00AE4AE6
GetClassNameW.USER32(?,?,00000400), ref: 00AE4B20
GetWindowRect.USER32(?,?), ref: 00AE4B8B

Strings

ThumbnailClass, xrefs: 00AE4A6F, 00AE4AF1

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: f8b039579f48b3bb5dbd5ad9de2bbc58c390a474aab42322bb5bec2a70f33956
Instruction ID: 836d595a7298707f0787da297bd7394e536067b999f1faa824377cd77c6df523
Opcode Fuzzy Hash: f8b039579f48b3bb5dbd5ad9de2bbc58c390a474aab42322bb5bec2a70f33956
Instruction Fuzzy Hash: 7D9189710083459BDB04DF16C985BAABBECEF88354F048469FD859B096EB34ED45CBA1

Function 00AEBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00B51990,000000FF,00000000,00000030), ref: 00AEBFAC
SetMenuItemInfoW.USER32(00B51990,00000004,00000000,00000030), ref: 00AEBFE1
Sleep.KERNEL32(000001F4), ref: 00AEBFF3
GetMenuItemCount.USER32(?), ref: 00AEC039
GetMenuItemID.USER32(?,00000000), ref: 00AEC056
GetMenuItemID.USER32(?,-00000001), ref: 00AEC082
GetMenuItemID.USER32(?,?), ref: 00AEC0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AEC10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEC124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEC145

Strings

0, xrefs: 00AEBF3D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: af2969a33b6778d1fbea258bd99da276681987fe3375fef9269661ef913b4893
Instruction ID: 8964c2a327ef33e035c18ef26cf4b23a2fd4bf1ed58985e5a3c162babb2ca9d2
Opcode Fuzzy Hash: af2969a33b6778d1fbea258bd99da276681987fe3375fef9269661ef913b4893
Instruction Fuzzy Hash: 81617EB090038AAFDF11DF69DD88AEEBBB9FB05364F144155E811A3291CB35AD16CB60

Function 00B0CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00B0CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B0CD48

Part of subcall function 00B0CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00B0CCAA
Part of subcall function 00B0CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00B0CCBD
Part of subcall function 00B0CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B0CCCF
Part of subcall function 00B0CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B0CD05
Part of subcall function 00B0CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B0CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00B0CCF3

Strings

RegDeleteKeyExW, xrefs: 00B0CCC9
advapi32.dll, xrefs: 00B0CCB8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 104dc5312c8d306c7e3e098ac1548dc6eda5c95152802d61b22059e0ccc00317
Instruction ID: a7e8c179af5b439886ac730822fc4b99ca753cf31743a045cad9469501a751b7
Opcode Fuzzy Hash: 104dc5312c8d306c7e3e098ac1548dc6eda5c95152802d61b22059e0ccc00317
Instruction Fuzzy Hash: D3316F71941129BBDB208B55DC88EFFBFBCEF45750F0042A5B906E3290DB349E45DAA0

Function 00AF3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AF3D40
_wcslen.LIBCMT ref: 00AF3D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00AF3D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00AF3DBE
RemoveDirectoryW.KERNEL32(?), ref: 00AF3DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00AF3E55
CloseHandle.KERNEL32(00000000), ref: 00AF3E60
CloseHandle.KERNEL32(00000000), ref: 00AF3E6B

Strings

:, xrefs: 00AF3D82
\, xrefs: 00AF3D77
\??\%s, xrefs: 00AF3D5B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: 4e77cd73d9adda5151e09837c3021deadcef54c16a8a2ed00c6aa8c31606b16a
Instruction ID: b31eb17e465dd42d4c7673d36a3f677f90a6f4b6bd3cf10679bf8f016a6d6d31
Opcode Fuzzy Hash: 4e77cd73d9adda5151e09837c3021deadcef54c16a8a2ed00c6aa8c31606b16a
Instruction Fuzzy Hash: FF31AF72A40219ABDF209FA0DC49FEF3BBDEF89740F5040A5F619D60A0EB7097448B64

Function 00AEE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00AEE6B4

Part of subcall function 00A9E551: timeGetTime.WINMM(?,?,00AEE6D4), ref: 00A9E555

Sleep.KERNEL32(0000000A), ref: 00AEE6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00AEE705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00AEE727
SetActiveWindow.USER32 ref: 00AEE746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00AEE754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00AEE773
Sleep.KERNEL32(000000FA), ref: 00AEE77E
IsWindow.USER32 ref: 00AEE78A
EndDialog.USER32(00000000), ref: 00AEE79B

Strings

BUTTON, xrefs: 00AEE719

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: a8c2da6f69e5c4a3beb534702e38b18a351c038a3ced3b04c6075bfbce06b17b
Instruction ID: ae5340bb6df2585cb144b28cf8cc2d8a4c4c8dc76ec559b30660d53d09822db9
Opcode Fuzzy Hash: a8c2da6f69e5c4a3beb534702e38b18a351c038a3ced3b04c6075bfbce06b17b
Instruction Fuzzy Hash: EE21A2B0280385BFEB009F22EC89B663F6AF75634AF504865F505831B1DF71AC108B25

Function 00AEE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00AEEA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00AEEA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AEEA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00AEEA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00AEEAA7

Strings

status PlayMe mode, xrefs: 00AEEA58
open , xrefs: 00AEEA0C
alias PlayMe, xrefs: 00AEEA36
close PlayMe, xrefs: 00AEEA6E, 00AEEA9B
play PlayMe, xrefs: 00AEEAA2
play PlayMe wait, xrefs: 00AEEA91

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: 44335ba0be477467f3710686075d7c42d00257e5b97dcff0a4b3deb97ddeddee
Instruction ID: 3de6210b5fb33fc1265e32b630ad58da9c072252730ceb795986b46b8f332a99
Opcode Fuzzy Hash: 44335ba0be477467f3710686075d7c42d00257e5b97dcff0a4b3deb97ddeddee
Instruction Fuzzy Hash: E1115131A9026979D720F7A2DD4ADFF6BBCEBD6B40F400469B401A20E1EEB00A05D6B1

Function 00AE9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00AEA012
SetKeyboardState.USER32(?), ref: 00AEA07D
GetAsyncKeyState.USER32(000000A0), ref: 00AEA09D
GetKeyState.USER32(000000A0), ref: 00AEA0B4
GetAsyncKeyState.USER32(000000A1), ref: 00AEA0E3
GetKeyState.USER32(000000A1), ref: 00AEA0F4
GetAsyncKeyState.USER32(00000011), ref: 00AEA120
GetKeyState.USER32(00000011), ref: 00AEA12E
GetAsyncKeyState.USER32(00000012), ref: 00AEA157
GetKeyState.USER32(00000012), ref: 00AEA165
GetAsyncKeyState.USER32(0000005B), ref: 00AEA18E
GetKeyState.USER32(0000005B), ref: 00AEA19C

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: c2f07bed68065f22c28ad7a80d19eaae8ef4ac142486f6db4fa7d149eca17cf3
Instruction ID: 36b76ebbc7507b0692e40402b3345dbc0ef93cc17ed1c51697c62cbbfb36e3a8
Opcode Fuzzy Hash: c2f07bed68065f22c28ad7a80d19eaae8ef4ac142486f6db4fa7d149eca17cf3
Instruction Fuzzy Hash: 6351BA30A047C829FB35EB6289157EBBFB59F22380F088599D5C2571C2DA54BA4CC766

Function 00AE5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00AE5CE2
GetWindowRect.USER32(00000000,?), ref: 00AE5CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00AE5D59
GetDlgItem.USER32(?,00000002), ref: 00AE5D69
GetWindowRect.USER32(00000000,?), ref: 00AE5D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00AE5DCF
GetDlgItem.USER32(?,000003E9), ref: 00AE5DDD
GetWindowRect.USER32(00000000,?), ref: 00AE5DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00AE5E31
GetDlgItem.USER32(?,000003EA), ref: 00AE5E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00AE5E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00AE5E67

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 47d5e379aea0d8ab258e806fb954a6188a8d6659fc40954be13ad667f80f4970
Instruction ID: b9787a5aa7cbd3f319b3f9461d5f8fc919d04765253f8ced120d8b164c7547d0
Opcode Fuzzy Hash: 47d5e379aea0d8ab258e806fb954a6188a8d6659fc40954be13ad667f80f4970
Instruction Fuzzy Hash: CB510BB1E40609AFDF18CF69DD89AAEBBB5EB48314F548129F915E7290DB709E00CB50

Function 00A98BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00A98F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A98BE8,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98FC5

DestroyWindow.USER32(?), ref: 00A98C81
KillTimer.USER32(00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00A98D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00AD6973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00AD69A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000,?), ref: 00AD69B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A98BBA,00000000), ref: 00AD69D4
DeleteObject.GDI32(00000000), ref: 00AD69E6

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: f5d99702383586dc0b2d38cf412655252e0d1eface4a0d8f24f4f8e370c0e7f1
Instruction ID: 6c60d689c445ade85e7134414f39a42944cb0a1b1f540366b48f7682c044a54b
Opcode Fuzzy Hash: f5d99702383586dc0b2d38cf412655252e0d1eface4a0d8f24f4f8e370c0e7f1
Instruction Fuzzy Hash: 8D619A30602700DFDF219F18CA58B697BF1FB46312F548959E0829B6A0CB79AD81CF90

Function 00A99838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00A99944: GetWindowLongW.USER32(?,000000EB), ref: 00A99952

GetSysColor.USER32(0000000F), ref: 00A99862

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 101e05584f6b205a4c3ad175a04856a0d889b6aeaeb54599c760456482cc6164
Instruction ID: 539ddf47f6e2c974e04df7e6327e66dbfc7c64883ce9805506ca2e5259be129c
Opcode Fuzzy Hash: 101e05584f6b205a4c3ad175a04856a0d889b6aeaeb54599c760456482cc6164
Instruction Fuzzy Hash: 3841A131244640BFDF205F3C9C88BBA3BA5AB06331F54861DF9A2972E1EB319C42DB11

Function 00AE96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00ACF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00AE9717
LoadStringW.USER32(00000000,?,00ACF7F8,00000001), ref: 00AE9720

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00ACF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00AE9742
LoadStringW.USER32(00000000,?,00ACF7F8,00000001), ref: 00AE9745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00AE9866

Strings

Line %d (File "%s"):, xrefs: 00AE978F
Line %d:, xrefs: 00AE97A0
Error: , xrefs: 00AE981D
%s (%d) : ==> %s: %s %s, xrefs: 00AE984A
^ ERROR, xrefs: 00AE97FB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 902412c40225de4f6ee1dedda4c6050ebe8e316be5edf67290bdc9f967518346
Instruction ID: c7b6dea2fd2338b1b61f43260b7bd6d4015ab5e09d1a22b80faa0b87c131cb28
Opcode Fuzzy Hash: 902412c40225de4f6ee1dedda4c6050ebe8e316be5edf67290bdc9f967518346
Instruction Fuzzy Hash: 8B413972900209AADF04FBE1CE86EEFB778EF15740F540065F605760A2EB256F49CBA1

Function 00AE06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00AE07A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00AE07BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00AE07DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00AE0804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00AE082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AE0837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AE083C

Strings

SOFTWARE\Classes\, xrefs: 00AE070E
\CLSID, xrefs: 00AE0724
\IPC$, xrefs: 00AE0784

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: c37257b2ad16f5fce27d5824d843287fbd3a9e003b08f160003282fcda22bb69
Instruction ID: 3eb0a83ea9400bda350efba4d293edcc320c589497ce2b3a82468510c888287b
Opcode Fuzzy Hash: c37257b2ad16f5fce27d5824d843287fbd3a9e003b08f160003282fcda22bb69
Instruction Fuzzy Hash: D8413672C10229ABDF21EFA4DC85DEEB7B8FF14340F444129E901A71A1EB709E44CBA0

Function 00B13F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00B1403B
CreateCompatibleDC.GDI32(00000000), ref: 00B14042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00B14055
SelectObject.GDI32(00000000,00000000), ref: 00B1405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00B14068
DeleteDC.GDI32(00000000), ref: 00B14072
GetWindowLongW.USER32(?,000000EC), ref: 00B1407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00B14092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00B1409E

Strings

static, xrefs: 00B13FD3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 7992d29e18439bc08681610df50d7fd32c46211edf13494552cb53d3c285f175
Instruction ID: d833afd53b70fa8674016b2fe2162acc53c83ab21a6eb48fae0a17409fdfb599
Opcode Fuzzy Hash: 7992d29e18439bc08681610df50d7fd32c46211edf13494552cb53d3c285f175
Instruction Fuzzy Hash: 41317A32540219BBDF219FA4CC09FDA3FA9FF0D720F514250FA18A60A0CB75D860DB50

Function 00B03C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B03C5C
CoInitialize.OLE32(00000000), ref: 00B03C8A
CoUninitialize.OLE32 ref: 00B03C94
_wcslen.LIBCMT ref: 00B03D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00B03DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00B03ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00B03F0E
CoGetObject.OLE32(?,00000000,00B1FB98,?), ref: 00B03F2D
SetErrorMode.KERNEL32(00000000), ref: 00B03F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B03FC4
VariantClear.OLEAUT32(?), ref: 00B03FD8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 0e8e7a36c8a90c11b85345ea7fe026d581accc1de5e3e71c1f1e8b7b2d461b58
Instruction ID: 6a4f36ba264e1f9c9be5fad0d5758878501e333d280804aac711621c67f7a423
Opcode Fuzzy Hash: 0e8e7a36c8a90c11b85345ea7fe026d581accc1de5e3e71c1f1e8b7b2d461b58
Instruction Fuzzy Hash: B2C158716083019FD700DF68C98896BBBE9FF89B44F14499DF98A9B290DB31ED05CB52

Function 00AF7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00AF7AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00AF7B8F
SHGetDesktopFolder.SHELL32(?), ref: 00AF7BA3
CoCreateInstance.OLE32(00B1FD08,00000000,00000001,00B46E6C,?), ref: 00AF7BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00AF7C74
CoTaskMemFree.OLE32(?,?), ref: 00AF7CCC
SHBrowseForFolderW.SHELL32(?), ref: 00AF7D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00AF7D7A
CoTaskMemFree.OLE32(00000000), ref: 00AF7D81
CoTaskMemFree.OLE32(00000000), ref: 00AF7DD6
CoUninitialize.OLE32 ref: 00AF7DDC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: aa387e7a807b47f1da173c1d34bc58d4a0c79a7515f85171c768b7a14ff33fb8
Instruction ID: 2d1002ffbb8d72a92cb3f8b6c57bfb1cfafa060b6261ff331a64f90359242507
Opcode Fuzzy Hash: aa387e7a807b47f1da173c1d34bc58d4a0c79a7515f85171c768b7a14ff33fb8
Instruction Fuzzy Hash: 13C11975A04109AFCB14DFA4C884DAEBBF9FF49304B148499F91A9B361DB30EE45CB90

Function 00B1541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00B15504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B15515
CharNextW.USER32(00000158), ref: 00B15544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00B15585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00B1559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B155AC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 6f712d179ee1abbb77e4474f2ee6a2326de9cebd4f196f2f0f3ec02da869527b
Instruction ID: da4fb2cf9f83562637600dad741cbe5de6e2624434fb342e5726de11f71b1358
Opcode Fuzzy Hash: 6f712d179ee1abbb77e4474f2ee6a2326de9cebd4f196f2f0f3ec02da869527b
Instruction Fuzzy Hash: F8619170900608EFDF209F54CC85AFE7BF9EB89761F908185F525AB294D7709AC0DB61

Function 00ADFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00ADFAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00ADFB08
VariantInit.OLEAUT32(?), ref: 00ADFB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00ADFB3A
VariantCopy.OLEAUT32(?,?), ref: 00ADFB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00ADFBA1
VariantClear.OLEAUT32(?), ref: 00ADFBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00ADFBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00ADFBCC
VariantClear.OLEAUT32(?), ref: 00ADFBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00ADFBE9

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 8aa1c35b41f1135fb6433f372d5fbca1d2acb6b1b32033bdbe6e60eff54fd41b
Instruction ID: 8d95a49ff1063c929d5641cdb6cdfee287d59a64fa78c88bf2d4d549f308acd6
Opcode Fuzzy Hash: 8aa1c35b41f1135fb6433f372d5fbca1d2acb6b1b32033bdbe6e60eff54fd41b
Instruction Fuzzy Hash: A3414135A042199FDB00DFA8D8549EEBFB9EF48354F50806AE947A7361DB30A945CFA0

Function 00AE9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00AE9CA1
GetAsyncKeyState.USER32(000000A0), ref: 00AE9D22
GetKeyState.USER32(000000A0), ref: 00AE9D3D
GetAsyncKeyState.USER32(000000A1), ref: 00AE9D57
GetKeyState.USER32(000000A1), ref: 00AE9D6C
GetAsyncKeyState.USER32(00000011), ref: 00AE9D84
GetKeyState.USER32(00000011), ref: 00AE9D96
GetAsyncKeyState.USER32(00000012), ref: 00AE9DAE
GetKeyState.USER32(00000012), ref: 00AE9DC0
GetAsyncKeyState.USER32(0000005B), ref: 00AE9DD8
GetKeyState.USER32(0000005B), ref: 00AE9DEA

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 5e742045dd96577b84df19f1196685d5c7a05340071868b9ef249b99f8440573
Instruction ID: 9987e9ac32632df8c290c9ab8fcac1c0f25c81a407ab97b18b03bbf02c41affc
Opcode Fuzzy Hash: 5e742045dd96577b84df19f1196685d5c7a05340071868b9ef249b99f8440573
Instruction Fuzzy Hash: FB41F7345047DA6DFF30976288443F7BEE16F21344F48805ADAC6575C2EBA4A9C8C7A2

Function 00B0055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00B005BC
inet_addr.WSOCK32(?), ref: 00B0061C
gethostbyname.WSOCK32(?), ref: 00B00628
IcmpCreateFile.IPHLPAPI ref: 00B00636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B006C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B006E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00B007B9
WSACleanup.WSOCK32 ref: 00B007BF

Strings

Ping, xrefs: 00B00676

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: cef7a40cd78dff839ddd8c0c8a95255fbf51371969f271366b9824d05c12b763
Instruction ID: 2a299c2353ae6b5b01f84c9f5b8eef6348d41af5dbb1fee34eafe5e847eb4c1f
Opcode Fuzzy Hash: cef7a40cd78dff839ddd8c0c8a95255fbf51371969f271366b9824d05c12b763
Instruction Fuzzy Hash: DB91A0356182019FD720EF15C988F1ABFE0EF45318F1485A9F46A9B6A2CB34ED45CF91

Function 00B08CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00B08CF3

Part of subcall function 00AE8E54: _wcslen.LIBCMT ref: 00AE8E77

_wcslen.LIBCMT ref: 00B08D4E
_wcslen.LIBCMT ref: 00B08D9C
_wcslen.LIBCMT ref: 00B08DDC
_wcslen.LIBCMT ref: 00B08E6E

Strings

cdecl, xrefs: 00B08D48, 00B08D4D
winapi, xrefs: 00B08D96, 00B08D9B
stdcall, xrefs: 00B08DD6, 00B08DDB
none, xrefs: 00B08E65, 00B08E6A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: bf6b9ee75be8aa36bed365100ec6fa7cbfa9bbd63af8f9f39ddcdd7ffb73c4dd
Instruction ID: ee20b571c686cdb141eca6c226e26c7d3dbf46cb454085f4f37c3da10f453971
Opcode Fuzzy Hash: bf6b9ee75be8aa36bed365100ec6fa7cbfa9bbd63af8f9f39ddcdd7ffb73c4dd
Instruction Fuzzy Hash: FF519131A005169BCF14DF68C9808BEBBE6FF65720B2542A9E4A6E72C4DF30DE40C790

Function 00B0372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00B03774
CoUninitialize.OLE32 ref: 00B0377F
CoCreateInstance.OLE32(?,00000000,00000017,00B1FB78,?), ref: 00B037D9
IIDFromString.OLE32(?,?), ref: 00B0384C
VariantInit.OLEAUT32(?), ref: 00B038E4
VariantClear.OLEAUT32(?), ref: 00B03936

Strings

Failed to create object, xrefs: 00B037E4, 00B0389A
Invalid parameter, xrefs: 00B03865
NULL Pointer assignment, xrefs: 00B0381E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 17b67178a7c4cacbbd825bfca415490ae1baedd4b2865dc00bd6480dc062ed3c
Instruction ID: 16f6cb9824d35892059359dffaf7be1fe66f59d7066c2357df68145bc61ead4f
Opcode Fuzzy Hash: 17b67178a7c4cacbbd825bfca415490ae1baedd4b2865dc00bd6480dc062ed3c
Instruction Fuzzy Hash: 9A61A370608301AFD711DF54C989F6ABBE8FF49B14F104989F5859B291D770EE48CB92

Function 00AF3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00AF33CF

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00AF33F0

Strings

Line %d (File "%s"):, xrefs: 00AF3443, 00AF345C
^ ERROR , xrefs: 00AF349E
Error: , xrefs: 00AF34D1
"%s" (%d) : ==> %s:, xrefs: 00AF3522
"%s" (%d) : ==> %s:%s%s, xrefs: 00AF3504
Incorrect parameters to object property !, xrefs: 00AF34AB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 2fbfbd7c9bbccf3fe2a09d264571932432549a7327d87583e63422e0c9664fca
Instruction ID: 27c2ce8c49ae04d51a130435cea58fc9a74b5ccf3d86866e7b54d2f47fc53918
Opcode Fuzzy Hash: 2fbfbd7c9bbccf3fe2a09d264571932432549a7327d87583e63422e0c9664fca
Instruction Fuzzy Hash: 35517B72900209BADF14EBE0CE56EFEB7B8EF14740F1444A5F505720A2EB252F58DB61

Function 00AEB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00AEB5FC
_wcslen.LIBCMT ref: 00AEB608
_wcslen.LIBCMT ref: 00AEB64D
_wcslen.LIBCMT ref: 00AEB68C
_wcslen.LIBCMT ref: 00AEB6C7

Strings

REMOVE, xrefs: 00AEB602, 00AEB607
APPEND, xrefs: 00AEB6C1, 00AEB6C6
EXISTS, xrefs: 00AEB686, 00AEB68B
KEYS, xrefs: 00AEB647, 00AEB64C

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: d81b111fa894a2695e89ca815844d6c346a233d5a460f79eda2d929567599e28
Instruction ID: a90fc1e335291cb91617f49d451905cbdd16effe949481fd3373ec8da7075f0a
Opcode Fuzzy Hash: d81b111fa894a2695e89ca815844d6c346a233d5a460f79eda2d929567599e28
Instruction Fuzzy Hash: 45411832A100679BCB206F7ECD945BFB7B5AFA1754B244529E421DB284F731CD81C7A0

Function 00AF5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AF53A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00AF5416
GetLastError.KERNEL32 ref: 00AF5420
SetErrorMode.KERNEL32(00000000,READY), ref: 00AF54A7

Strings

INVALID, xrefs: 00AF5459
READY, xrefs: 00AF5460, 00AF5468
READONLY, xrefs: 00AF5452
NOTREADY, xrefs: 00AF544B
UNKNOWN, xrefs: 00AF5444

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: b8261a329d86d1a1fbfbeb7a3beea92b6d6258dc5d712901a6819da7e1490afa
Instruction ID: ae4787d808a1d06cfa7c8952798de3f12869e3b763ebb2d51b64e76e767133e7
Opcode Fuzzy Hash: b8261a329d86d1a1fbfbeb7a3beea92b6d6258dc5d712901a6819da7e1490afa
Instruction Fuzzy Hash: 71319F75E006099FD710DFA8C584ABABBB5EF05306F148069F605DB292DB31DE82CBA1

Function 00B13C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00B13C79
SetMenu.USER32(?,00000000), ref: 00B13C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B13D10
IsMenu.USER32(?), ref: 00B13D24
CreatePopupMenu.USER32 ref: 00B13D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B13D5B
DrawMenuBar.USER32 ref: 00B13D63

Strings

0, xrefs: 00B13C54
F, xrefs: 00B13D4E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 2257f957548198ef77dc086a2e0e4ed7fe4486f5bf1bf247019bc1dfb46f490c
Instruction ID: 43c85edb0cf309fa80f3b2f06c1e6fcd30ede949e45ebd8ea01b73fcf1ae2b72
Opcode Fuzzy Hash: 2257f957548198ef77dc086a2e0e4ed7fe4486f5bf1bf247019bc1dfb46f490c
Instruction Fuzzy Hash: 15418A74A01209EFDB14CF64E885BEA7BF6FF49304F544068E91697360EB30AA10CB90

Function 00AE1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00AE1F64
GetDlgCtrlID.USER32 ref: 00AE1F6F
GetParent.USER32 ref: 00AE1F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE1F8E
GetDlgCtrlID.USER32(?), ref: 00AE1F97
GetParent.USER32(?), ref: 00AE1FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE1FAE

Strings

ListBox, xrefs: 00AE1F21
ComboBox, xrefs: 00AE1EEC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 869a3598a4d9ce246c2b7afae85305d7bef2d5f68d05a2c0e47abc348100ded7
Instruction ID: 2680076f29887799beb794f608d82be819ed3d655fff18587d135c222fadddcd
Opcode Fuzzy Hash: 869a3598a4d9ce246c2b7afae85305d7bef2d5f68d05a2c0e47abc348100ded7
Instruction Fuzzy Hash: D321D171940214BFCF04AFA1CC85DFEBBB8EF05310F104156F961A72A1DB359918DBA0

Function 00AE1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00AE2043
GetDlgCtrlID.USER32 ref: 00AE204E
GetParent.USER32 ref: 00AE206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE206D
GetDlgCtrlID.USER32(?), ref: 00AE2076
GetParent.USER32(?), ref: 00AE208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE208D

Strings

ListBox, xrefs: 00AE2002
ComboBox, xrefs: 00AE1FCD

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: edbda34ff1eb531d8bfaa7414cf0fc9f4400fec5f5687ce6c8e63c812bc4c369
Instruction ID: 8f448849d15e069677618622a396f8f0813c16945f7ce7b376eca1d17046d5cd
Opcode Fuzzy Hash: edbda34ff1eb531d8bfaa7414cf0fc9f4400fec5f5687ce6c8e63c812bc4c369
Instruction Fuzzy Hash: D921F3B1940218BFCF11AFA1CC85EFEBFB8EF09300F104045F951A71A1DA758918DB60

Function 00B13A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B13A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B13AA0
GetWindowLongW.USER32(?,000000F0), ref: 00B13AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B13AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B13B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00B13BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00B13BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00B13BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00B13BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00B13C13

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 511b5a2263af9db45be409f2c885d119b076a8419d2bd7c2955e5c9b4d48c123
Instruction ID: bd7e74062b76cdc4631d6d3226109617229da247a9d91b2760b126f3cb2e3884
Opcode Fuzzy Hash: 511b5a2263af9db45be409f2c885d119b076a8419d2bd7c2955e5c9b4d48c123
Instruction Fuzzy Hash: F3615B75900248AFDB10DFA8CC81FEE77F8EB09714F104199FA15A72A1D774AE85DB50

Function 00AEB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00AEB151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB165
GetWindowThreadProcessId.USER32(00000000), ref: 00AEB16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00AEB18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00AEA1E1,?,00000001), ref: 00AEB21D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 3bb40374342963d48e786b3cc43b9a87dadfe54ea147bf1fff8a3ce3eab12db3
Instruction ID: 87f2008ab10391ec8a6df669d8b0f644966dbc8399be626fb4a394ee4e968b6c
Opcode Fuzzy Hash: 3bb40374342963d48e786b3cc43b9a87dadfe54ea147bf1fff8a3ce3eab12db3
Instruction Fuzzy Hash: A331BB75560344BFDB129F25DC58BAF7BA9BF517A2F648008FA00D72A0DBB49A408F74

Function 00AB2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00AB2C94

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00AB2CA0
_free.LIBCMT ref: 00AB2CAB
_free.LIBCMT ref: 00AB2CB6
_free.LIBCMT ref: 00AB2CC1
_free.LIBCMT ref: 00AB2CCC
_free.LIBCMT ref: 00AB2CD7
_free.LIBCMT ref: 00AB2CE2
_free.LIBCMT ref: 00AB2CED
_free.LIBCMT ref: 00AB2CFB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 50c223c0a47512d6f9cae30164502de825c919affc2e5dcb679888b71b846d1c
Instruction ID: b81bf8882f4cef83c85d38486ea20b9c05f3509535c971f7694da3c79e112ea6
Opcode Fuzzy Hash: 50c223c0a47512d6f9cae30164502de825c919affc2e5dcb679888b71b846d1c
Instruction Fuzzy Hash: 5F114676510108BFCB02EF54DA42EDD3BA9FF45350F5149A6F9485B222DA31EE509B90

Function 00AF7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AF7FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF7FC1
GetFileAttributesW.KERNEL32(?), ref: 00AF7FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00AF8005
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8017
SetCurrentDirectoryW.KERNEL32(?), ref: 00AF8060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AF80B0

Strings

*.*, xrefs: 00AF8066

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 40f605e9f8f7c712e84caa7bcfd3ac2b86eeb4b7d01e8f1156fa11f3f871c8d9
Instruction ID: 285d4c5ac6ff0f111153e589cebee56ef2d021db9216dafebb9d64201b558946
Opcode Fuzzy Hash: 40f605e9f8f7c712e84caa7bcfd3ac2b86eeb4b7d01e8f1156fa11f3f871c8d9
Instruction Fuzzy Hash: B381CE725082099BCB20EF94C844ABEB3E8BF89314F54485FFA85C7250EB34DD49CB92

Function 00A85BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00A85C7A

Part of subcall function 00A85D0A: GetClientRect.USER32(?,?), ref: 00A85D30
Part of subcall function 00A85D0A: GetWindowRect.USER32(?,?), ref: 00A85D71
Part of subcall function 00A85D0A: ScreenToClient.USER32(?,?), ref: 00A85D99

GetDC.USER32 ref: 00AC46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00AC4708
SelectObject.GDI32(00000000,00000000), ref: 00AC4716
SelectObject.GDI32(00000000,00000000), ref: 00AC472B
ReleaseDC.USER32(?,00000000), ref: 00AC4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00AC47C4

Strings

U, xrefs: 00AC4693

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 7890387852bffeeadd7d036b0d8a5ef72f19ac7c63af7b25a7925bf70e7eea7b
Instruction ID: 13f08f46055dc75eed670ad275f763c1a09d3136d6ad81cf6c0b6d8bdcdb4f53
Opcode Fuzzy Hash: 7890387852bffeeadd7d036b0d8a5ef72f19ac7c63af7b25a7925bf70e7eea7b
Instruction Fuzzy Hash: C971DC31800205DFCF219F64C994FEA3BB6FF4A324F154269ED565A2AAC7308C81DF60

Function 00AF359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00AF35E4

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

LoadStringW.USER32(00B52390,?,00000FFF,?), ref: 00AF360A

Strings

Line %d (File "%s"):, xrefs: 00AF366B
Error: , xrefs: 00AF36EF
"%s" (%d) : ==> %s:, xrefs: 00AF3742
^ ERROR, xrefs: 00AF36C9
"%s" (%d) : ==> %s:%s%s, xrefs: 00AF3724

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: acc6c48e15b0991f5d0e2614210d702044dafb0720462982bbd3143f8b2793b6
Instruction ID: 84998b5e2b64ab291253d393d1bac4436199644691224083246456a3e6341f3b
Opcode Fuzzy Hash: acc6c48e15b0991f5d0e2614210d702044dafb0720462982bbd3143f8b2793b6
Instruction Fuzzy Hash: B951387280020ABADF14FBE0CE46AFEBB78AF14300F144165F205761A1EB311B99DBA1

Function 00AFC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AFC272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00AFC29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00AFC2CA
GetLastError.KERNEL32 ref: 00AFC322
SetEvent.KERNEL32(?), ref: 00AFC336
InternetCloseHandle.WININET(00000000), ref: 00AFC341

Strings

, xrefs: 00AFC2BB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 817b8518391de8d6a81c01b252dd06a9636dd0eecf247cb6c50f8da75494aecf
Instruction ID: c2984343db4b57b7bd34ad1e1904b6bcd2d1f6370b55649710f32be0caf9e040
Opcode Fuzzy Hash: 817b8518391de8d6a81c01b252dd06a9636dd0eecf247cb6c50f8da75494aecf
Instruction Fuzzy Hash: 7F31937150020CAFD7219FA68E88ABBBBFCEB49794B54851DF546D7240DB30DD049B61

Function 00AE989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00AC3AAF,?,?,Bad directive syntax error,00B1CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00AE98BC
LoadStringW.USER32(00000000,?,00AC3AAF,?), ref: 00AE98C3

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00AE9987

Strings

%s (%d) : ==> %s.: %s %s, xrefs: 00AE98F1
Line %d (File "%s"):, xrefs: 00AE992D
Error: , xrefs: 00AE9955
Line %d:, xrefs: 00AE9912
., xrefs: 00AE996D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 754de4a4dd8abfe1333d11cc85e447843b4edc78aa61020dc29dc7f96eb94bb4
Instruction ID: cf4f4caf865f645f178607cad1308c1e5c5ba48297445d9e3c25b394652a0afa
Opcode Fuzzy Hash: 754de4a4dd8abfe1333d11cc85e447843b4edc78aa61020dc29dc7f96eb94bb4
Instruction Fuzzy Hash: 21218B3294021AAFCF15AF90CD0AEFE7779FF19700F044469F515660A2EB719A28EB51

Function 00AE209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00AE20AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00AE20C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00AE214D

Strings

list, xrefs: 00AE212F
SHELLDLL_DefView, xrefs: 00AE20CC
largeicons, xrefs: 00AE20E1
smallicons, xrefs: 00AE2115
details, xrefs: 00AE20FB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: e67ceb04e60e382137b78e1bc46428a8eaccfdc828a2a9e5334a1d75a5e2f12e
Instruction ID: 76d1f888f6869c703dc9fbd2690cc86011fe220cde5411045954be26e72063ef
Opcode Fuzzy Hash: e67ceb04e60e382137b78e1bc46428a8eaccfdc828a2a9e5334a1d75a5e2f12e
Instruction Fuzzy Hash: C2112C766C4706BAF6116721DC07EE637DCCB05364B200256F704A60F2FFB15A016714

Function 00AB8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c424790cac348a14454be649df833163f6625fa79526c29771ca227f02e36df
Instruction ID: 90b35a5ce29e0745b5f6dc5bf96f849258c754789f70bf6f0acfe4fce8e70d69
Opcode Fuzzy Hash: 9c424790cac348a14454be649df833163f6625fa79526c29771ca227f02e36df
Instruction Fuzzy Hash: A8C1D174A04349AFDF11EFACD841BEEBBB8AF1A310F144199E915A7393CB349941CB61

Function 00ABCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00ABCEB7
_free.LIBCMT ref: 00ABCF22
_free.LIBCMT ref: 00ABCF48
_free.LIBCMT ref: 00ABCF71
_free.LIBCMT ref: 00ABCFA9
_free.LIBCMT ref: 00ABCFDA
_free.LIBCMT ref: 00ABD01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00ABD09C
_free.LIBCMT ref: 00ABD0B5

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 610884864a5ee428ed05713462a48a745cb37a2b55dcd7d5190a777e87c6101f
Instruction ID: 8c195e4fad89231056323bafd89f5aaacf40ce8ebdb3e697cd28dd00d3648680
Opcode Fuzzy Hash: 610884864a5ee428ed05713462a48a745cb37a2b55dcd7d5190a777e87c6101f
Instruction Fuzzy Hash: FD610571A04301AFDB25BFB89981FFA7BADEF05320F0445AEF94597283EA319D019790

Function 00B150D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00B15186
ShowWindow.USER32(?,00000000), ref: 00B151C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 00B151CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 00B151D1

Part of subcall function 00B16FBA: DeleteObject.GDI32(00000000), ref: 00B16FE6

GetWindowLongW.USER32(?,000000F0), ref: 00B1520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B1521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00B1524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00B15287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00B15296

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 5e4cdc0bfacffb8856b69b6ed50ac4eb7edfd87bc02472576d4e4265747785e1
Instruction ID: 8728193f9f9ba54eaa7f485167b4150f3b8dac4d296c9425819cdaef599fa8d3
Opcode Fuzzy Hash: 5e4cdc0bfacffb8856b69b6ed50ac4eb7edfd87bc02472576d4e4265747785e1
Instruction Fuzzy Hash: 2251B431A90A08FEEF319F24CC45BD93BE5EB86321F948195F515A72E0C7B599D0DB80

Function 00A98B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00AD6890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00AD68A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00AD68B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00AD68D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00AD68F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A98874,00000000,00000000,00000000,000000FF,00000000), ref: 00AD6901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00AD691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A98874,00000000,00000000,00000000,000000FF,00000000), ref: 00AD692D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 817be64d3d35708523f4b2567fc6c69cafd0b6eccdc767da8523757f17115ae0
Instruction ID: 8b24ee6fecc4e9434bbe67f7e7a7ad94c9ae6b4f09a76907502cc34aaf6e1c32
Opcode Fuzzy Hash: 817be64d3d35708523f4b2567fc6c69cafd0b6eccdc767da8523757f17115ae0
Instruction Fuzzy Hash: A0517470600209AFDF20CF28CC95BAE7BF6EB58760F144519F906972A0DB74E990DB50

Function 00AFC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00AFC182
GetLastError.KERNEL32 ref: 00AFC195
SetEvent.KERNEL32(?), ref: 00AFC1A9

Part of subcall function 00AFC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00AFC272
Part of subcall function 00AFC253: GetLastError.KERNEL32 ref: 00AFC322
Part of subcall function 00AFC253: SetEvent.KERNEL32(?), ref: 00AFC336
Part of subcall function 00AFC253: InternetCloseHandle.WININET(00000000), ref: 00AFC341

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: b49c422d4fa8061d4339af2a7e13a22f0c841eca0c225d697623c1bc5313d636
Instruction ID: d5032df0d4e663be10b6b1a22542a5a292e5ad89ae8b14db57c24a8f2395088b
Opcode Fuzzy Hash: b49c422d4fa8061d4339af2a7e13a22f0c841eca0c225d697623c1bc5313d636
Instruction Fuzzy Hash: F9318D7114060DAFDB21AFE6DE44AF6BBF8FF18320B00851DFA5683611DB30E9149BA0

Function 00AE25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE25BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00AE25DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00AE25DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE25E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00AE2601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00AE2605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00AE260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00AE2623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00AE2627

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: f85cefd9f3f26655ddf71319ed4e28de45a02c2b0cf5df08dc183b4cad3094f0
Instruction ID: a165cd63ec9510f17e5e4d2cf27826669df9d6746bf2e8aba2f04be89137d2ad
Opcode Fuzzy Hash: f85cefd9f3f26655ddf71319ed4e28de45a02c2b0cf5df08dc183b4cad3094f0
Instruction Fuzzy Hash: D001D4313D0354BBFB1067699C8EF993F99DB4EB52F604011F318AF0D5CDE224448A69

Function 00AE1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00AE1449,?,?,00000000), ref: 00AE180C
HeapAlloc.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE1813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AE1449,?,?,00000000), ref: 00AE1828
GetCurrentProcess.KERNEL32(?,00000000,?,00AE1449,?,?,00000000), ref: 00AE1830
DuplicateHandle.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE1833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AE1449,?,?,00000000), ref: 00AE1843
GetCurrentProcess.KERNEL32(00AE1449,00000000,?,00AE1449,?,?,00000000), ref: 00AE184B
DuplicateHandle.KERNEL32(00000000,?,00AE1449,?,?,00000000), ref: 00AE184E
CreateThread.KERNEL32(00000000,00000000,00AE1874,00000000,00000000,00000000), ref: 00AE1868

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 6ea89ef34c2a53c2314a838de8d95348326a0c57da3546bf38bbf7956cafc706
Instruction ID: 605e8968f4f7f7fadcfeb4a6a7389ca6b35c393ad60edc59d3c484314930b441
Opcode Fuzzy Hash: 6ea89ef34c2a53c2314a838de8d95348326a0c57da3546bf38bbf7956cafc706
Instruction Fuzzy Hash: D501BFB52C0344BFE710AB65DC4DF977FACEB89B11F508411FA05DB191CA709810CB20

Function 00B0A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00AED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00AED501
Part of subcall function 00AED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00AED50F
Part of subcall function 00AED4DC: CloseHandle.KERNEL32(00000000), ref: 00AED5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B0A16D
GetLastError.KERNEL32 ref: 00B0A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B0A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00B0A268
GetLastError.KERNEL32(00000000), ref: 00B0A273
CloseHandle.KERNEL32(00000000), ref: 00B0A2C4

Strings

SeDebugPrivilege, xrefs: 00B0A18F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: cbaf2eac452bcc4a39b905c2e307caa5075e92c8cc77a028f02cf956aecd113d
Instruction ID: c6e9c73e9b9b8445aafd6d10074f7e9e783c2db2fcd412b4f3c1b846419e135e
Opcode Fuzzy Hash: cbaf2eac452bcc4a39b905c2e307caa5075e92c8cc77a028f02cf956aecd113d
Instruction Fuzzy Hash: 81616A30204342AFE720DF19C594F16BBE1AF54318F54889CE4668B6A3CB72ED49CB92

Function 00B13886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B13925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00B1393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B13954
_wcslen.LIBCMT ref: 00B13999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00B139C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B139F4

Strings

SysListView32, xrefs: 00B138F7

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: d1789386db441fcf889065c141258ef34a3aafc26127b3370eb0862ee0fa74c9
Instruction ID: 0ca923eeb6146bb31e5fa3705616ec77a841181a60ff88a38c0d6fe665e046cf
Opcode Fuzzy Hash: d1789386db441fcf889065c141258ef34a3aafc26127b3370eb0862ee0fa74c9
Instruction Fuzzy Hash: 6941C431A00218ABEF219F64CC45FEA7BE9EF08750F500566F959E7281E7719E80CB90

Function 00AEBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AEBCFD
IsMenu.USER32(00000000), ref: 00AEBD1D
CreatePopupMenu.USER32 ref: 00AEBD53
GetMenuItemCount.USER32(00C45E30), ref: 00AEBDA4
InsertMenuItemW.USER32(00C45E30,?,00000001,00000030), ref: 00AEBDCC

Strings

0, xrefs: 00AEBCA8
2, xrefs: 00AEBD37

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 38e84baeb3ff4f7e475dc65e6af821107e88c9151232d626889f6753f2fe8978
Instruction ID: 0bbdb9e15fe1df37dfc9136a7a0886d2fcbb256ec644c70a7e0a61cca36f8f8a
Opcode Fuzzy Hash: 38e84baeb3ff4f7e475dc65e6af821107e88c9151232d626889f6753f2fe8978
Instruction Fuzzy Hash: CE519C70A102899BDF20CFAADDC8BAFBBF9AF55314F248229E411D7291D7709941CB71

Function 00AEC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00AEC913

Strings

info, xrefs: 00AEC8B4
blank, xrefs: 00AEC895
question, xrefs: 00AEC8CC
stop, xrefs: 00AEC8E4
warning, xrefs: 00AEC8FC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: f094d8ad83e019ac2dd21fe353c605cd1ed63c468d9c801c3ab1a9251c2c9fac
Instruction ID: e9ea3da781bcf42dfab73aab87d442adde9d37f858d1ed34d91da4132a09d3ca
Opcode Fuzzy Hash: f094d8ad83e019ac2dd21fe353c605cd1ed63c468d9c801c3ab1a9251c2c9fac
Instruction Fuzzy Hash: F5112C32689346BAE7019B55DD83CEE77ECDF16374B60006AF900A72D3E7B45E016269

Function 00AEDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00AEDE42
gethostname.WSOCK32(?,00000100), ref: 00AEDE5C
gethostbyname.WSOCK32(?), ref: 00AEDE69
inet_ntoa.WSOCK32(?), ref: 00AEDEAB
_strcat.LIBCMT ref: 00AEDEB9
WSACleanup.WSOCK32 ref: 00AEDEDE

Strings

0.0.0.0, xrefs: 00AEDE87

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 470f4d506b90740264ad1cb2dff873f2a1f67f92e28818845a8734294324042f
Instruction ID: c342bbfbc3919013d245e5d08d1b4309a1c8c9e38a5b16d4849cd6d84185a3d6
Opcode Fuzzy Hash: 470f4d506b90740264ad1cb2dff873f2a1f67f92e28818845a8734294324042f
Instruction Fuzzy Hash: 0811D371904215AFCB20AB61DD4AEEF7BBCDF56711F0001A9F545EB0D1EFB18E818AA0

Function 00B19F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

GetSystemMetrics.USER32(0000000F), ref: 00B19FC7
GetSystemMetrics.USER32(0000000F), ref: 00B19FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00B1A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00B1A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00B1A263
ShowWindow.USER32(00000003,00000000), ref: 00B1A282
InvalidateRect.USER32(?,00000000,00000001), ref: 00B1A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 00B1A2CA

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 283a1de3c9da73ee6ae14ca0fffb4911aa75b8fa884640890be8bc6b67f0eac5
Instruction ID: 557a9be006253e1ceb831bfa6da6a7099ac61fd0020efa2140779c4fbde84fa8
Opcode Fuzzy Hash: 283a1de3c9da73ee6ae14ca0fffb4911aa75b8fa884640890be8bc6b67f0eac5
Instruction Fuzzy Hash: 36B1B731601215EBCF14CF68C9857EE7BF2FF48701F5880A9EC49AB295DB31A980CB91

Function 00AEED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00AEED2A
_wcslen.LIBCMT ref: 00AEED3B
_wcslen.LIBCMT ref: 00AEED79
_wcslen.LIBCMT ref: 00AEEDAF
_wcslen.LIBCMT ref: 00AEEDDF
_wcslen.LIBCMT ref: 00AEEDEF
_wcslen.LIBCMT ref: 00AEEE2B
_wcslen.LIBCMT ref: 00AEEE5A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: b5729f8759112dcf4c64d9f938e3adf026942de542abcde844c992d712b5b36b
Instruction ID: a92afc3b3ddc2db6d58a36d4efdbc4d7af36c1a384196ebea148f2d7b586efa7
Opcode Fuzzy Hash: b5729f8759112dcf4c64d9f938e3adf026942de542abcde844c992d712b5b36b
Instruction Fuzzy Hash: C241B265C10258B6DB11EBF5CC8AACFB7ACAF46310F508462F518E3161FB34E255C7A5

Function 00A9F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00A9F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00ADF3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00ADF454

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 31fea9b5cb9831b3a10c7b703678aa0b312a6129384cbcc38afa92b41ef5fada
Instruction ID: 89beb3174bdbe663bad00a75c7a4601b4b1429d39857e2da9e993c3597ed6fa5
Opcode Fuzzy Hash: 31fea9b5cb9831b3a10c7b703678aa0b312a6129384cbcc38afa92b41ef5fada
Instruction Fuzzy Hash: D741F831718680BECF399B2DCD8876B7FE2AB56314F54843DE497D7660CA71A880CB11

Function 00B12D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00B12D1B
GetDC.USER32(00000000), ref: 00B12D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B12D2E
ReleaseDC.USER32(00000000,00000000), ref: 00B12D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B12D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B12D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B15A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00B12DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B12DE1

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 8b58bb1c28b99336d496936f5065bda119660b7bdde84234f4b81686f183adba
Instruction ID: 4ea0c0e766f9ff87952661941d78c4f005ec3ebd9c9a632aa1ee4943a8821dc1
Opcode Fuzzy Hash: 8b58bb1c28b99336d496936f5065bda119660b7bdde84234f4b81686f183adba
Instruction Fuzzy Hash: F0316B72241214BFEB158F50DC8AFEB3FA9EB09715F4480A5FE089B291CA759C50CBA4

Function 00AE5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00AE5637
_memcmp.LIBVCRUNTIME ref: 00AE5659
_memcmp.LIBVCRUNTIME ref: 00AE5671
_memcmp.LIBVCRUNTIME ref: 00AE5684
_memcmp.LIBVCRUNTIME ref: 00AE569E
_memcmp.LIBVCRUNTIME ref: 00AE56B1
_memcmp.LIBVCRUNTIME ref: 00AE56C9
_memcmp.LIBVCRUNTIME ref: 00AE56E4

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 2a82d3c0362c2cfee96e1c051ecbbb9b3cf9dcc925cdd04d78b967983ac98a36
Instruction ID: c4249a8884e0308e8c64560a4b23ec1d0b8d76208525fd85b31c9377fd0275c9
Opcode Fuzzy Hash: 2a82d3c0362c2cfee96e1c051ecbbb9b3cf9dcc925cdd04d78b967983ac98a36
Instruction Fuzzy Hash: 7B219871E409457796149A326E92FFB33ACAE11388F580020FD045F5C1F761ED50C1F5

Function 00B04FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 00B0502E, 00B05383
Not an Object type, xrefs: 00B05007

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 1ef8327a3305c29b19722276bb3a27c0cbfc1c36b4a77d9bd8ff0c39ee8a01c7
Instruction ID: 70cafdfd61bc3f623b0edaa95ca9333e16721f6d1ebc5b91e48326115c868b65
Opcode Fuzzy Hash: 1ef8327a3305c29b19722276bb3a27c0cbfc1c36b4a77d9bd8ff0c39ee8a01c7
Instruction Fuzzy Hash: BFD17D75A0060A9FDF20CF98C881AAEBBF5FF48344F1484A9E915AB691E770DD45CF90

Function 00AC1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00AC15CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00AC1651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00AC16E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00AC16FB

Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00AC1777
__freea.LIBCMT ref: 00AC17A2
__freea.LIBCMT ref: 00AC17AE

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 1ae1371ac1f310c2194e0c5de66d62454a6f9198de54e8a769ee33d5e9bc7106
Instruction ID: 6ffaa93b93273f3a45bb86edc5de0d70dc46750a9a48aa35e5d07896af5be96e
Opcode Fuzzy Hash: 1ae1371ac1f310c2194e0c5de66d62454a6f9198de54e8a769ee33d5e9bc7106
Instruction Fuzzy Hash: 23919272F0021A9ADF208F64C991FEE7BB5AF4A710F1A465DE801E7242DB35DD41CBA0

Function 00B04523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B04648
VariantInit.OLEAUT32(?), ref: 00B04749
VariantClear.OLEAUT32(?), ref: 00B04753
VariantClear.OLEAUT32(?), ref: 00B047B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 00B045D8, 00B04706, 00B047BE
Incorrect Object type in FOR..IN loop, xrefs: 00B0472C

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 8ab4aa64ccaf44769def17bba46d5daa005ceaf6f9e8d62af42a0799f7dc543e
Instruction ID: e924d1cfdfd3667b2cecfe3025e582b8c767575d4673d534f7b8e892b0b56f69
Opcode Fuzzy Hash: 8ab4aa64ccaf44769def17bba46d5daa005ceaf6f9e8d62af42a0799f7dc543e
Instruction Fuzzy Hash: 4B9171B1A00215ABDF20CFA5D884FAE7BF8EF46714F108599F615AB281D7709D45CFA0

Function 00AF1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00AF125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00AF1284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00AF12A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF12D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF13C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00AF1430

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 034d2239e80d2831b745c60463b99156eba8eac40b1350fc0cadf87c68a84408
Instruction ID: 2b8016729c61b2b6cd2ae7ae0f9c5a8b58c9c77f86a96d8ad3d7fc6309ad911b
Opcode Fuzzy Hash: 034d2239e80d2831b745c60463b99156eba8eac40b1350fc0cadf87c68a84408
Instruction Fuzzy Hash: 3A919B75A00219EFDB009FE8C884BBEB7B5FF45325F108029FA51EB291D774A941CB90

Function 00A9948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 75b6758c37a516b77df585e0b808d3b8d2aa1d1857e3bae9695e266779e4e0a8
Instruction ID: 05adddf305d93eb692145fb58f4191380a02fe1da68225f99a2aa5e782af5267
Opcode Fuzzy Hash: 75b6758c37a516b77df585e0b808d3b8d2aa1d1857e3bae9695e266779e4e0a8
Instruction Fuzzy Hash: B7912571A40219AFCF15CFA9C888AEFBBB8FF49320F14805AE515B7251D774AA41CB60

Function 00B03947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B0396B
CharUpperBuffW.USER32(?,?), ref: 00B03A7A
_wcslen.LIBCMT ref: 00B03A8A
VariantClear.OLEAUT32(?), ref: 00B03C1F

Part of subcall function 00AF0CDF: VariantInit.OLEAUT32(00000000), ref: 00AF0D1F
Part of subcall function 00AF0CDF: VariantCopy.OLEAUT32(?,?), ref: 00AF0D28
Part of subcall function 00AF0CDF: VariantClear.OLEAUT32(?), ref: 00AF0D34

Strings

Incorrect Parameter format, xrefs: 00B039A6, 00B03BA1
AUTOIT.ERROR, xrefs: 00B03A80, 00B03A85

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: a8d0330efa1b973a7899c1ca1e61321992df2f33dd9a5e26f150229c90eb1837
Instruction ID: ffd7055cab0d4932fa257945345eba5d30f400fc0d4f122fbaf54107ae8a8fe8
Opcode Fuzzy Hash: a8d0330efa1b973a7899c1ca1e61321992df2f33dd9a5e26f150229c90eb1837
Instruction Fuzzy Hash: 6C916D756083059FC704EF24C58496ABBE8FF89714F14886DF48A97391DB30EE45CB92

Function 00B04BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00AE000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?,?,00AE035E), ref: 00AE002B
Part of subcall function 00AE000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0046
Part of subcall function 00AE000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0054
Part of subcall function 00AE000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?), ref: 00AE0064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00B04C51
_wcslen.LIBCMT ref: 00B04D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00B04DCF
CoTaskMemFree.OLE32(?), ref: 00B04DDA

Strings

NULL Pointer assignment, xrefs: 00B04E23, 00B04E52

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 69863e8fd24fd2d9a7fb778132130fd242e086a0110f96377122c0284bd292ff
Instruction ID: c089354ce97d44ef83dda7543df6dcda61e58c972502c2e73f3831b6964c32f5
Opcode Fuzzy Hash: 69863e8fd24fd2d9a7fb778132130fd242e086a0110f96377122c0284bd292ff
Instruction Fuzzy Hash: 1E9108B1D002199FDF14EFA4D891AEEBBB8FF08310F1085AAE515A7291DB709E44CF60

Function 00B120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00B12183
GetMenuItemCount.USER32(00000000), ref: 00B121B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B121DD
_wcslen.LIBCMT ref: 00B12213
GetMenuItemID.USER32(?,?), ref: 00B1224D
GetSubMenu.USER32(?,?), ref: 00B1225B

Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B122E3

Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: a2fa5e5f60585717f918f5cbbf70990e461519c85ef7de364079f858279fa99d
Instruction ID: 428a61531886a0d090a21dd661f797baf87ab8c82afc2ff2e61a53cda697754b
Opcode Fuzzy Hash: a2fa5e5f60585717f918f5cbbf70990e461519c85ef7de364079f858279fa99d
Instruction Fuzzy Hash: E6718E75A00205AFCB14EF64C985AEEBBF5EF48310F548499E916EB341DB34ED918B90

Function 00B17E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00C45D68), ref: 00B17F37
IsWindowEnabled.USER32(00C45D68), ref: 00B17F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00B1801E
SendMessageW.USER32(00C45D68,000000B0,?,?), ref: 00B18051
IsDlgButtonChecked.USER32(?,?), ref: 00B18089
GetWindowLongW.USER32(00C45D68,000000EC), ref: 00B180AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00B180C3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 4f900cc3f5fba26b45ce6f1cf165a0b3afbb412b39a02d648be82b4e7a590ebb
Instruction ID: a1a2a3acbe649f9ca54a9358354fcd4493c7c5a70f833c317597be6049a95809
Opcode Fuzzy Hash: 4f900cc3f5fba26b45ce6f1cf165a0b3afbb412b39a02d648be82b4e7a590ebb
Instruction Fuzzy Hash: 76718C75688244AFEB219F64C884FEB7BF5FF09300F944499E94597261CF31AC86CB50

Function 00AEAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00AEAEF9
GetKeyboardState.USER32(?), ref: 00AEAF0E
SetKeyboardState.USER32(?), ref: 00AEAF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00AEAF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00AEAFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00AEAFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00AEB020

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: ba8c6f9fecfc001594a1366413411907ebc897a0444972a422d9ff3a7f848319
Instruction ID: 3dbdad5f087ea29f9fa104131b5a580390b5cf2aaf67f49517f0515b1fcd7677
Opcode Fuzzy Hash: ba8c6f9fecfc001594a1366413411907ebc897a0444972a422d9ff3a7f848319
Instruction Fuzzy Hash: 2C51D0A06147D53DFB36833A8C49BBBBEE95B06304F088489E1D9468C2C798FCC8D761

Function 00AEACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00AEAD19
GetKeyboardState.USER32(?), ref: 00AEAD2E
SetKeyboardState.USER32(?), ref: 00AEAD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00AEADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00AEADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00AEAE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00AEAE38

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: e7ad555341498913255d94c54d13815c8b22b13a9a0a411a60532afb442631dd
Instruction ID: fb12c8d31b1959c96cba565b666ca97158e4b4c7c0d193f33b8faa075e596704
Opcode Fuzzy Hash: e7ad555341498913255d94c54d13815c8b22b13a9a0a411a60532afb442631dd
Instruction Fuzzy Hash: 185107A16047E53DFB3383368C95BBABEA95F56300F088488E1D9468C3D794FC88D762

Function 00AB542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00AC3CD6,?,?,?,?,?,?,?,?,00AB5BA3,?,?,00AC3CD6,?,?), ref: 00AB5470
__fassign.LIBCMT ref: 00AB54EB
__fassign.LIBCMT ref: 00AB5506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00AC3CD6,00000005,00000000,00000000), ref: 00AB552C
WriteFile.KERNEL32(?,00AC3CD6,00000000,00AB5BA3,00000000,?,?,?,?,?,?,?,?,?,00AB5BA3,?), ref: 00AB554B
WriteFile.KERNEL32(?,?,00000001,00AB5BA3,00000000,?,?,?,?,?,?,?,?,?,00AB5BA3,?), ref: 00AB5584

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: fa206fdd3fc7ee432d339159fceb2e3a9c49637bd79aec5c25fd4a0983ab85f0
Instruction ID: f066c3551422a2f8f85cb259e97f9cba160f0bd7057ff639023a0b1fbe1ce307
Opcode Fuzzy Hash: fa206fdd3fc7ee432d339159fceb2e3a9c49637bd79aec5c25fd4a0983ab85f0
Instruction Fuzzy Hash: A751BF71E00649AFDB20CFA8D885BEEBBF9EF09301F14415AE955E7292D7309A51CB60

Function 00AA2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00AA2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00AA2D53
_ValidateLocalCookies.LIBCMT ref: 00AA2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00AA2E0C
_ValidateLocalCookies.LIBCMT ref: 00AA2E61

Strings

csm, xrefs: 00AA2DF6

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: f364b4f7cbfa69832d9600beae3845694824d17409871ef0639f5791381c6564
Instruction ID: a27f7aecd0757d635e92c0fd1b71d632f79d56c5594d406691bf2b13e19bd828
Opcode Fuzzy Hash: f364b4f7cbfa69832d9600beae3845694824d17409871ef0639f5791381c6564
Instruction Fuzzy Hash: 7B419134A01209ABCF10DF6CC845BAEBBB5BF46324F148155E8146B3E2DB35EE65CB90

Function 00B010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B0307A
Part of subcall function 00B0304E: _wcslen.LIBCMT ref: 00B0309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00B01112
WSAGetLastError.WSOCK32 ref: 00B01121
WSAGetLastError.WSOCK32 ref: 00B011C9
closesocket.WSOCK32(00000000), ref: 00B011F9

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: 28f7e58d1beb436bb77a438190dc4603ae59e685b0ef43ae1c8014a078c844ff
Instruction ID: 1f199bc151f6ded3ae336795f167eccd753475120e141b9509c1d88307ea698d
Opcode Fuzzy Hash: 28f7e58d1beb436bb77a438190dc4603ae59e685b0ef43ae1c8014a078c844ff
Instruction Fuzzy Hash: 5241D431600204AFDB189F18C885BAABFE9FF45364F148499F916AB2D1CB70ED41CBE1

Function 00AECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AECF22,?), ref: 00AEDDFD

Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AECF22,?), ref: 00AEDE16

lstrcmpiW.KERNEL32(?,?), ref: 00AECF45
MoveFileW.KERNEL32(?,?), ref: 00AECF7F
_wcslen.LIBCMT ref: 00AED005
_wcslen.LIBCMT ref: 00AED01B
SHFileOperationW.SHELL32(?), ref: 00AED061

Strings

\*.*, xrefs: 00AECFF3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 263831deb5bf0131bcc677008a724b29a93534d833894c63ce08835ed37eea54
Instruction ID: 630c379226dab82280476a5adb9bb0ed34fa9da337709ac16b8dd744e3fdd157
Opcode Fuzzy Hash: 263831deb5bf0131bcc677008a724b29a93534d833894c63ce08835ed37eea54
Instruction Fuzzy Hash: D04166719452585FDF12EFA5CA81ADEB7B9AF08380F0000E6E505EB142EB34AB89CB50

Function 00B12DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00B12E1C
GetWindowLongW.USER32(?,000000F0), ref: 00B12E4F
GetWindowLongW.USER32(?,000000F0), ref: 00B12E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00B12EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00B12EE0
GetWindowLongW.USER32(?,000000F0), ref: 00B12EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B12F0B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 81873ccef01359d34b1cdbc889ed0cb849a4c38e3b76feb794657f5c0584c1c7
Instruction ID: 77902a1c814d46a161814715da69112ae71d8bc077161537370991ef7349f97a
Opcode Fuzzy Hash: 81873ccef01359d34b1cdbc889ed0cb849a4c38e3b76feb794657f5c0584c1c7
Instruction Fuzzy Hash: A8311232644250AFEB21CF58DC85FA53BE1FB9A711F9541A4F9108F2B2CB71ACA1DB41

Function 00AE7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE778F
SysAllocString.OLEAUT32(00000000), ref: 00AE7792
SysAllocString.OLEAUT32(?), ref: 00AE77B0
SysFreeString.OLEAUT32(?), ref: 00AE77B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00AE77DE
SysAllocString.OLEAUT32(?), ref: 00AE77EC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 31762f319ac8ae8d5524f632c7c636b378a008523373293a329f9121bdad5eae
Instruction ID: 84bb08ac18b8dc18ce65f7d0c89e6bfbd3949054e2b3476f448f9838ec28f384
Opcode Fuzzy Hash: 31762f319ac8ae8d5524f632c7c636b378a008523373293a329f9121bdad5eae
Instruction Fuzzy Hash: 1D219076608219AFDF10DFA9CC88CFF77ACEB097647448025FA15DB250DA70DC428764

Function 00AE77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AE7868
SysAllocString.OLEAUT32(00000000), ref: 00AE786B
SysAllocString.OLEAUT32 ref: 00AE788C
SysFreeString.OLEAUT32 ref: 00AE7895
StringFromGUID2.OLE32(?,?,00000028), ref: 00AE78AF
SysAllocString.OLEAUT32(?), ref: 00AE78BD

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 4dc7755c9337d8478e7daa2f796d91b1b4ec8725ae4488d92ff3cafebf4b7536
Instruction ID: eb428820d84f8d62cfa07c556135f6b935c922cd7f65c13209f9166b80628179
Opcode Fuzzy Hash: 4dc7755c9337d8478e7daa2f796d91b1b4ec8725ae4488d92ff3cafebf4b7536
Instruction Fuzzy Hash: 4821AF76608214AFEF10AFA9DC88DAE77ECEB193607508125F915CB2A1DA70DC81CB64

Function 00AF04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00AF04F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AF052E

Strings

nul, xrefs: 00AF0567

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: f8a4e94e81c2bd6d9eedaa15f8cb8d0c1d57e7942e27c82f6cfb083be23b9c5b
Instruction ID: cf5a795d7368619755e09b2de4a500693898e33b10ff1d0b08a81421ad8ad00d
Opcode Fuzzy Hash: f8a4e94e81c2bd6d9eedaa15f8cb8d0c1d57e7942e27c82f6cfb083be23b9c5b
Instruction Fuzzy Hash: BA216075500309ABDF209FA9DC44EAA7BB4AF44764F208A19FAA1D72E1D7B0D940CF60

Function 00AF05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00AF05C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AF0601

Strings

nul, xrefs: 00AF0639

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 3cb54f6b65b03e851ec099d0b02fa1968b5cbfed21e389d913a0ed84a343990c
Instruction ID: 9c3ea0ed3394fa2f867e2547f34b14bcc45af6e81a789f9dda77291a1a07a7e7
Opcode Fuzzy Hash: 3cb54f6b65b03e851ec099d0b02fa1968b5cbfed21e389d913a0ed84a343990c
Instruction Fuzzy Hash: 2321A6755003199BDB208FA88C04EAA7BE4AF95760F204B19FAA1E72D1DBF09960CB50

Function 00B140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
Part of subcall function 00A8600E: GetStockObject.GDI32(00000011), ref: 00A86060
Part of subcall function 00A8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B14112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B1411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B1412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B14139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B14145

Strings

Msctls_Progress32, xrefs: 00B140E3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 6b25d1206ab618c745eca03cf022429a10d589f70d423fd37611b0a4be0c7688
Instruction ID: b15544229e22a3b1cf830a8621630e5c4b61ace8272b9ee0962aa6c5693e0d84
Opcode Fuzzy Hash: 6b25d1206ab618c745eca03cf022429a10d589f70d423fd37611b0a4be0c7688
Instruction Fuzzy Hash: CB11B2B2140219BEEF119F64CC85EE77FADEF09798F008110BB18A6050CB729C61DBA4

Function 00ABD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00ABD7A3: _free.LIBCMT ref: 00ABD7CC

_free.LIBCMT ref: 00ABD82D

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00ABD838
_free.LIBCMT ref: 00ABD843
_free.LIBCMT ref: 00ABD897
_free.LIBCMT ref: 00ABD8A2
_free.LIBCMT ref: 00ABD8AD
_free.LIBCMT ref: 00ABD8B8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: 7627fd8b8bcd8941fe5ba718860ee3779f140c146e87d6a7afa717973869af4d
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 75111971940B44BBDA21BFB0CE47FCB7BDCAF44700F404C26B29DAA493EA65B5458760

Function 00AEDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00AEDA74
LoadStringW.USER32(00000000), ref: 00AEDA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00AEDA91
LoadStringW.USER32(00000000), ref: 00AEDA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AEDADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00AEDAB9

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: dd6d765ffd23e42e18eeb817ebee24edf15613813ed4c132a0b94322fc60e90c
Instruction ID: 2e4d3e51758aa231a855a3f2bf5cdcbf1c297741e10022ec7a318b1867509af5
Opcode Fuzzy Hash: dd6d765ffd23e42e18eeb817ebee24edf15613813ed4c132a0b94322fc60e90c
Instruction Fuzzy Hash: E50186F6540208BFEB509BA09D89EE7377CE708701F8044A1B706E7041EA749E844F74

Function 00AF096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(00C43250,00C43250), ref: 00AF097B
EnterCriticalSection.KERNEL32(00C43230,00000000), ref: 00AF098D
TerminateThread.KERNEL32(?,000001F6), ref: 00AF099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00AF09A9
CloseHandle.KERNEL32(?), ref: 00AF09B8
InterlockedExchange.KERNEL32(00C43250,000001F6), ref: 00AF09C8
LeaveCriticalSection.KERNEL32(00C43230), ref: 00AF09CF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: d4bda4307dfd8225ac81e3488e2a2616df72073150d6d2584b05e4b350e12ae9
Instruction ID: 361feb85cf4f31612c2f9905d5574ac0df9effc2aa8d9a28d04e8e07098a81bf
Opcode Fuzzy Hash: d4bda4307dfd8225ac81e3488e2a2616df72073150d6d2584b05e4b350e12ae9
Instruction Fuzzy Hash: 05F01D31482612BBD7515B94EE88AE67E35BF01702F905015F201518A1DB749465CF90

Function 00A85D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00A85D30
GetWindowRect.USER32(?,?), ref: 00A85D71
ScreenToClient.USER32(?,?), ref: 00A85D99
GetClientRect.USER32(?,?), ref: 00A85ED7
GetWindowRect.USER32(?,?), ref: 00A85EF8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 4c233fb6629d74862b0a701bd72164863af2e2690482cc56f11ed31ca63cde6b
Instruction ID: a296f5ab2ebc63c359e720453230cc4568dea249bef8ae05a6ff688dd7ebf28f
Opcode Fuzzy Hash: 4c233fb6629d74862b0a701bd72164863af2e2690482cc56f11ed31ca63cde6b
Instruction Fuzzy Hash: DEB15835A00A4ADBDB14DFB9C880BEAB7F1FF58310F14841AECA9D7250DB34AA51DB54

Function 00AB01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00AB00BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB00D6
__allrem.LIBCMT ref: 00AB00ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB010B
__allrem.LIBCMT ref: 00AB0122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB0140

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: c40d3176f160e4d1aa8a065752494190d0be2c4929efa6c321be3b223aa06877
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 0A81C472A007069FE728AB68DD41FAB73EDAF42364F24462EF551D76C2E7B0D9008790

Function 00B01D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B03149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00B0101C,00000000,?,?,00000000), ref: 00B03195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00B01DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00B01DE1
WSAGetLastError.WSOCK32 ref: 00B01DF2
inet_ntoa.WSOCK32(?), ref: 00B01E8C
htons.WSOCK32(?,?,?,?,?), ref: 00B01EDB
_strlen.LIBCMT ref: 00B01F35

Part of subcall function 00AE39E8: _strlen.LIBCMT ref: 00AE39F2

Part of subcall function 00A86D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00A9CF58,?,?,?), ref: 00A86DBA
Part of subcall function 00A86D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00A9CF58,?,?,?), ref: 00A86DED

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: ef8033ef4525ae246275c9a257deb82ee274d1417993f05242964c1def6f3480
Instruction ID: 71880350eff5d1d0e6000fe77fb18ffa9a74f4a01d51babe0b216f5851ef9706
Opcode Fuzzy Hash: ef8033ef4525ae246275c9a257deb82ee274d1417993f05242964c1def6f3480
Instruction Fuzzy Hash: B0A1E031204341AFD728EF28C895E2A7BE5EF85318F54899CF4565B2E2DB31ED42CB91

Function 00AB61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00AA82D9,00AA82D9,?,?,?,00AB644F,00000001,00000001,8BE85006), ref: 00AB6258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00AB644F,00000001,00000001,8BE85006,?,?,?), ref: 00AB62DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00AB63D8
__freea.LIBCMT ref: 00AB63E5

Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

__freea.LIBCMT ref: 00AB63EE
__freea.LIBCMT ref: 00AB6413

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: a36dfd9f7c267c8a35026dabae8843c3ff91ac0ef5b1734827786e8a4b91b463
Instruction ID: e15b9b5736a8dc993ab518367dae161aa0cbe93eefd0493466eb608c9497cf49
Opcode Fuzzy Hash: a36dfd9f7c267c8a35026dabae8843c3ff91ac0ef5b1734827786e8a4b91b463
Instruction Fuzzy Hash: E551BF72A00216ABEB258F64DD81EEF7BADEB44750F154629FC05DB142EB38DC54C6A0

Function 00B0BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0BD25
RegCloseKey.ADVAPI32(00000000), ref: 00B0BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B0BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B0BDF3
RegCloseKey.ADVAPI32(?), ref: 00B0BDFF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 9cda10f7ee77f79caa02e68cb7cf2c07a4a8d70bf6beeb765864771f7513dc9d
Instruction ID: bfef971cf8a59749b392cbe099a489505d3302fa8fdf688503875b14c8b6dfa4
Opcode Fuzzy Hash: 9cda10f7ee77f79caa02e68cb7cf2c07a4a8d70bf6beeb765864771f7513dc9d
Instruction Fuzzy Hash: 1481C430208241EFD714DF24C885E6ABBE5FF84308F1489ACF4598B2A2DB31ED45CB92

Function 00ADF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00ADF7B9
SysAllocString.OLEAUT32(00000001), ref: 00ADF860
VariantCopy.OLEAUT32(00ADFA64,00000000), ref: 00ADF889
VariantClear.OLEAUT32(00ADFA64), ref: 00ADF8AD
VariantCopy.OLEAUT32(00ADFA64,00000000), ref: 00ADF8B1
VariantClear.OLEAUT32(?), ref: 00ADF8BB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: 8c3024e5a9792dff622c09dc58c1aab861d285fdae632426337179d88f9b1426
Instruction ID: b8c84c0dbe44eaee2a14ef51fd4ab6fa1c41c7981546c64fbed2b833c6b4f750
Opcode Fuzzy Hash: 8c3024e5a9792dff622c09dc58c1aab861d285fdae632426337179d88f9b1426
Instruction Fuzzy Hash: DE51C231A50310BECF24AB65D8A5B3AB3E8EF45710B248467E907DF391DB708D40CBA6

Function 00AF910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00AF94E5
_wcslen.LIBCMT ref: 00AF9506
_wcslen.LIBCMT ref: 00AF952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00AF9585

Strings

X, xrefs: 00AF9412

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 296acb02ab25626be02828253dcf1b508271702b4d4d0c70e598234a3c2e2a40
Instruction ID: 1ab59cdafdf72a0c5e6b07afcb10d17dc82c285870e0fc96e0b1b5a3dffb7b48
Opcode Fuzzy Hash: 296acb02ab25626be02828253dcf1b508271702b4d4d0c70e598234a3c2e2a40
Instruction Fuzzy Hash: 12E1BE716083018FD724EF64C981B6BB7E4BF85314F04896DF9999B2A2DB31ED05CB92

Function 00A9920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

BeginPaint.USER32(?,?,?), ref: 00A99241
GetWindowRect.USER32(?,?), ref: 00A992A5
ScreenToClient.USER32(?,?), ref: 00A992C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A992D3
EndPaint.USER32(?,?,?,?,?), ref: 00A99321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00AD71EA

Part of subcall function 00A99339: BeginPath.GDI32(00000000), ref: 00A99357

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 9fd3a12844867f5b1613da075d0c29b5eceb05cc9f1432b3f1db015d4bd30d54
Instruction ID: 0aaae6c153c77d77c89dd1fac1154679ba30404478267c87f6536bedd8b11ca5
Opcode Fuzzy Hash: 9fd3a12844867f5b1613da075d0c29b5eceb05cc9f1432b3f1db015d4bd30d54
Instruction Fuzzy Hash: 9D418E70204300AFDB21DF28C885FAB7BF8EB56321F14066DF9558B2B1DB719846DB61

Function 00AF07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00AF080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00AF0847
EnterCriticalSection.KERNEL32(?), ref: 00AF0863
LeaveCriticalSection.KERNEL32(?), ref: 00AF08DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00AF08F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00AF0921

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 1873e8cf3cbd58960f5a935b9442c44f7edea5bf06af501a47e71bc7a696fcaf
Instruction ID: 6423b650f4bdd81d1de55846323c92d5b5a7fdb15cd712697b960d6420d9cf20
Opcode Fuzzy Hash: 1873e8cf3cbd58960f5a935b9442c44f7edea5bf06af501a47e71bc7a696fcaf
Instruction Fuzzy Hash: 2B415971A00209AFDF14AF94DC85AAA77B8FF04310F1480A5ED00AB297DB30DE64DBA4

Function 00B181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00ADF3AB,00000000,?,?,00000000,?,00AD682C,00000004,00000000,00000000), ref: 00B1824C
EnableWindow.USER32(?,00000000), ref: 00B18272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00B182D1
ShowWindow.USER32(?,00000004), ref: 00B182E5
EnableWindow.USER32(?,00000001), ref: 00B1830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00B1832F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 9eb161576aa122233e778abd93b8c5735db7aa5f597dfea22672cb43aacef142
Instruction ID: c2c1a99d1786e1c9f2797adc249fbbc96541d1c84396b6f178d6509a1695d069
Opcode Fuzzy Hash: 9eb161576aa122233e778abd93b8c5735db7aa5f597dfea22672cb43aacef142
Instruction Fuzzy Hash: 8A41B234601644EFDB22CF18D899BE47BE0FB4A715F5841E9F5184B2A2CB71AC81CF90

Function 00AE4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00AE4C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00AE4CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00AE4CEA
_wcslen.LIBCMT ref: 00AE4D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00AE4D10
_wcsstr.LIBVCRUNTIME ref: 00AE4D1A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: b3812fd16e3d78d47000139b63bb591a36e4b887e8f333d3b5007567fcb9271a
Instruction ID: 28eadf9c1aa6a141ad4e89bddae15ed639b47a8997e4fa5e9467c5744639a5ae
Opcode Fuzzy Hash: b3812fd16e3d78d47000139b63bb591a36e4b887e8f333d3b5007567fcb9271a
Instruction Fuzzy Hash: C921C9716042447FEB155B3A9D49E7B7FACDF49750F108029F805CB191DE65DC4196A0

Function 00AF581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A83A97,?,?,00A82E7F,?,?,?,00000000), ref: 00A83AC2

_wcslen.LIBCMT ref: 00AF587B
CoInitialize.OLE32(00000000), ref: 00AF5995
CoCreateInstance.OLE32(00B1FCF8,00000000,00000001,00B1FB68,?), ref: 00AF59AE
CoUninitialize.OLE32 ref: 00AF59CC

Strings

.lnk, xrefs: 00AF5876, 00AF58C1, 00AF5985

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: f2982e31b4c69858720ba3ff7d09a7539d4775937a9dc4c5bd2ccf35576ff670
Instruction ID: d425a1a16560f935cb02dae4504f06f652ac21328d55d758e547e0223683ff4c
Opcode Fuzzy Hash: f2982e31b4c69858720ba3ff7d09a7539d4775937a9dc4c5bd2ccf35576ff670
Instruction Fuzzy Hash: 9CD17471A087059FC718EF64C58492ABBE1FF89710F14885DFA8A9B361DB31EC45CB92

Function 00AE175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AE0FCA
Part of subcall function 00AE0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AE0FD6
Part of subcall function 00AE0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AE0FE5
Part of subcall function 00AE0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AE0FEC
Part of subcall function 00AE0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AE1002

GetLengthSid.ADVAPI32(?,00000000,00AE1335), ref: 00AE17AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00AE17BA
HeapAlloc.KERNEL32(00000000), ref: 00AE17C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00AE17DA
GetProcessHeap.KERNEL32(00000000,00000000,00AE1335), ref: 00AE17EE
HeapFree.KERNEL32(00000000), ref: 00AE17F5

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 12e4c4722c1c92fab6fbc71cc2f0c107dc39fb726de4470648b4e202a8632fb4
Instruction ID: c3ba629bd7b4458a00da76b2ff7d42c035f21ca432366961c7feffd39e327245
Opcode Fuzzy Hash: 12e4c4722c1c92fab6fbc71cc2f0c107dc39fb726de4470648b4e202a8632fb4
Instruction Fuzzy Hash: 51118B32684215FFDB109FA5CC49FEE7BB9EB46755F608018F981A7210DB36A944CF60

Function 00AE14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00AE14FF
OpenProcessToken.ADVAPI32(00000000), ref: 00AE1506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00AE1515
CloseHandle.KERNEL32(00000004), ref: 00AE1520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00AE154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00AE1563

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 83920c9b7897d048b4356cc22c68426079c3debc72a956854f4563c64e8865bb
Instruction ID: 945887c71a6d70925096ce95ec89b4994816fffcb644aba296a4dd3df7d57272
Opcode Fuzzy Hash: 83920c9b7897d048b4356cc22c68426079c3debc72a956854f4563c64e8865bb
Instruction Fuzzy Hash: 6F1129B2540259ABDF118F98ED49FDE7BB9EF48744F048015FA05A21A0C7758E60DB60

Function 00AA3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00AA3379,00AA2FE5), ref: 00AA3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00AA339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00AA33B7
SetLastError.KERNEL32(00000000,?,00AA3379,00AA2FE5), ref: 00AA3409

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: a0c0429874d4ab4d62d521308618e54b4e618b3ecf62a56ff57fc029513298f7
Instruction ID: 6c8d6fb14b0c67852ee7375bd3d4fadcdca05d0821f8ec4240137f9be1e236f0
Opcode Fuzzy Hash: a0c0429874d4ab4d62d521308618e54b4e618b3ecf62a56ff57fc029513298f7
Instruction Fuzzy Hash: 1701473760E311BFAEA62B747D856672E94EB0B7793300229F4208B2F0EF114E015154

Function 00AB2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00AB5686,00AC3CD6,?,00000000,?,00AB5B6A,?,?,?,?,?,00AAE6D1,?,00B48A48), ref: 00AB2D78
_free.LIBCMT ref: 00AB2DAB
_free.LIBCMT ref: 00AB2DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00AAE6D1,?,00B48A48,00000010,00A84F4A,?,?,00000000,00AC3CD6), ref: 00AB2DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00AAE6D1,?,00B48A48,00000010,00A84F4A,?,?,00000000,00AC3CD6), ref: 00AB2DEC
_abort.LIBCMT ref: 00AB2DF2

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: fd5f3b9ba71b4d8319908ecb37fdab7a8dcc7ddbd7bec3fe2676eef5d097d542
Instruction ID: fc5930b48c97609acc16879e1a26d36a835b27104895df6986ab3881421357a5
Opcode Fuzzy Hash: fd5f3b9ba71b4d8319908ecb37fdab7a8dcc7ddbd7bec3fe2676eef5d097d542
Instruction Fuzzy Hash: 32F0C83654560027D6123738BD0AFEA2B6DBFC67A1F24451AF824931D7EE3489014360

Function 00B18A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00A99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996A2
Part of subcall function 00A99639: BeginPath.GDI32(?), ref: 00A996B9
Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00B18A4E
LineTo.GDI32(?,00000003,00000000), ref: 00B18A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00B18A70
LineTo.GDI32(?,00000000,00000003), ref: 00B18A80
EndPath.GDI32(?), ref: 00B18A90
StrokePath.GDI32(?), ref: 00B18AA0

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 2bbfb1e3c53164749ed2953778e1006540d263323ffda9cbb104f7d9253ebba0
Instruction ID: 84d33a33dad3f9b984e26e50338a38f40026862de4b134c3f8943c8ec6edfae0
Opcode Fuzzy Hash: 2bbfb1e3c53164749ed2953778e1006540d263323ffda9cbb104f7d9253ebba0
Instruction Fuzzy Hash: 3B11F776040108FFDB129F94DC88FEA7FACEB08350F40C462BA199A1A1CB719D55DBA0

Function 00AE51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00AE5218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00AE5229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AE5230
ReleaseDC.USER32(00000000,00000000), ref: 00AE5238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00AE524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00AE5261

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 261d303609e92646e519b46b81605d9c0a9ed2c6f305f5d72ddbc819b889ee1d
Instruction ID: 8fa66d471bd509ebbdff77d62cd3610dad0281bd6ea62a542d527ecc60670c79
Opcode Fuzzy Hash: 261d303609e92646e519b46b81605d9c0a9ed2c6f305f5d72ddbc819b889ee1d
Instruction Fuzzy Hash: 85014475E40714BBEB105BB69C49A9EBF78EF48751F148065FA05E7281DA709900CB60

Function 00A81BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A81BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00A81BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A81C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A81C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00A81C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A81C22

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 580f707b4b934048841ed907b1f485c34641248c53dbebaa8d6ba2310df5f25b
Instruction ID: cbda5377ca47c1bfd8ac3a91766ede3dec1dcee5a3b9916193161a64f873b013
Opcode Fuzzy Hash: 580f707b4b934048841ed907b1f485c34641248c53dbebaa8d6ba2310df5f25b
Instruction Fuzzy Hash: 7D0167B0942B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5

Function 00AEEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00AEEB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00AEEB46
GetWindowThreadProcessId.USER32(?,?), ref: 00AEEB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AEEB75

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 6576059906f0f0cd4a84e9046b05536280f522b40756dfb6f9dca5dfb1630777
Instruction ID: b271a851385e8b2faa98fbd964a4a30fe020b89b791adaa439d2e83a19ea91bf
Opcode Fuzzy Hash: 6576059906f0f0cd4a84e9046b05536280f522b40756dfb6f9dca5dfb1630777
Instruction Fuzzy Hash: D1F03072680158BBE72157529C0DEEF3E7CEFCAB11F408158F611E3091DBA05A01C6B5

Function 00AD7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00AD7452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00AD7469
GetWindowDC.USER32(?), ref: 00AD7475
GetPixel.GDI32(00000000,?,?), ref: 00AD7484
ReleaseDC.USER32(?,00000000), ref: 00AD7496
GetSysColor.USER32(00000005), ref: 00AD74B0

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: b38f9855ba293a30a5336b2b6d546b377c80f7fefec4a9ef9b4d7cffc8320c97
Instruction ID: c057263c196369b13403357d72787c84363ecad1ca5dcfe7d57b0f11d230bd01
Opcode Fuzzy Hash: b38f9855ba293a30a5336b2b6d546b377c80f7fefec4a9ef9b4d7cffc8320c97
Instruction Fuzzy Hash: 3D015231440215EFEB525FA4DC09BEA7FB6FB04321FA080A4F916A31A0CF311E51AB10

Function 00AE1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00AE187F
UnloadUserProfile.USERENV(?,?), ref: 00AE188B
CloseHandle.KERNEL32(?), ref: 00AE1894
CloseHandle.KERNEL32(?), ref: 00AE189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00AE18A5
HeapFree.KERNEL32(00000000), ref: 00AE18AC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: b4f788314fb77d54bc259720de87107d5748ad6600741d9f32dac8c3703c5ca4
Instruction ID: 4be6d73b956bb1e9806e65697dddec0260e8a4c621bf1fd74b49d0d4793515ed
Opcode Fuzzy Hash: b4f788314fb77d54bc259720de87107d5748ad6600741d9f32dac8c3703c5ca4
Instruction Fuzzy Hash: F3E0E536484211BBDB015FA1ED0C98ABF3AFF49B22B90C220F225920B0CF729430DF50

Function 00AEC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AEC6EE
_wcslen.LIBCMT ref: 00AEC735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AEC79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00AEC7CA

Strings

0, xrefs: 00AEC6AF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: e1b97d79fab28c3f818be9535694d5eb233a7e4170c79412904bea233ba89753
Instruction ID: 660a953d7a0b320aadf56da785d76a41a008da4b58761126d6bbbcaa5a8bcb66
Opcode Fuzzy Hash: e1b97d79fab28c3f818be9535694d5eb233a7e4170c79412904bea233ba89753
Instruction Fuzzy Hash: C851D5716043809BD715EF2AC985B6BBBE8AF49324F040A2DF995D31E0DB70DD46CB52

Function 00B0AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00B0AEA3

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

GetProcessId.KERNEL32(00000000), ref: 00B0AF38
CloseHandle.KERNEL32(00000000), ref: 00B0AF67

Strings

<, xrefs: 00B0AE6B
@, xrefs: 00B0AE72

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 32cad4c9500c3febe4ba5d15fe15ddb8684387ea50b352fc7e6fff3e25e48ecf
Instruction ID: 56afc1410e5147de94487d5ee8ef4c2c17128ad85e3371ce3c7c858a4f086e82
Opcode Fuzzy Hash: 32cad4c9500c3febe4ba5d15fe15ddb8684387ea50b352fc7e6fff3e25e48ecf
Instruction Fuzzy Hash: EC715971A00615DFCB14EF54C584A9EBBF0FF08314F1488A9E856AB7A2CB74ED45CBA1

Function 00AE719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00AE7206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00AE723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00AE724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00AE72CF

Strings

DllGetClassObject, xrefs: 00AE7242

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 9ec3080c5e5b77d83bb63d750cd83e654426c3683c04b362721175ac20281e82
Instruction ID: c3922e3cb985681aad3096665498e6778f6c3ab11f6f9bdc5fbf80c3b67838e8
Opcode Fuzzy Hash: 9ec3080c5e5b77d83bb63d750cd83e654426c3683c04b362721175ac20281e82
Instruction Fuzzy Hash: 46416D71A04245EFDB15CF55C884AEE7BB9EF45310F2480A9BE099F24AD7B1DE44CBA0

Function 00B13D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B13E35
IsMenu.USER32(?), ref: 00B13E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B13E92
DrawMenuBar.USER32 ref: 00B13EA5

Strings

0, xrefs: 00B13D89

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 61c9628eb7d476b52fbd754df7a1a3f5c9689485a9de5c05ff097c97d8a0fc2c
Instruction ID: 3d8acdc41e2394227b1372015beef4b777dc578685be406fa8b57af6e3a2fbd7
Opcode Fuzzy Hash: 61c9628eb7d476b52fbd754df7a1a3f5c9689485a9de5c05ff097c97d8a0fc2c
Instruction Fuzzy Hash: 13414A76A00309EFDB10DF54D884AEABBF9FF49750F4441A9E905A7290E730AE85CF60

Function 00AE1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00AE1E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00AE1E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00AE1EA9

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

Strings

ListBox, xrefs: 00AE1E25
ComboBox, xrefs: 00AE1DF0

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 80ed36505a50c99cf1c6148f89dffb87065b1bbc2f0867561eeb1aa6b8a0f8d0
Instruction ID: ddf55f4979181445febf193b3d9ba4a558a62e0427d5071bab85bddea01ddba0
Opcode Fuzzy Hash: 80ed36505a50c99cf1c6148f89dffb87065b1bbc2f0867561eeb1aa6b8a0f8d0
Instruction Fuzzy Hash: 76217871A40144BFDB14ABB6CD4ACFFBBB8EF41350B144519F821A31E1DB384E0A8720

Function 00B0C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B0C9F1
_wcslen.LIBCMT ref: 00B0CA68
_wcslen.LIBCMT ref: 00B0CA9E
_wcslen.LIBCMT ref: 00B0CAF9
_wcslen.LIBCMT ref: 00B0CB2F
_wcslen.LIBCMT ref: 00B0CB7F

Strings

HKLM, xrefs: 00B0CA98, 00B0CA9D
HKEY_LOCAL_MACHINE, xrefs: 00B0CA62, 00B0CA67

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: bf6f51837b1ff7e3761d4d13aa3d1e32aab95ceea163c38b243305c82c85ca19
Instruction ID: 7ae5777d5208230e6749e9898bb4aa061b97bdc466cb0d0ab4c6995139a4066a
Opcode Fuzzy Hash: bf6f51837b1ff7e3761d4d13aa3d1e32aab95ceea163c38b243305c82c85ca19
Instruction Fuzzy Hash: 2931F733B0016A4BCB20DF6C89501BF3FD1DBA1790B1542A9E8556B2DDEB70CE44D3A0

Function 00B12F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B12F8D
LoadLibraryW.KERNEL32(?), ref: 00B12F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B12FA9
DestroyWindow.USER32(?), ref: 00B12FB1

Strings

SysAnimate32, xrefs: 00B12F68

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: f72ecb5bb3c94583cc91ce673ab36cef24a78f71b15a41fea925d61aa8ffe2a7
Instruction ID: a62f8c2378ad97cc13f2f64dee9748f72c69ca538c8d0d82ec1b363fe06f2523
Opcode Fuzzy Hash: f72ecb5bb3c94583cc91ce673ab36cef24a78f71b15a41fea925d61aa8ffe2a7
Instruction Fuzzy Hash: 46216A71204209ABEB104F64DC84EFB77F9EB59364F904658FA50D71A0D771DCA29760

Function 00AA4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00AA4D1E,00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002), ref: 00AA4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AA4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00AA4D1E,00AB28E9,?,00AA4CBE,00AB28E9,00B488B8,0000000C,00AA4E15,00AB28E9,00000002,00000000), ref: 00AA4DC3

Strings

mscoree.dll, xrefs: 00AA4D86
CorExitProcess, xrefs: 00AA4D98

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: fc197995f3da20a1f803a7987253a4c56e285cfcc2e2fcab4076fb21c4b68aa7
Instruction ID: ae363e3fd7d1776cc4225d9d09a9a4993c8a094c497185fad772ec176909b36b
Opcode Fuzzy Hash: fc197995f3da20a1f803a7987253a4c56e285cfcc2e2fcab4076fb21c4b68aa7
Instruction Fuzzy Hash: 70F03C35A80218BBDB119F94DC49BEEBFA5EF49751F4040A4B809A32A0CF719E50CB90

Function 00ADD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00ADD3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00ADD3BF
FreeLibrary.KERNEL32(00000000), ref: 00ADD3E5

Strings

GetSystemWow64DirectoryW, xrefs: 00ADD3B9
X64, xrefs: 00ADD2A8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 1d3aeaf93421fbfebbf30a953d8abcb8fdc008619497b41d4c4a9b2ca64c658f
Instruction ID: 00ac5bcf8a6b975e3fa6ad3c1578dd68f903f9adb1895c06e5ea1ad3f4063d93
Opcode Fuzzy Hash: 1d3aeaf93421fbfebbf30a953d8abcb8fdc008619497b41d4c4a9b2ca64c658f
Instruction Fuzzy Hash: DCF055314C5A20ABD73017148C18EED7B70AF00702BA4C087F807FA318DF30CE808682

Function 00A84E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A84EAE
FreeLibrary.KERNEL32(00000000,?,?,00A84EDD,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84EC0

Strings

kernel32.dll, xrefs: 00A84E94
Wow64DisableWow64FsRedirection, xrefs: 00A84EA8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 1a367b8077c281265af25e17abe02863e92dcfe061aec8b9d04cb172ab391529
Instruction ID: 03b7434c5cdd4181407a344d5b23d4ce28abeddab8d04186398b51f886fe1501
Opcode Fuzzy Hash: 1a367b8077c281265af25e17abe02863e92dcfe061aec8b9d04cb172ab391529
Instruction Fuzzy Hash: 92E0CD35A855236BD3312B256C18BDF6A94AF85F627454115FC04F3114DF64CD0141A0

Function 00A84E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A84E74
FreeLibrary.KERNEL32(00000000,?,?,00AC3CDE,?,00B51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A84E87

Strings

kernel32.dll, xrefs: 00A84E5B
Wow64RevertWow64FsRedirection, xrefs: 00A84E6E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 1ef6c721cced8e3ec2ee4b20b2c810f8ec374ab6d6e020bf6cc5bc539804f888
Instruction ID: 3b20489445cc3f30b94d434c12b42f6d28f98ba7531ff156146d258488b92e85
Opcode Fuzzy Hash: 1ef6c721cced8e3ec2ee4b20b2c810f8ec374ab6d6e020bf6cc5bc539804f888
Instruction Fuzzy Hash: 1BD012355826226756222B256C18ECB6E58AF89F513454565F905F3124CF60CE2186D0

Function 00AF2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2C05
DeleteFileW.KERNEL32(?), ref: 00AF2C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00AF2C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF2CC0

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 17b26b463a8f62e86e3de783b1aeec1f22b20ed83c69420e546116911dc94a32
Instruction ID: 777463fde0cdc58254c19feea553f5b1f66282cbc349eba5df0bec708d5f58fb
Opcode Fuzzy Hash: 17b26b463a8f62e86e3de783b1aeec1f22b20ed83c69420e546116911dc94a32
Instruction Fuzzy Hash: 03B11C71D0011DABDF11EBE4CD85EEEBBBDEF49350F1040A6FA09A7191EB309A448B61

Function 00B0A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00B0A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B0A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B0A468
CloseHandle.KERNEL32(?), ref: 00B0A63D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: e41cd924810e932e462354c39ce61b9144555b9f187cb9526d9aefc5b92dd6fb
Instruction ID: 6740545734124a24a559615ceb5a9feff304adcd197dfbc20c04f007c715b5b4
Opcode Fuzzy Hash: e41cd924810e932e462354c39ce61b9144555b9f187cb9526d9aefc5b92dd6fb
Instruction Fuzzy Hash: C4A19071604300AFE720EF24D986F2ABBE5AF84714F14885DF55A9B3D2DB71EC418B92

Function 00AEE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AECF22,?), ref: 00AEDDFD

Part of subcall function 00AEDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AECF22,?), ref: 00AEDE16

Part of subcall function 00AEE199: GetFileAttributesW.KERNEL32(?,00AECF95), ref: 00AEE19A

lstrcmpiW.KERNEL32(?,?), ref: 00AEE473
MoveFileW.KERNEL32(?,?), ref: 00AEE4AC
_wcslen.LIBCMT ref: 00AEE5EB
_wcslen.LIBCMT ref: 00AEE603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00AEE650

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 7981b746887fc97c421dd940dd5d0c72fb31a6563c3b62fafa66ff6b69ed98f8
Instruction ID: de06c2eb19446bfea6a7a9181b1722f4a6bd2ddcc23ef07ad9ea2a6257e9e7fa
Opcode Fuzzy Hash: 7981b746887fc97c421dd940dd5d0c72fb31a6563c3b62fafa66ff6b69ed98f8
Instruction Fuzzy Hash: 9F5184B24083859BC724EBA5DD819EFB3ECAF85340F00491EF589D3191EF75A68C8766

Function 00B0B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00B0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B0B6AE,?,?), ref: 00B0C9B5
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0C9F1
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA68
Part of subcall function 00B0C998: _wcslen.LIBCMT ref: 00B0CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B0BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B0BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B0BB63
RegCloseKey.ADVAPI32(?,?), ref: 00B0BBA6
RegCloseKey.ADVAPI32(00000000), ref: 00B0BBB3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 57dc7a22487f33c6967ea564a76f57acde8d283ca3b660a4f81a4e58086a23ff
Instruction ID: 93e404fe81816cd3c5a98c9758be9507c0c2a2a515c94e3ac7f241104bc384d0
Opcode Fuzzy Hash: 57dc7a22487f33c6967ea564a76f57acde8d283ca3b660a4f81a4e58086a23ff
Instruction Fuzzy Hash: 4961AF31208241EFD714DF24C494E2ABBE5FF84308F54899DF49A8B2A2DB31ED45CB92

Function 00AE8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00AE8BCD
VariantClear.OLEAUT32 ref: 00AE8C3E
VariantClear.OLEAUT32 ref: 00AE8C9D
VariantClear.OLEAUT32(?), ref: 00AE8D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00AE8D3B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: ea9952aa76042f6bb8bf0c24e7f720ac5bbdeae056f448a7159cecdc353fe54a
Instruction ID: 2a62e9bb59bad4a7a9b58f7c504b4cb91ef708d4312242c51507de3f9a22b46c
Opcode Fuzzy Hash: ea9952aa76042f6bb8bf0c24e7f720ac5bbdeae056f448a7159cecdc353fe54a
Instruction Fuzzy Hash: 26518CB5A00219EFCB10CF59C894AAAB7F5FF89310B118559F909DB350E734E911CF90

Function 00AF8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00AF8BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00AF8BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00AF8C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00AF8C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00AF8C5F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 8fce00487294202627f0a07032dc8b1cbcd366f5bd6df60b73b2c268a792dd10
Instruction ID: 85b0b36b29dbc306cdd12570d54f391fd2b8a8f47cad396897cb45ecd2d8a32e
Opcode Fuzzy Hash: 8fce00487294202627f0a07032dc8b1cbcd366f5bd6df60b73b2c268a792dd10
Instruction Fuzzy Hash: 8A514C35A002199FCB05EF64C981E6DBBF5FF49314F088458E94AAB362DB35ED51CBA0

Function 00B08EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00B08F40
GetProcAddress.KERNEL32(00000000,?), ref: 00B08FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00B08FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00B09032
FreeLibrary.KERNEL32(00000000), ref: 00B09052

Part of subcall function 00A9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00AF1043,?,753CE610), ref: 00A9F6E6
Part of subcall function 00A9F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00ADFA64,00000000,00000000,?,?,00AF1043,?,753CE610,?,00ADFA64), ref: 00A9F70D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: a8ea8fbb1f1de1e226b2c96c3288f3f4a8cc030eede75cc9dd71c5bace279d27
Instruction ID: 462e5ac9dc48093d5ad9e7cd186fefb6bfc01131696cfe2d3ae22e2a6997c01f
Opcode Fuzzy Hash: a8ea8fbb1f1de1e226b2c96c3288f3f4a8cc030eede75cc9dd71c5bace279d27
Instruction Fuzzy Hash: 30513E35604205DFC715EF64C5948ADBFF1FF49314B0880A9E84AAB3A2DB31EE85CB91

Function 00B16B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00B16C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00B16C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00B16C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00AFAB79,00000000,00000000), ref: 00B16C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00B16CC7

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 733e076b760cbf200ced192820f32e513d17b1f33f62c3a4fc2a4e9753298a09
Instruction ID: e32fdaecfa1e3d0a2c549cc5c7590e1504b196778a0ff515192a2c72dafa1d9b
Opcode Fuzzy Hash: 733e076b760cbf200ced192820f32e513d17b1f33f62c3a4fc2a4e9753298a09
Instruction Fuzzy Hash: E241D435A04104AFD724CF28CC99FEA7FE5EB09350F9542A8F895A72E0D771AD81CA80

Function 00AB2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00AB20C3
_free.LIBCMT ref: 00AB20E3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 27eeac6136b17cc5f5c70c5f5d6cf43338e8c4f4cf0653c2be2b446e535ebb9a
Instruction ID: 0e0716294fe24a09a67ce261fa2431c79917d66b3a784acd8ae7a07252fd72d9
Opcode Fuzzy Hash: 27eeac6136b17cc5f5c70c5f5d6cf43338e8c4f4cf0653c2be2b446e535ebb9a
Instruction Fuzzy Hash: A941D372A00200AFCB24DF78C981B9DB7F9EF89714F15456AE515EB396DB31AD01CB80

Function 00A9912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00A99141
ScreenToClient.USER32(00000000,?), ref: 00A9915E
GetAsyncKeyState.USER32(00000001), ref: 00A99183
GetAsyncKeyState.USER32(00000002), ref: 00A9919D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: e237c95fe0b4c058997f1355cf9a760d3a666157be8a9d14a60a06210216e2f8
Instruction ID: 4836c946d6df03d26a5bb94cf34bf39c8524d3f578cda88aa508efb0cfaf3499
Opcode Fuzzy Hash: e237c95fe0b4c058997f1355cf9a760d3a666157be8a9d14a60a06210216e2f8
Instruction Fuzzy Hash: 90414F71A0851AFBDF199F68C844BEEB7B5FB05320F20831AF429A72E0D7305990CB91

Function 00AF3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00AF38CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00AF3922
TranslateMessage.USER32(?), ref: 00AF394B
DispatchMessageW.USER32(?), ref: 00AF3955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AF3966

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 89e302939c1342fa42bd672d286b904e558a0850f5a21c0ec907b47bfd5c07cb
Instruction ID: cb9eb31274cbb6fef1c34ba3b7246e09af8607833cc6378fe40ae862fd2fa509
Opcode Fuzzy Hash: 89e302939c1342fa42bd672d286b904e558a0850f5a21c0ec907b47bfd5c07cb
Instruction Fuzzy Hash: 71311E7250434A9EEF35CBB4D8A8BB63BE8DB15341F04459DF662C3190E7F49A85CB11

Function 00AFCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00AFCF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00AFC21E,00000000), ref: 00AFCFF2

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: cdf0d77c2a681c1a42108ee3a9cc5022bbf9aa4ba7a1aca7bf807cbc610a2ebc
Instruction ID: 5b709dfc957fbc4d7c34ab07e0da4f5fbbe16cb2c1fdc879a9204121187b1e71
Opcode Fuzzy Hash: cdf0d77c2a681c1a42108ee3a9cc5022bbf9aa4ba7a1aca7bf807cbc610a2ebc
Instruction Fuzzy Hash: 54314F7160430DAFDB20DFE6CA849BABBF9EB14364B10842EF616D3141DB30AE40DB60

Function 00AE1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00AE1915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00AE19C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00AE19C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00AE19DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00AE19E2

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 3971b212f5ec276a9e7a16d2f2a676acc1f8fa73716be0172895381254c3082b
Instruction ID: d789a68f0eed2b5f351014072024aef0e1938ef186b1bbfa7281cec5964bfa68
Opcode Fuzzy Hash: 3971b212f5ec276a9e7a16d2f2a676acc1f8fa73716be0172895381254c3082b
Instruction Fuzzy Hash: 9C31B471A00269EFCB04CFA9CD99ADE7BB5EB44315F108225F921A72D1C7709D54CB90

Function 00B15706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B15745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00B1579D
_wcslen.LIBCMT ref: 00B157AF
_wcslen.LIBCMT ref: 00B157BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00B15816

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: f6e49acb1a137e0454f8cf7509379a56cac75674a6f0afce038b436edcf33bce
Instruction ID: a97766e1fbfe3f1bad3007c4c7a7bfeb4663ad3fdcf1ba95977bcf69f3b52584
Opcode Fuzzy Hash: f6e49acb1a137e0454f8cf7509379a56cac75674a6f0afce038b436edcf33bce
Instruction Fuzzy Hash: EE218071904618DADB309F64CC85AEEBBB8EB85324F508296E929AB2C4D77099C5CF50

Function 00B00930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00B00951
GetForegroundWindow.USER32 ref: 00B00968
GetDC.USER32(00000000), ref: 00B009A4
GetPixel.GDI32(00000000,?,00000003), ref: 00B009B0
ReleaseDC.USER32(00000000,00000003), ref: 00B009E8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: f07b92292e6324ec8d8498fbea986a9a6684b01e2577853344dede085c937d50
Instruction ID: 6e8ea8a6a847f00cabeee0e35aa0d6dcf6991a29e057cc597bd81afae73b44c0
Opcode Fuzzy Hash: f07b92292e6324ec8d8498fbea986a9a6684b01e2577853344dede085c937d50
Instruction Fuzzy Hash: FF219075600204AFD704EF69D984AAEBBF9EF49700F04806CF94AE73A2CB70AD04CB50

Function 00ABCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00ABCDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ABCDE9

Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00ABCE0F
_free.LIBCMT ref: 00ABCE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ABCE31

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 6014825eea41aeb24d223e3f978a11d6aa36e864b36e6420e48e76078a166447
Instruction ID: 3eaa0d68974c7e756c7d314b79a04b5c5f0ff7f80a29480bdac3de7ffa9d2314
Opcode Fuzzy Hash: 6014825eea41aeb24d223e3f978a11d6aa36e864b36e6420e48e76078a166447
Instruction Fuzzy Hash: 4F018472601215BFA7211BB66C88DFB6E6DEEC6BB13154129F905DB202EE61CD0191B0

Function 00A99639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
SelectObject.GDI32(?,00000000), ref: 00A996A2
BeginPath.GDI32(?), ref: 00A996B9
SelectObject.GDI32(?,00000000), ref: 00A996E2

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: ac18532dc8eb660fdbf408b971bf60ff1929c6c276c7a5db71d9cf67f5f88f04
Instruction ID: 59adc968cde40dea268567ddd64219d2c079fabb4b2bc9ceafe1156b6de5d7a4
Opcode Fuzzy Hash: ac18532dc8eb660fdbf408b971bf60ff1929c6c276c7a5db71d9cf67f5f88f04
Instruction Fuzzy Hash: 4F217F70902305FBDF119F6CEC087EA3BB9BB11356F50465AF511A71A0DBB05892CBA4

Function 00AE5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00AE5726
_memcmp.LIBVCRUNTIME ref: 00AE5744
_memcmp.LIBVCRUNTIME ref: 00AE5757
_memcmp.LIBVCRUNTIME ref: 00AE576F
_memcmp.LIBVCRUNTIME ref: 00AE5787

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 377e10da8d06425eafaeddf0fa78b9be2ce0be3a80790b6c427b05b3fb55d81e
Instruction ID: a11453c039b6fbb4b989f382362dada0e7f7fd78b213e447bcc2e93a89c2377d
Opcode Fuzzy Hash: 377e10da8d06425eafaeddf0fa78b9be2ce0be3a80790b6c427b05b3fb55d81e
Instruction Fuzzy Hash: 88019671A45645FA96089622AE52FFB739CDB21398F404420FD04AF281F761ED60C2F0

Function 00A9990C Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00A998CC
SetTextColor.GDI32(?,?), ref: 00A998D6
SetBkMode.GDI32(?,00000001), ref: 00A998E9
GetStockObject.GDI32(00000005), ref: 00A998F1
GetWindowLongW.USER32(?,000000EB), ref: 00A99952

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: 6358800a50537e99923de9cfcb0af1dfaf62842f354182060d461b4106a7d4ea
Instruction ID: 11c7452de585697ac1dca59cbe677ca6e47f5e589b730769b18a0f3ec656a5cf
Opcode Fuzzy Hash: 6358800a50537e99923de9cfcb0af1dfaf62842f354182060d461b4106a7d4ea
Instruction Fuzzy Hash: 79110632286250BFCF224F69EC59AEA3FA4EB13321B08815DF5929B1B1DA310851CB51

Function 00AB2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00AAF2DE,00AB3863,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6), ref: 00AB2DFD
_free.LIBCMT ref: 00AB2E32
_free.LIBCMT ref: 00AB2E59
SetLastError.KERNEL32(00000000,00A81129), ref: 00AB2E66
SetLastError.KERNEL32(00000000,00A81129), ref: 00AB2E6F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 787991e857f8ca1b2660bc6d28eaaea9e216a3864a12fa37e449647718f08da9
Instruction ID: 35894d302398b84493de645329ef39f3fd855a18afdc696d5bf4970ff4919902
Opcode Fuzzy Hash: 787991e857f8ca1b2660bc6d28eaaea9e216a3864a12fa37e449647718f08da9
Instruction Fuzzy Hash: 3F01F4362456006BCA1327366D45FEB2E7DBBD67A1B24442AF825A31D3EE34CC014320

Function 00AE000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?,?,00AE035E), ref: 00AE002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?), ref: 00AE0064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00ADFF41,80070057,?,?), ref: 00AE0070

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 0d11e1540472c3dd245ccb32b05ac71a8fbee63e164217a040798684927339b7
Instruction ID: f20db1bef8667e29c516852707c903b8e5389cbb580180434945a47bf55ecc38
Opcode Fuzzy Hash: 0d11e1540472c3dd245ccb32b05ac71a8fbee63e164217a040798684927339b7
Instruction Fuzzy Hash: 6C018B72640204BFDB109F6AEC44FAA7EADEB44792F148124F905D3210EBB1DD808BA0

Function 00AEE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00AEE997
QueryPerformanceFrequency.KERNEL32(?), ref: 00AEE9A5
Sleep.KERNEL32(00000000), ref: 00AEE9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00AEE9B7
Sleep.KERNEL32 ref: 00AEE9F3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: c6bb8ba3378e481de85ac1c9ac6fb43325b1935ed0103866f977cf493c5576e4
Instruction ID: 9978ca1550389634ed1fad4e8d9a2865eb5022575d19cfd641aa41f5d464bff0
Opcode Fuzzy Hash: c6bb8ba3378e481de85ac1c9ac6fb43325b1935ed0103866f977cf493c5576e4
Instruction Fuzzy Hash: 8B015731C41629EBCF00EBE6DC49AEDFBB8FB08700F404546E502B2242CF309660CBA1

Function 00AE10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE1114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00AE0B9B,?,?,?), ref: 00AE1136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE114D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 3147ee3ac9c5c2bd7422c81bc6e132186575f61bd5756130fcd68f37b67b3ff5
Instruction ID: 2bbc37d7a0953b9ec9a16f757ebf9183139287088e0b232f8f45a324179e90bd
Opcode Fuzzy Hash: 3147ee3ac9c5c2bd7422c81bc6e132186575f61bd5756130fcd68f37b67b3ff5
Instruction Fuzzy Hash: 88018C79240315BFDB125FA5DC49EAA3F6EEF8A3A4B608418FA41D3360DF71DC108A60

Function 00AE0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AE0FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AE0FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AE0FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AE0FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AE1002

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: b64adef362e4bab5f3eaab3a91ced02045238b115df6a276cce20604c8ea956a
Instruction ID: 0599f8858e6bd5347f3068577427488947c367306394a18f483f199cae4ca098
Opcode Fuzzy Hash: b64adef362e4bab5f3eaab3a91ced02045238b115df6a276cce20604c8ea956a
Instruction Fuzzy Hash: D6F04F39180351BBD7214FA59C4DF963F6EEF89761F518414FA46D7291CE70DC508A60

Function 00AE1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AE102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1062

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 4aeb1997a1a636d2aff7b484af1c9da893cedb78fa7d61cc77091d96370af5f9
Instruction ID: 564541ce1ac2ac51411ab834aa1f08228160ff6cabc7d4de2e99bc39917d3ad9
Opcode Fuzzy Hash: 4aeb1997a1a636d2aff7b484af1c9da893cedb78fa7d61cc77091d96370af5f9
Instruction Fuzzy Hash: 74F0CD39280311FBDB211FA5EC4CF963FAEEF89761FA14424FA05D7250CE30D8408A60

Function 00AF030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0324
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0331
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF033E
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF034B
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0358
CloseHandle.KERNEL32(?,?,?,?,00AF017D,?,00AF32FC,?,00000001,00AC2592,?), ref: 00AF0365

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d9593229e84e15a2f6edf8c374911def4f3f5a89c2381d8640e0f97a7bda893b
Instruction ID: f3962c675dcbc38231aef31e14269b8b59f208155ebec106a536f0771987399d
Opcode Fuzzy Hash: d9593229e84e15a2f6edf8c374911def4f3f5a89c2381d8640e0f97a7bda893b
Instruction Fuzzy Hash: 5A01A272800B199FC7309FA6D880822FBF5BF503153158A3FE29652932C771A954CF80

Function 00ABD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00ABD752

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00ABD764
_free.LIBCMT ref: 00ABD776
_free.LIBCMT ref: 00ABD788
_free.LIBCMT ref: 00ABD79A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 18c80108d629e7fe1d5309067675945611ef12208ee26f28c49dbf5c0bbc2e88
Instruction ID: 20f656032480a47cf80a2ef982af7c4d2efd118698702652951830a41b47ff0f
Opcode Fuzzy Hash: 18c80108d629e7fe1d5309067675945611ef12208ee26f28c49dbf5c0bbc2e88
Instruction Fuzzy Hash: 86F0F936545208BB8665EB68FAC6DDA7BDDBB85B10BA40C06F048E7503DF20FC808B64

Function 00AE5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00AE5C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00AE5C6F
MessageBeep.USER32(00000000), ref: 00AE5C87
KillTimer.USER32(?,0000040A), ref: 00AE5CA3
EndDialog.USER32(?,00000001), ref: 00AE5CBD

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 3be428d2854df06d5dda760e51af0f9d5f936e609a7603b1b762336383a5293e
Instruction ID: 35eb5401d913a36790158649032d779e4bf98ea1cbba9c16deb413e846fb6748
Opcode Fuzzy Hash: 3be428d2854df06d5dda760e51af0f9d5f936e609a7603b1b762336383a5293e
Instruction Fuzzy Hash: 1D018630940B44ABEB245B21ED5EFE67BB8BF44B09F505559A583A20E1DBF0A984CB90

Function 00AB22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00AB22BE

Part of subcall function 00AB29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000), ref: 00AB29DE
Part of subcall function 00AB29C8: GetLastError.KERNEL32(00000000,?,00ABD7D1,00000000,00000000,00000000,00000000,?,00ABD7F8,00000000,00000007,00000000,?,00ABDBF5,00000000,00000000), ref: 00AB29F0

_free.LIBCMT ref: 00AB22D0
_free.LIBCMT ref: 00AB22E3
_free.LIBCMT ref: 00AB22F4
_free.LIBCMT ref: 00AB2305

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8ff7de0e92afed6589cb73576f91dd91daa362b7576854a7c87f63cb4a56c767
Instruction ID: b7c7aaae89790982571653bfa834a917163902f45d34f81bec36f163914356ea
Opcode Fuzzy Hash: 8ff7de0e92afed6589cb73576f91dd91daa362b7576854a7c87f63cb4a56c767
Instruction Fuzzy Hash: F3F0D075411310AB8652BF58BD01B983F69B76DB52B050E87F418D7272CF310551ABA5

Function 00A995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00A995D4
StrokeAndFillPath.GDI32(?,?,00AD71F7,00000000,?,?,?), ref: 00A995F0
SelectObject.GDI32(?,00000000), ref: 00A99603
DeleteObject.GDI32 ref: 00A99616
StrokePath.GDI32(?), ref: 00A99631

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: de202c6e1d781feaa2e184da267d79593bac477b83590b1b0779b204224063ee
Instruction ID: b5e9c7c09017a837f53f73ce343db84a60272f37f7cd810b4bb4348146307445
Opcode Fuzzy Hash: de202c6e1d781feaa2e184da267d79593bac477b83590b1b0779b204224063ee
Instruction Fuzzy Hash: 91F0F630145304EBDB125F6DED1C7AA3FA1AB05322F448658E565960F1CF3089A6DF64

Function 00AB0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00AB10F9
__freea.LIBCMT ref: 00AB1117

Part of subcall function 00AB1537: _free.LIBCMT ref: 00AB154F

Strings

am/pm, xrefs: 00AB117A
a/p, xrefs: 00AB11DE

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 7bf1b06f2f6966e2bc6ed0fab9c062e2b45689bd28c5047deb3cca05287d77cf
Instruction ID: e4034135509b6f9786048d5b00188adbf8412ca66a444d5ddcace7d1e96a6233
Opcode Fuzzy Hash: 7bf1b06f2f6966e2bc6ed0fab9c062e2b45689bd28c5047deb3cca05287d77cf
Instruction Fuzzy Hash: A2D1E431900205DADB649F68C865BFEB7F9FF05300FA84269E5019F653E7759D80CB91

Function 00B07B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00AA0242: EnterCriticalSection.KERNEL32(00B5070C,00B51884,?,?,00A9198B,00B52518,?,?,?,00A812F9,00000000), ref: 00AA024D
Part of subcall function 00AA0242: LeaveCriticalSection.KERNEL32(00B5070C,?,00A9198B,00B52518,?,?,?,00A812F9,00000000), ref: 00AA028A

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AA00A3: __onexit.LIBCMT ref: 00AA00A9

__Init_thread_footer.LIBCMT ref: 00B07BFB

Part of subcall function 00AA01F8: EnterCriticalSection.KERNEL32(00B5070C,?,?,00A98747,00B52514), ref: 00AA0202
Part of subcall function 00AA01F8: LeaveCriticalSection.KERNEL32(00B5070C,?,00A98747,00B52514), ref: 00AA0235

Strings

5, xrefs: 00B07C78
G, xrefs: 00B07C7F
Variable must be of type 'Object'., xrefs: 00B07C3A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: ee5286182314c2ddd6b9568eec545c1305e118f89f3bd277969a4c88818d106a
Instruction ID: 1bc5020ea696218fdb24db6883e53b68234fb66ecc0808c30185cabd7b6b1ea4
Opcode Fuzzy Hash: ee5286182314c2ddd6b9568eec545c1305e118f89f3bd277969a4c88818d106a
Instruction Fuzzy Hash: B1919BB0A44209AFDB14EF94D9909AEBBF1FF45300F148199F8069B291DB71AE45CB91

Function 00AE2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AE21D0,?,?,00000034,00000800,?,00000034), ref: 00AEB42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00AE2760

Part of subcall function 00AEB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AE21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00AEB3F8

Part of subcall function 00AEB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00AEB355
Part of subcall function 00AEB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00AE2194,00000034,?,?,00001004,00000000,00000000), ref: 00AEB365
Part of subcall function 00AEB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00AE2194,00000034,?,?,00001004,00000000,00000000), ref: 00AEB37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AE27CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AE281A

Strings

@, xrefs: 00AE2832

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: ca7d2252fdd29c0735d04e8f9d1d248e7a5134b1c29d3a57dd5e633ce5d09dc6
Instruction ID: 5bf0e9eeb71c61454d5ed0347c20b5523b7bc21362d68c2290c67235c525883f
Opcode Fuzzy Hash: ca7d2252fdd29c0735d04e8f9d1d248e7a5134b1c29d3a57dd5e633ce5d09dc6
Instruction Fuzzy Hash: 92412C72900218AFDB10DFA5CD46BEEBBB8EF09700F108095FA55B7181DB706E45CBA1

Function 00AB172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00AB1769
_free.LIBCMT ref: 00AB1834
_free.LIBCMT ref: 00AB183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00AB1760, 00AB1767, 00AB1796, 00AB17CE

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: 1afdc9d994c085854c8444e96d12148a2686b6ed4991b84952c65adf0598e0db
Instruction ID: 572627929f8a7f4d4da0b61099c63c3f7207513984cc4ba181db879b6bd95fc2
Opcode Fuzzy Hash: 1afdc9d994c085854c8444e96d12148a2686b6ed4991b84952c65adf0598e0db
Instruction Fuzzy Hash: 1E316D71A40258AFDB21DF999995EDEBBFCEB85310F9441A6F804D7212DA708E80CB90

Function 00AEC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00AEC306
DeleteMenu.USER32(?,00000007,00000000), ref: 00AEC34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00B51990,00C45E30), ref: 00AEC395

Strings

0, xrefs: 00AEC2DF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: dbc3dc96af4dcaab8a7965aa3b344d003ae26940c094baaab35a6797f5c856cc
Instruction ID: a77b9f7111cf031f37d61865d5dfa5127be0c1312d5f41c4037338b5286eb6b5
Opcode Fuzzy Hash: dbc3dc96af4dcaab8a7965aa3b344d003ae26940c094baaab35a6797f5c856cc
Instruction Fuzzy Hash: 6B4191712043829FD724DF26D885F5AFBE8AF85320F14861DF9A59B2D2D730E905CB62

Function 00B14416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B1CC08,00000000,?,?,?,?), ref: 00B144AA
GetWindowLongW.USER32 ref: 00B144C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B144D7

Strings

SysTreeView32, xrefs: 00B1447C

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 51aa60eca69fdbe60b021d3f57c38c2c4945bdf8c4ffd53c01b2fddfbbbcfbac
Instruction ID: 44f242a32ee8d0e22b552f9a6c6be3451fa650e9a7a828fb41cd85ecda9dae71
Opcode Fuzzy Hash: 51aa60eca69fdbe60b021d3f57c38c2c4945bdf8c4ffd53c01b2fddfbbbcfbac
Instruction Fuzzy Hash: 58317C71250205ABDB209E38DC45BEA7BE9EB18324F608755F979932E0DB70AC909B50

Function 00B0304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B0335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00B03077,?,?), ref: 00B03378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B0307A
_wcslen.LIBCMT ref: 00B0309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00B03106

Strings

255.255.255.255, xrefs: 00B03095, 00B0309A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 04f91f8924de47d29e179b19293d36fc3a821e45801c64ce38f868b0dea1e897
Instruction ID: e40f5f661f350d4fd51d0ccb3644e9b235ed9f1d6b0945cd9094bba93f40cc3c
Opcode Fuzzy Hash: 04f91f8924de47d29e179b19293d36fc3a821e45801c64ce38f868b0dea1e897
Instruction Fuzzy Hash: ED31C4352002059FC710CF28C5C9FAABBE8EF54714F288099E8159B3D2DB72DE45C761

Function 00B13EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00B13F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00B13F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00B13F78

Strings

SysMonthCal32, xrefs: 00B13F0B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 3d3cb17fc51caa721973bc06375b6be3224704b9e2e288b4f2dba7329aefed1b
Instruction ID: 1daa0874d5ac77f5e9d657999ec622ff43715d739d6257b9b142316557688d2f
Opcode Fuzzy Hash: 3d3cb17fc51caa721973bc06375b6be3224704b9e2e288b4f2dba7329aefed1b
Instruction Fuzzy Hash: F721BF32640219BFDF218F54CC86FEA3BB9EB48714F110254FA157B1D0DAB1A991CB90

Function 00B14653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B14705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B14713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B1471A

Strings

msctls_updown32, xrefs: 00B14684

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 498bf55fe75f71717402195efd37039113af744455116bf1d4c42c9d3b84bb06
Instruction ID: 239a2e4aa15faedb6d7430cda1cf2dba060e17c543c7b8ddbe46fb20c63c92c6
Opcode Fuzzy Hash: 498bf55fe75f71717402195efd37039113af744455116bf1d4c42c9d3b84bb06
Instruction Fuzzy Hash: 6D2130B5600209AFEB11DF68DCC1DA737EDEB5A7A4B540499FA009B291CB71EC51CB60

Function 00AE95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00AE961D

Strings

#requireadmin, xrefs: 00AE95D9
#notrayicon, xrefs: 00AE95B7
#OnAutoItStartRegister, xrefs: 00AE95F3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 4b9d9da0150c9744faacef0cd11f62905f17f08c1f2ff45d56240f1bc0957860
Instruction ID: 0a11f6d79302de643d296d36d6927ab008341e42472fa58e6954daee4d474c90
Opcode Fuzzy Hash: 4b9d9da0150c9744faacef0cd11f62905f17f08c1f2ff45d56240f1bc0957860
Instruction Fuzzy Hash: F5215772204791A6D731BB269D02FBBB3E89F91300F60442AF94997081EB95ED85C3A5

Function 00B137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B13840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B13850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B13876

Strings

Listbox, xrefs: 00B1380F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: ac895b39d2a53753877b5ef28811454bd14f5a07b5f2bca876406ebf754b425d
Instruction ID: 80757cc722409ec062b4cabc88a1c84a2143462fe1a9365187eea6da09cb1b23
Opcode Fuzzy Hash: ac895b39d2a53753877b5ef28811454bd14f5a07b5f2bca876406ebf754b425d
Instruction Fuzzy Hash: F321AC72600218BBEF218F54CC81FEB3BEEEF89B50F508164F9009B190DA719C9287A0

Function 00AF49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AF4A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00AF4A5C
SetErrorMode.KERNEL32(00000000,?,?,00B1CC08), ref: 00AF4AD0

Strings

%lu, xrefs: 00AF4A6F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 2048e27342b9b4796913cb25efd91d21077720e1547bebc80bbabda65d2e5660
Instruction ID: 3b607f0b0b279553a4e2d8874e1bf37e2ccfc11ebf271021d8b29a095b762fca
Opcode Fuzzy Hash: 2048e27342b9b4796913cb25efd91d21077720e1547bebc80bbabda65d2e5660
Instruction Fuzzy Hash: 09312375A40109AFDB10EF54C985EAA7BF8EF09308F148099F509DB252DB71ED45CBA1

Function 00B141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B1424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B14264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B14271

Strings

msctls_trackbar32, xrefs: 00B14226

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: c7820a4f6b46011e5e969d9265e9be110c87da91633ce427f273d9c06323f389
Instruction ID: 0b01477a86a320ca22bf44b4dae4edaea86c8a86b8379dbd8754208dd15bf91e
Opcode Fuzzy Hash: c7820a4f6b46011e5e969d9265e9be110c87da91633ce427f273d9c06323f389
Instruction Fuzzy Hash: 7F11CE31290208BEEF205E28CC06FEB3BECEB95B64F114524FA55E60A0D671DCA19B60

Function 00AE2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A86B57: _wcslen.LIBCMT ref: 00A86B6A

Part of subcall function 00AE2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00AE2DC5
Part of subcall function 00AE2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE2DD6
Part of subcall function 00AE2DA7: GetCurrentThreadId.KERNEL32 ref: 00AE2DDD
Part of subcall function 00AE2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AE2DE4

GetFocus.USER32 ref: 00AE2F78

Part of subcall function 00AE2DEE: GetParent.USER32(00000000), ref: 00AE2DF9

GetClassNameW.USER32(?,?,00000100), ref: 00AE2FC3
EnumChildWindows.USER32(?,00AE303B), ref: 00AE2FEB

Strings

%s%d, xrefs: 00AE2FFF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 97401648eb29ba1abb402a51c7226c1b1da4f4d402c9321214c549b27bc14bcf
Instruction ID: efc6d72d272da244775d9d9215a0d75c7888983d80aa7422ca570cef7e8a4bf9
Opcode Fuzzy Hash: 97401648eb29ba1abb402a51c7226c1b1da4f4d402c9321214c549b27bc14bcf
Instruction Fuzzy Hash: 1611B4756002456BDF147F758DC9FEE37AAAF94314F048075FA099B152DE309A458B60

Function 00B15882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B158C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B158EE
DrawMenuBar.USER32(?), ref: 00B158FD

Strings

0, xrefs: 00B1588F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 511717c657431dbff78b6d1e93383a2f7ab99f7fc2a3567800ac474a280c18d6
Instruction ID: 046e64ad28a38bc30aadede0fcce2de28980be1b8d52025721961c323494180f
Opcode Fuzzy Hash: 511717c657431dbff78b6d1e93383a2f7ab99f7fc2a3567800ac474a280c18d6
Instruction Fuzzy Hash: 5B015B31600218EFDB219F11DC85BEEBBB9FB85360F5080A9E849D6251DB308A84DF21

Function 00AE007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0051a6ffd701ccdb0d8792e8e576e7049d2213f790995b51572fdc369250294
Instruction ID: dfa12a2a89c6d37102d49b105bc21cd143ea9de57d89c873192da0f136634068
Opcode Fuzzy Hash: e0051a6ffd701ccdb0d8792e8e576e7049d2213f790995b51572fdc369250294
Instruction Fuzzy Hash: 9FC14875A0024AAFCB14CFA9C894EAEB7B5FF48304F218598E505EF251D771EE81DB90

Function 00AB3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00AB3F0B
__alldvrm.LIBCMT ref: 00AB410C
__alldvrm.LIBCMT ref: 00AB412E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 3d6c98627804c329d5ec1f2aed55f3a2956d35f265b81b4dec48013c2291fb28
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: C2A11772E003869FEB15DF28C8917FABBF9EF6A350F14426DE5959B283C2388941C750

Function 00B0342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00B03459
CoUninitialize.OLE32 ref: 00B03463
VariantInit.OLEAUT32(?), ref: 00B0346E
VariantClear.OLEAUT32(?), ref: 00B0371B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 2eb5b93b5be3dc53679a8770480fd4be470ec536072e67bebdd4414821224e25
Instruction ID: bdcabf6bbb7c368e807613c973552bbd64aac075157f06bda63c00c7e5fb02fe
Opcode Fuzzy Hash: 2eb5b93b5be3dc53679a8770480fd4be470ec536072e67bebdd4414821224e25
Instruction Fuzzy Hash: 6FA13F756043009FC714EF28C585A2EBBE9FF88714F148899F99A9B3A2DB31ED05CB51

Function 00AE0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE05F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE0608
CLSIDFromProgID.OLE32(?,?,00000000,00B1CC40,000000FF,?,00000000,00000800,00000000,?,00B1FC08,?), ref: 00AE062D
_memcmp.LIBVCRUNTIME ref: 00AE064E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: c110d143f78d168531444312f48d7a33d9c3653483257f419ed1632c68c9be90
Instruction ID: 59a3fde26617507f2eeb5e8e5a027645a068ab680247ba57fe7d6e2b604dcbdc
Opcode Fuzzy Hash: c110d143f78d168531444312f48d7a33d9c3653483257f419ed1632c68c9be90
Instruction Fuzzy Hash: AE811B71A00109EFCB04DF95C984EEEB7B9FF89315F208598E516AB250DB71AE46CF60

Function 00AC1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00AC14C0

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 3189e001a86a630f3f5a0c0df8f4c6591796c7368d0b36f894f8995dc50192db
Instruction ID: 7a6cb4d290ab3c359244fecce8d3914ba924e65367c814c7b7814af62eb2cf05
Opcode Fuzzy Hash: 3189e001a86a630f3f5a0c0df8f4c6591796c7368d0b36f894f8995dc50192db
Instruction Fuzzy Hash: 26412B75B00500ABDB296BF98E45FFE3AA9EF43370F16462DF419D7293E73448415261

Function 00B16278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00B162E2
ScreenToClient.USER32(?,?), ref: 00B16315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00B16382

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 84f78ea3ed68394db6ce4601be8e84092659de1787d082b18d77b387e4e20329
Instruction ID: 02d9bb15993257b216982d689c1f4f18d5fce2879ec0b66276d4357bd66456af
Opcode Fuzzy Hash: 84f78ea3ed68394db6ce4601be8e84092659de1787d082b18d77b387e4e20329
Instruction Fuzzy Hash: E4510A74A00209EFDB14DF68D980AEE7BF5EB45360F5085A9F8259B290DB70ED81CB90

Function 00B01AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00B01AFD
WSAGetLastError.WSOCK32 ref: 00B01B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B01B8A
WSAGetLastError.WSOCK32 ref: 00B01B94

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: f7c9238930ad61d36ead07b064793d5cde1c7fff05bab8acf3bd9ed667f8d9bd
Instruction ID: 7ce4c115fbeeddc879471a7638306e1573c42455ed6bcee579dccb6d26265317
Opcode Fuzzy Hash: f7c9238930ad61d36ead07b064793d5cde1c7fff05bab8acf3bd9ed667f8d9bd
Instruction Fuzzy Hash: 8F41A034640200AFE724AF24C986F697BE5EB44718F54C498FA1A9F7D2D772DD418B90

Function 00ABB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f034f40f7dc4ed038bd624d78a31cb885113cc0817b04253a5712e5b681e413
Instruction ID: 03d99683938e3ae80aa54c49b9e01be04bffa54306d26d7d183028b0d9fd28dd
Opcode Fuzzy Hash: 1f034f40f7dc4ed038bd624d78a31cb885113cc0817b04253a5712e5b681e413
Instruction Fuzzy Hash: D441F771A10704AFD7249F78CD41BEABBEDEB89710F10862EF156DB283D7B1994187A0

Function 00AF56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00AF5783
GetLastError.KERNEL32(?,00000000), ref: 00AF57A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00AF57CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00AF57FA

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 62055b8c2a6b1be29b1c3f52483061b644ca4990450da27e457380c3e7c93ce5
Instruction ID: 0078210baf9718f1a0def4a1369c98950d4ce570610a233f0b35da1128776dc6
Opcode Fuzzy Hash: 62055b8c2a6b1be29b1c3f52483061b644ca4990450da27e457380c3e7c93ce5
Instruction Fuzzy Hash: AC412C35600610DFCB15EF55C544A5DBBE1AF49720B18C888E95A5B362CB30FD40CB91

Function 00ABD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00AA6D71,00000000,00000000,00AA82D9,?,00AA82D9,?,00000001,00AA6D71,8BE85006,00000001,00AA82D9,00AA82D9), ref: 00ABD910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ABD999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00ABD9AB
__freea.LIBCMT ref: 00ABD9B4

Part of subcall function 00AB3820: RtlAllocateHeap.NTDLL(00000000,?,00B51444,?,00A9FDF5,?,?,00A8A976,00000010,00B51440,00A813FC,?,00A813C6,?,00A81129), ref: 00AB3852

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: a6b8f3ed7c547935e78faf7eb58da2931c04f026c1305df016a9ca446ab76c4c
Instruction ID: 848f9a95a4ee5198f7e16b12227cef35be603173b7e6d5f7dd8701b95e046ff2
Opcode Fuzzy Hash: a6b8f3ed7c547935e78faf7eb58da2931c04f026c1305df016a9ca446ab76c4c
Instruction Fuzzy Hash: 9431BC72A0020AABDF249F64DC41EEE7BA9EB41710F154268FC04D7292EB36CD50CBA0

Function 00B152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00B15352
GetWindowLongW.USER32(?,000000F0), ref: 00B15375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B15382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B153A8

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: f638550ef3d39fe2c2482048902e994f99ccdd7937ce8c8e5a5f5ce4fd2b213a
Instruction ID: 30447c887dbc950920c002c5c8517420af647d544b993bb995aa25595780482d
Opcode Fuzzy Hash: f638550ef3d39fe2c2482048902e994f99ccdd7937ce8c8e5a5f5ce4fd2b213a
Instruction Fuzzy Hash: 4231C634A55A0CEFEB349E14EC45BE837E5EB85390FD44182FA22971E1C7B09DC0AB49

Function 00AEAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00AEABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00AEAC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00AEAC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00AEACC6

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 074fd6b7ecff42f864e17cb8d1103f05cac38f80aa425a1294c9049b23548b94
Instruction ID: 431399e90c4e3fc0ba18830e5eed54065d647db6c11c810a0098c6bbef7faf5b
Opcode Fuzzy Hash: 074fd6b7ecff42f864e17cb8d1103f05cac38f80aa425a1294c9049b23548b94
Instruction Fuzzy Hash: 02310730A407986FEF35CBA68C057FE7BB5ABE9310F28831AE485931D1C375A9858753

Function 00B17674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00B1769A
GetWindowRect.USER32(?,?), ref: 00B17710
PtInRect.USER32(?,?,00B18B89), ref: 00B17720
MessageBeep.USER32(00000000), ref: 00B1778C

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: f4c277ba797cd8294015431adffaa5d04caf088dde41e56f9630dbf087cb9ef1
Instruction ID: aa768605f9d3ace40fb2d1a48a6e977063e0f39faef666e6a8a9304286d65367
Opcode Fuzzy Hash: f4c277ba797cd8294015431adffaa5d04caf088dde41e56f9630dbf087cb9ef1
Instruction Fuzzy Hash: 00415C74645214DFCB12CF58C894FE9BBF5FB49315F9581E8E4249B2A1CB30AD82CB90

Function 00B116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00B116EB

Part of subcall function 00AE3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE3A57
Part of subcall function 00AE3A3D: GetCurrentThreadId.KERNEL32 ref: 00AE3A5E
Part of subcall function 00AE3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00AE25B3), ref: 00AE3A65

GetCaretPos.USER32(?), ref: 00B116FF
ClientToScreen.USER32(00000000,?), ref: 00B1174C
GetForegroundWindow.USER32 ref: 00B11752

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 22d285651f354046bb8acbee78ee73d68763d9f413df2702cf9bfd5f418500ee
Instruction ID: fe2998b1408d215ccf8b39ec7f13314db4f6090f6b29ad75e9ec2570412a37b4
Opcode Fuzzy Hash: 22d285651f354046bb8acbee78ee73d68763d9f413df2702cf9bfd5f418500ee
Instruction Fuzzy Hash: 95314FB1D00249AFDB00EFA9C985CEEBBF9EF48304B5080A9E515E7251DB31DE45CBA1

Function 00AEDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

_wcslen.LIBCMT ref: 00AEDFCB
_wcslen.LIBCMT ref: 00AEDFE2
_wcslen.LIBCMT ref: 00AEE00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00AEE018

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: caa1c7e82452121b3cd06defdf08cfbff9756a705ade36604108f0d002aeed76
Instruction ID: 1aa2b32dcfb2eb96864cf138d7928c7be2ba0669b1b2f5e431d9c60f125b631c
Opcode Fuzzy Hash: caa1c7e82452121b3cd06defdf08cfbff9756a705ade36604108f0d002aeed76
Instruction Fuzzy Hash: DC219571940214EFCB10EFA9DA81BAEB7F8EF8A750F144065F805BB285D7709E41CBA1

Function 00AED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00AED501
Process32FirstW.KERNEL32(00000000,?), ref: 00AED50F
Process32NextW.KERNEL32(00000000,?), ref: 00AED52F
CloseHandle.KERNEL32(00000000), ref: 00AED5DC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 04286c35aee12d17553033f64fb6c3feaae8c29f7aa72a631696002ca8d9d7bd
Instruction ID: debf30f4b40d667d9fcafc999303fabec5d79a929a5b28caddced2258c6a4f65
Opcode Fuzzy Hash: 04286c35aee12d17553033f64fb6c3feaae8c29f7aa72a631696002ca8d9d7bd
Instruction Fuzzy Hash: E131AB71108340AFD300EF64C985ABFBBF8EF99354F54092DF585971A1EB719A48CBA2

Function 00B18FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

GetCursorPos.USER32(?), ref: 00B19001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00AD7711,?,?,?,?,?), ref: 00B19016
GetCursorPos.USER32(?), ref: 00B1905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00AD7711,?,?,?), ref: 00B19094

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 1c71b671e93c4cef063449697ea06dc9a3c663114ca004df00f61f9d368b4790
Instruction ID: 8257312b48e8a22c385b67a91147fa22e0e1ec8f93ae8f1f205b40177bbca1cd
Opcode Fuzzy Hash: 1c71b671e93c4cef063449697ea06dc9a3c663114ca004df00f61f9d368b4790
Instruction Fuzzy Hash: 5D219F35600158EFCB25CF98CC69FEA7BF9EB49361F9440A9F90547261C7319D90DB60

Function 00AED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00B1CB68), ref: 00AED2FB
GetLastError.KERNEL32 ref: 00AED30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00AED319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B1CB68), ref: 00AED376

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: a8e85f408d67f3f42803662d087c0a040f2c94f90ceba1a413b198f01a7f5cff
Instruction ID: a286d5f5618841d99346c8e3eaea8ebcf66f8391cbca1c610bd319b7fd01a2b5
Opcode Fuzzy Hash: a8e85f408d67f3f42803662d087c0a040f2c94f90ceba1a413b198f01a7f5cff
Instruction Fuzzy Hash: 2321B2745083429F8710EF29C9818AFBBE4EE5A324F504A1DF499DB2E1DB30D945CB93

Function 00AE1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AE102A
Part of subcall function 00AE1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1036
Part of subcall function 00AE1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1045
Part of subcall function 00AE1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE104C
Part of subcall function 00AE1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE1062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00AE15BE
_memcmp.LIBVCRUNTIME ref: 00AE15E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00AE1617
HeapFree.KERNEL32(00000000), ref: 00AE161E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: e90cc562b945d52d2a1a2918d5caaf9c93c5eeaf7263fb0cf13c2d95be007bd5
Instruction ID: b41f2110c9f47ef8485a03d9e48d6862dbb7cbffffe2ca4195aa633f5abc11f6
Opcode Fuzzy Hash: e90cc562b945d52d2a1a2918d5caaf9c93c5eeaf7263fb0cf13c2d95be007bd5
Instruction Fuzzy Hash: 27218E71E40219EFDF10DFA6C949BEEB7B8EF44354F188459E445AB241E731AE05CBA0

Function 00B12782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00B1280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B12824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B12832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00B12840

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 6dd1b5398585125dce17fe33f5732a68557a5a5360d2f53c64b3f527972406a2
Instruction ID: e96ddc2b66a01df7f8c6ff5e9b9c1bee5d8285b886ab23315a6a812cd68f065d
Opcode Fuzzy Hash: 6dd1b5398585125dce17fe33f5732a68557a5a5360d2f53c64b3f527972406a2
Instruction Fuzzy Hash: CA21B031205511AFD7149B24D845FEA7B96EF86324F548198F826CB6E2CB71FC92CBD0

Function 00AE78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00AE790A,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?), ref: 00AE8D8C
Part of subcall function 00AE8D7D: lstrcpyW.KERNEL32(00000000,?,?,00AE790A,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE8DB2
Part of subcall function 00AE8D7D: lstrcmpiW.KERNEL32(00000000,?,00AE790A,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?), ref: 00AE8DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE7923
lstrcpyW.KERNEL32(00000000,?,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE7949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00AE8754,00000000,?,0000001C,?,?,00000000), ref: 00AE7984

Strings

cdecl, xrefs: 00AE797B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 2475662a4a8eb7679978a5d19ea1db34ab53cdd543f0cf0b2c845b08872b0dda
Instruction ID: 7aa42df7300fdfca5fdd56fbf71b466edbc2bf60f84d5fec1028422d81d58ff4
Opcode Fuzzy Hash: 2475662a4a8eb7679978a5d19ea1db34ab53cdd543f0cf0b2c845b08872b0dda
Instruction Fuzzy Hash: 8611D33A200382AFCB159F36DC45E7A77E9FF85750B50802AF946C72A5EF319811D7A1

Function 00B17CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00B17D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00B17D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B17D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00AFB7AD,00000000), ref: 00B17D6B

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: 35124e5a348ab933d3758287120625fad6ef116b5deaef6c20757f4c862fee83
Instruction ID: a2af15a61b500a88f66be275ba0ce47d3d8d5ee949e6583356e55ce1c3fd7829
Opcode Fuzzy Hash: 35124e5a348ab933d3758287120625fad6ef116b5deaef6c20757f4c862fee83
Instruction Fuzzy Hash: 7311AE71284618AFCB108F28DC04AE63BE5EF45364B5187A4F835C72E0DB3089A1CB80

Function 00B15660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00B156BB
_wcslen.LIBCMT ref: 00B156CD
_wcslen.LIBCMT ref: 00B156D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00B15816

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: b6b3440077730e70a61baa3fb3169d8ca1d964c2be5be6619249ab367649466a
Instruction ID: ff6d657b61007254bb3865baeb91a2b5a2cc3c7ad277c5d632a060197f0b8959
Opcode Fuzzy Hash: b6b3440077730e70a61baa3fb3169d8ca1d964c2be5be6619249ab367649466a
Instruction Fuzzy Hash: 6D11E131600608DADB309F65CCC1AEE77ECEF95364B9040A6F915D7185EB708AC0CBA0

Function 00AB1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf90775317aa70d4b6ff21a1facef713cdce0bc5b4dae3608c8bf002c3204855
Instruction ID: 09a7772be6a12e7c23c3f72df18619116cdbae3eb82430631556e523cb747f92
Opcode Fuzzy Hash: bf90775317aa70d4b6ff21a1facef713cdce0bc5b4dae3608c8bf002c3204855
Instruction Fuzzy Hash: 9701ADB220961A7EF62126786CD0FE76B6CDF817B8FB00326F525A21D3DB608C105160

Function 00AE1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00AE1A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE1A8A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1b26749355b095b9e1af9a9f4e0fca13616586657272f000c5e0746286dc6c87
Instruction ID: ce0c25d109c77da81e7175077db278790737dbf50564bd3a4dbcf329394a7dd3
Opcode Fuzzy Hash: 1b26749355b095b9e1af9a9f4e0fca13616586657272f000c5e0746286dc6c87
Instruction Fuzzy Hash: EB11093AD41229FFEB11DBA5CD85FADBB78EB08750F2000A1EA05B7290D6716E50DB94

Function 00AEE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00AEE1FD
MessageBoxW.USER32(?,?,?,?), ref: 00AEE230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00AEE246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00AEE24D

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 1ddf2ef8e9f63da237eed4d914bdad5294d7da642e0316b54c32619cf78c0d80
Instruction ID: c1253d33ac23d696940bb0aa0c3c8d53a9d6b7b0b54f6a3d9d0ef77237cec715
Opcode Fuzzy Hash: 1ddf2ef8e9f63da237eed4d914bdad5294d7da642e0316b54c32619cf78c0d80
Instruction Fuzzy Hash: 6111C876904254BBCB01DFAD9C05BDE7FADEB45311F148655F925E3291DAB08D048BA0

Function 00AAD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00AACFF9,00000000,00000004,00000000), ref: 00AAD218
GetLastError.KERNEL32 ref: 00AAD224
__dosmaperr.LIBCMT ref: 00AAD22B
ResumeThread.KERNEL32(00000000), ref: 00AAD249

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 0af6841e362be37951f5f4d1ec708c05b82ba3d035dad04fa60538608a88eb50
Instruction ID: 3a4623f1bddd6842abcb7fc45820452edfdafc96f4517f0514a0487463300b7f
Opcode Fuzzy Hash: 0af6841e362be37951f5f4d1ec708c05b82ba3d035dad04fa60538608a88eb50
Instruction Fuzzy Hash: 1701C076845204BBDB216BA5DC09BEE7E69EF83330F104229F926935D0DF708905C6A0

Function 00B19EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00A99BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A99BB2

GetClientRect.USER32(?,?), ref: 00B19F31
GetCursorPos.USER32(?), ref: 00B19F3B
ScreenToClient.USER32(?,?), ref: 00B19F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00B19F7A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 879d0b406c0ca5eea2b0d55fefd3c30cab0250300cba4865a8bdf5592b6b65d4
Instruction ID: 7762cc8d0b2d46326bc0ae461edc1d0160ea906a8a3f5af722259166ea4821e3
Opcode Fuzzy Hash: 879d0b406c0ca5eea2b0d55fefd3c30cab0250300cba4865a8bdf5592b6b65d4
Instruction Fuzzy Hash: 71115A3290025ABBDB10DF68C8999EE7BF9FB05311F904495F911E3140D730BAC2CBA1

Function 00A8600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
GetStockObject.GDI32(00000011), ref: 00A86060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 876f515731628bc48a96007c20cc38fc7a70436c2e40502da481693acb2a8cf8
Instruction ID: ac67d790e2e12b8246c83db20d512fc323702d02894a086cfd661ed20879adbf
Opcode Fuzzy Hash: 876f515731628bc48a96007c20cc38fc7a70436c2e40502da481693acb2a8cf8
Instruction Fuzzy Hash: 2F116D72501508BFEF125FA49C54FEABF79EF083A5F048215FA1452150DB329C60DBA5

Function 00AA3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00AA3B56

Part of subcall function 00AA3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00AA3AD2
Part of subcall function 00AA3AA3: ___AdjustPointer.LIBCMT ref: 00AA3AED

_UnwindNestedFrames.LIBCMT ref: 00AA3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00AA3B7C
CallCatchBlock.LIBVCRUNTIME ref: 00AA3BA4

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 5f1ebb6a4ea588ae01599e41dc7aec32c2d817bf2e2b74d4386c2a8ea009a06f
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 5C011732100148BBDF126F95DD42EEB7B6AEF8A754F044018FE4857161C772E9619BA0

Function 00AB3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A813C6,00000000,00000000,?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue), ref: 00AB30A5
GetLastError.KERNEL32(?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue,00B22290,FlsSetValue,00000000,00000364,?,00AB2E46), ref: 00AB30B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00AB301A,00A813C6,00000000,00000000,00000000,?,00AB328B,00000006,FlsSetValue,00B22290,FlsSetValue,00000000), ref: 00AB30BF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 2870e7d44bba079c35e9cfe09bf5380bf00a93da77b916b0db196def42a5e3ba
Instruction ID: e1c07bd83d07ac288309b3d3ef2456d27420a2131ca39aa4f69f4a4da7b1e125
Opcode Fuzzy Hash: 2870e7d44bba079c35e9cfe09bf5380bf00a93da77b916b0db196def42a5e3ba
Instruction Fuzzy Hash: 5B01D437745322ABCF315B78AC44AD77B9CAF05B61B604620F906E7141CB21D901C6E0

Function 00AE7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00AE747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00AE7497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00AE74AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00AE74CA

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 764085c5ec43042e0e8ea2dd415e7ecd11bf52d30f63d934a536000a6dbaed4e
Instruction ID: 39cbc3574eef8e176509798ee2b37470017d370202f64fca66082844cb399140
Opcode Fuzzy Hash: 764085c5ec43042e0e8ea2dd415e7ecd11bf52d30f63d934a536000a6dbaed4e
Instruction Fuzzy Hash: 2911C0B5249354AFE720CF19EC08F9A7FFCEB00B00F508569AA16DB191DBB0E904DB60

Function 00AEB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00AEACD3,?,00008000), ref: 00AEB126

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: dec7312deb7b900406594f4e9b68e1d21c17dbdad4085167d556d7ebe8a70672
Instruction ID: b7eccab7837ed9a258d33b4b84e0ed9e21c3b09144b269af3ff5823fdab6d9ae
Opcode Fuzzy Hash: dec7312deb7b900406594f4e9b68e1d21c17dbdad4085167d556d7ebe8a70672
Instruction Fuzzy Hash: F8113931D51668E7CF00AFEAE9986EFBF78FF09721F108186D941B3181CB3056509B61

Function 00B17E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00B17E33
ScreenToClient.USER32(?,?), ref: 00B17E4B
ScreenToClient.USER32(?,?), ref: 00B17E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B17E8A

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: e17b4ebabd5a93e2478db96bf53c98214831750bcb6a71a6bdeb3a00bdd731d9
Instruction ID: cb7138445afde10a599c7e10b8bf7ce63e16626ca6aa0ae5705a5cd50520c748
Opcode Fuzzy Hash: e17b4ebabd5a93e2478db96bf53c98214831750bcb6a71a6bdeb3a00bdd731d9
Instruction Fuzzy Hash: 611143B9D4020AAFDB41CF98C8849EEBBF9FB09310F509056E915E3210D775AA54CF50

Function 00AE2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00AE2DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE2DD6
GetCurrentThreadId.KERNEL32 ref: 00AE2DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00AE2DE4

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 7d813e1b1cd9705c103bdaa2943cd108aed26b5ec49836f25be04420b9aa0e48
Instruction ID: c810ce456f17117b126c3d3f2077dd9ff58eb24325f1a103051e0ed3cda53541
Opcode Fuzzy Hash: 7d813e1b1cd9705c103bdaa2943cd108aed26b5ec49836f25be04420b9aa0e48
Instruction Fuzzy Hash: 79E06D715812247AD7201B639C4DFEB3E6CEB42BA1F904115B205D3080DEA08840C6B0

Function 00B18863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00A99639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A99693
Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996A2
Part of subcall function 00A99639: BeginPath.GDI32(?), ref: 00A996B9
Part of subcall function 00A99639: SelectObject.GDI32(?,00000000), ref: 00A996E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00B18887
LineTo.GDI32(?,?,?), ref: 00B18894
EndPath.GDI32(?), ref: 00B188A4
StrokePath.GDI32(?), ref: 00B188B2

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 3fa39ffe5406faa88db0a33f53207ac172973346409060cf7b0d4b83c4addfec
Instruction ID: e666af22e73f205a2754a5af1f31cf0930c2c3581d8065468559784afcfcb517
Opcode Fuzzy Hash: 3fa39ffe5406faa88db0a33f53207ac172973346409060cf7b0d4b83c4addfec
Instruction Fuzzy Hash: A0F05E36081258FADB125F98AC0EFCE3F99AF0A311F848040FA11660E2CB755562CFE9

Function 00A998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00A998CC
SetTextColor.GDI32(?,?), ref: 00A998D6
SetBkMode.GDI32(?,00000001), ref: 00A998E9
GetStockObject.GDI32(00000005), ref: 00A998F1

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 23c1f9a1639bd2078d4ec6702b1577dce1b964eca1d479f570554133c909358f
Instruction ID: 2cb40900c98affeaa04e82d4951786373fe716d6727e6d553ec8b5b3589f9c45
Opcode Fuzzy Hash: 23c1f9a1639bd2078d4ec6702b1577dce1b964eca1d479f570554133c909358f
Instruction Fuzzy Hash: 0AE06D312C4280BADB215B78BC09BED3F61AB12336F14C21AF6FA690E1CB7146509B11

Function 00AE162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00AE1634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00AE11D9), ref: 00AE163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00AE11D9), ref: 00AE1648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00AE11D9), ref: 00AE164F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: a12d81bebd1b4533a93e0126f7ace81b63c1ccab4a4a1abd9b28f497464ead59
Instruction ID: 62e9f2d609b2f771d30f631269f79544377d852cace0ea481e514b0908593791
Opcode Fuzzy Hash: a12d81bebd1b4533a93e0126f7ace81b63c1ccab4a4a1abd9b28f497464ead59
Instruction Fuzzy Hash: F8E08631641221DBD7202FA1AD0DBC63F7CBF45795F14C808F245CB080DA344540C754

Function 00ADD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00ADD858
GetDC.USER32(00000000), ref: 00ADD862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ADD882
ReleaseDC.USER32(?), ref: 00ADD8A3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 63b70cb8b337c1237aaab46e39640a08b40c29c9fa3ada48e7f3376cc19abcba
Instruction ID: 47df62f2fdd0fc0fa3c44e057940a52211bcfb766e1bf829168e6c43f43702fe
Opcode Fuzzy Hash: 63b70cb8b337c1237aaab46e39640a08b40c29c9fa3ada48e7f3376cc19abcba
Instruction Fuzzy Hash: 4AE012B4840204EFCF41AFA0D90CAADBFB2FB08310F60D009E80AE7250CB388A41EF50

Function 00ADD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00ADD86C
GetDC.USER32(00000000), ref: 00ADD876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00ADD882
ReleaseDC.USER32(?), ref: 00ADD8A3

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 980bcc27c3d7f91dee28e973223a1226f8abce5e6d2295ab376f30973c1b3388
Instruction ID: 3a59e6db21bd869b58a5e74a9f9b015398c77a5b155c3dc9ab3265aa2c149902
Opcode Fuzzy Hash: 980bcc27c3d7f91dee28e973223a1226f8abce5e6d2295ab376f30973c1b3388
Instruction Fuzzy Hash: 48E092B5D40204EFCF51AFA0D94C6ADBFB5BB08311B549449E94AE7250CB385A41EF50

Function 00AF4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00A87620: _wcslen.LIBCMT ref: 00A87625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00AF4ED4

Strings

*, xrefs: 00AF4E10
LPT, xrefs: 00AF4DFB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 34e6e928b35acf3ce639b59595eac1bafbed3e86038a6f2c5a93bd06bf21a229
Instruction ID: 4cedac2c7433002cade8e7407ab77220909dbb08c861549711edc20359a055ba
Opcode Fuzzy Hash: 34e6e928b35acf3ce639b59595eac1bafbed3e86038a6f2c5a93bd06bf21a229
Instruction Fuzzy Hash: 72916D75A002089FCB14DF98C584EAABBF1BF48704F188099F94A9F362D731ED85CB90

Function 00AAE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00AAE30D

Strings

pow, xrefs: 00AAE2E5, 00AAE302

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 6b08328f2cbd3a768d6c35b419a72a8f644e1ae095e136f41b4dafc66f9caefd
Instruction ID: ff8a8bf960050d990880c8c5d85093c2e86a83ff9d01bc8f0c718ee9acc2b030
Opcode Fuzzy Hash: 6b08328f2cbd3a768d6c35b419a72a8f644e1ae095e136f41b4dafc66f9caefd
Instruction Fuzzy Hash: E9512B71A0C20296CF15F718CA417FD3BACAF81780F344D98E096872EAEF758C959A56

Function 00A9E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00A9E1B1

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 4f9745b836c850abcc94e22845c01d4737a728ad17069356660ec6b3f878ff09
Instruction ID: b9e308044d0e92b5feb3af82c1b4279b8d7009aa6e2a02031fa4b38d8e70b333
Opcode Fuzzy Hash: 4f9745b836c850abcc94e22845c01d4737a728ad17069356660ec6b3f878ff09
Instruction Fuzzy Hash: 1F51F175A04246DFDF15EF68C481AFA7BB8EF65310F24405AE8929F3D1DA349D42CBA0

Function 00A9F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00A9F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00A9F2BB

Strings

@, xrefs: 00A9F2AF

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 3e04200a84c0a28bc5db054fd99e746fbb6adfdf79b0a62dd6f78b0f8fd1214f
Instruction ID: b56842a9a52dac5e9755d844b4559579e16eca8998d5634edfffa322aca9e7b0
Opcode Fuzzy Hash: 3e04200a84c0a28bc5db054fd99e746fbb6adfdf79b0a62dd6f78b0f8fd1214f
Instruction Fuzzy Hash: 375158714087449BE320AF14ED86BAFBBF8FF84314F91884DF2D951195EB308929CB66

Function 00B05745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00B057E0
_wcslen.LIBCMT ref: 00B057EC

Strings

CALLARGARRAY, xrefs: 00B057E6, 00B057EB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 76a5718a0d22e0ebc4449139dbe7400db0f6e9906f3b00dbecd8ca877dc8dbe3
Instruction ID: 306db88396470623a79a457c240fdfcac46863aa616754723ca019f59d92bb4e
Opcode Fuzzy Hash: 76a5718a0d22e0ebc4449139dbe7400db0f6e9906f3b00dbecd8ca877dc8dbe3
Instruction Fuzzy Hash: 34418F31A006099FCB14DFA9C9859BEBBF9EF59350F1480A9E905A7291EB70DD81CF90

Function 00AFD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00AFD130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00AFD13A

Strings

|, xrefs: 00AFD10B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: 29eacb24e421cec4f35ef6264e2d5d3ef65d0b94b61ee2501ef735229efe15fb
Instruction ID: 7cd27ef544fda1af982c9116655a919ef2b8c6432e83e7ba100c2b0c80fcc86f
Opcode Fuzzy Hash: 29eacb24e421cec4f35ef6264e2d5d3ef65d0b94b61ee2501ef735229efe15fb
Instruction Fuzzy Hash: 81313E71D00209ABDF15EFE4CD85AEEBFBAFF05300F000119F915A6165E731AA56DB64

Function 00B1356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00B13621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B1365C

Strings

static, xrefs: 00B135BC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 378a46b8fc39d3c6c171654afb77e20a65cc998d7373d4af5f0492fa85b724ac
Instruction ID: 7a381924f0126c8c612731a38aef9ad43b7ed771e93fa57426dfd0e8b16c20fd
Opcode Fuzzy Hash: 378a46b8fc39d3c6c171654afb77e20a65cc998d7373d4af5f0492fa85b724ac
Instruction Fuzzy Hash: AA319E71100204AEEB109F28DC80FFB73E9FF98B64F508619F9A597290DA30AD91C760

Function 00B14537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00B1461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B14634

Strings

', xrefs: 00B1458E

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: dedc2322882a607ec1043d0423c9e9d56c1926f0d93f4b0f4b0389d4a95a6203
Instruction ID: 4d92ea4e928e208d882ca1c8ab252e6f621da106a7ab9440e3127c16216985e5
Opcode Fuzzy Hash: dedc2322882a607ec1043d0423c9e9d56c1926f0d93f4b0f4b0389d4a95a6203
Instruction Fuzzy Hash: 03311674A0020A9FDF14CFA9C980BDA7BF6FB19304F5444AAE904AB341D770A981CF90

Function 00B131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B1327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B13287

Strings

Combobox, xrefs: 00B13249

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 56b7fa2e1c6ad39d52cac01c21ad6195df610035f758ce4d743d9f4dc7bd7d08
Instruction ID: 53882d87cff31623f933b09403412f7b4ecc0595fa98c607630864633cbebaa2
Opcode Fuzzy Hash: 56b7fa2e1c6ad39d52cac01c21ad6195df610035f758ce4d743d9f4dc7bd7d08
Instruction Fuzzy Hash: B511B2713002087FFF21AE54DC80EFB3BEAEB98764F504164F918A7290E6319D9187A0

Function 00B13710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00A8600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A8604C
Part of subcall function 00A8600E: GetStockObject.GDI32(00000011), ref: 00A86060
Part of subcall function 00A8600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A8606A

GetWindowRect.USER32(00000000,?), ref: 00B1377A
GetSysColor.USER32(00000012), ref: 00B13794

Strings

static, xrefs: 00B13757

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: b8b4084e399041024a838f210547763b09e644b6152bd47ef55744c236e474f7
Instruction ID: 2b02397816be642be00fd4dbd5c6ae68816a7c1c597e3e76db34dba2bcba12bb
Opcode Fuzzy Hash: b8b4084e399041024a838f210547763b09e644b6152bd47ef55744c236e474f7
Instruction Fuzzy Hash: 461137B2610209AFDF01DFA8CC46EEA7BF8FB08714F404954F955E3250EB35E8619B60

Function 00AFCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00AFCD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00AFCDA6

Strings

<local>, xrefs: 00AFCD66

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: bd163f0ef1fb2529d547fa116c432cf770f4eea48050162a826defa563346eb0
Instruction ID: 8298fa73180333a4fbb2e0e5f0aa04c8b4b1d34335fe34029f73749cb323185b
Opcode Fuzzy Hash: bd163f0ef1fb2529d547fa116c432cf770f4eea48050162a826defa563346eb0
Instruction Fuzzy Hash: 4E11C27124563DBAD7384BA78C49EFBBEACEF127B4F40422AB20983080D7709941D6F0

Function 00B13429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00B134AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00B134BA

Strings

edit, xrefs: 00B1348F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 698ac6083e2a317bacaae59bf48c6f52c202edadd96caca34e2cd2de59a08edf
Instruction ID: 26cddfcb56284b7365fc855b9dafc8239dd521b9aaa4b728af2a57d25c399cb8
Opcode Fuzzy Hash: 698ac6083e2a317bacaae59bf48c6f52c202edadd96caca34e2cd2de59a08edf
Instruction Fuzzy Hash: 2811BF71100208AFEB228E64DC80AEB3BEAEB14B74F908364FA65932E0D731DCD19750

Function 00AE6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

CharUpperBuffW.USER32(?,?,?), ref: 00AE6CB6
_wcslen.LIBCMT ref: 00AE6CC2

Strings

STOP, xrefs: 00AE6CBC, 00AE6CC1

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 119a9923c767e30e8cbe9a0c501109e4e5afc65f942f010a4c07b2fef02cf569
Instruction ID: 73397bbb514a74dc60eb0c35c2a0477fc45db645796b1aeabfa581dfc0dfbe4a
Opcode Fuzzy Hash: 119a9923c767e30e8cbe9a0c501109e4e5afc65f942f010a4c07b2fef02cf569
Instruction Fuzzy Hash: E90104326009668BCB20AFBECC908BF77B5FAB57907600D28E86293191EB31D900C750

Function 00AE1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00AE1D4C

Strings

ListBox, xrefs: 00AE1D16
ComboBox, xrefs: 00AE1CEB

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: eaf1fd8aaccb4dfd4b630a988e19747808662b4ac6436ae9aad2398c06e71741
Instruction ID: 665c46336464af906f79be9e7e0cfe5f1bcc292fa6ee1c6bec0dd93439e218de
Opcode Fuzzy Hash: eaf1fd8aaccb4dfd4b630a988e19747808662b4ac6436ae9aad2398c06e71741
Instruction Fuzzy Hash: 7101D471601228ABCF18FFA5CE95CFF77A8EB46350B540619F832672D2EA3199088761

Function 00AE1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00AE1C46

Strings

ListBox, xrefs: 00AE1C10
ComboBox, xrefs: 00AE1BE5

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 598064eba1f80a2f16d6df52d332ae60dbd165afbf0f9f41fc45d86bc05864c4
Instruction ID: 219521cfae22db2279b7fef0fda3adbc69c3333d3cfd8ff37cd05422bdec20ef
Opcode Fuzzy Hash: 598064eba1f80a2f16d6df52d332ae60dbd165afbf0f9f41fc45d86bc05864c4
Instruction Fuzzy Hash: 1B01A7757811586BCF14FB91CA559FF77A89B51340F240019F416B7282EA319F1C97B2

Function 00AE1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00AE1CC8

Strings

ListBox, xrefs: 00AE1C94
ComboBox, xrefs: 00AE1C69

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: f9bf0c6750e43ec6285a55d51edcb798858120b8439cad826b36c913a8f2bd3b
Instruction ID: ca1a386c1dc668e9590e563cdfbccb3132252fc6197b4994ff35c2c98e45c49f
Opcode Fuzzy Hash: f9bf0c6750e43ec6285a55d51edcb798858120b8439cad826b36c913a8f2bd3b
Instruction Fuzzy Hash: DB01D6B16811686BCF14FBA2CB05AFF77E89B51340F240415B802B3282EA319F18D772

Function 00AE1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A89CB3: _wcslen.LIBCMT ref: 00A89CBD

Part of subcall function 00AE3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00AE3CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00AE1DD3

Strings

ListBox, xrefs: 00AE1DA0
ComboBox, xrefs: 00AE1D75

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 0c2157a63edde5619c2b3b39d67c49d48f6d6705c54b0436aa6e0007e351a88b
Instruction ID: 489ad511cf2ce2fb7fe2fd73e059bd35f7da742797b1cbfa90c87b61eca47014
Opcode Fuzzy Hash: 0c2157a63edde5619c2b3b39d67c49d48f6d6705c54b0436aa6e0007e351a88b
Instruction Fuzzy Hash: E5F0A971A416296BDB14F7A5CD95AFF77B8AB01350F580915F422632C1EA715A088361

Function 00B0747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00B07493
_wcslen.LIBCMT ref: 00B074B9

Strings

3, 3, 16, 1, xrefs: 00B07483

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: e49a2f2a9c59cc032bcc90ec9b0c28ec3425cdaff8527021fe5f461c41f1d59b
Instruction ID: 745ef6143674f96a0bf42f71bb34a4b558e4dab131f13032db4a5466ad9372dd
Opcode Fuzzy Hash: e49a2f2a9c59cc032bcc90ec9b0c28ec3425cdaff8527021fe5f461c41f1d59b
Instruction Fuzzy Hash: A7E02B02A5426010D23116799DC197FDBCDCFCA790710186BF981C33E6EFD49DA293A0

Function 00AE0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00AE0B23

Strings

AutoIt, xrefs: 00AE0B17
Error allocating memory., xrefs: 00AE0B1C

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: e40a522fe6ab8a1c4acfd41fb7d56ce624e981b7381c188a8e9791a76ed79b57
Instruction ID: d8fb56594544b2b1fded4cc428a578748b20f5e7c5c64156763abb95710a9a38
Opcode Fuzzy Hash: e40a522fe6ab8a1c4acfd41fb7d56ce624e981b7381c188a8e9791a76ed79b57
Instruction Fuzzy Hash: D3E0D8323843082BD62037547D03FC97EC58F06F50F10046AF748954D38BD1299006E9

Function 00AA0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00A9F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00AA0D71,?,?,?,00A8100A), ref: 00A9F7CE

IsDebuggerPresent.KERNEL32(?,?,?,00A8100A), ref: 00AA0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A8100A), ref: 00AA0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00AA0D7F

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 27ac9a6d10525efad39fd3a1c923147eaf3fa8b29a605ac1398f9841a3ac4c9a
Instruction ID: 8d8519b1d8ecbda90ec3b10d69f21ca8bd2507eca54254e0fff6f67d2f72f5d3
Opcode Fuzzy Hash: 27ac9a6d10525efad39fd3a1c923147eaf3fa8b29a605ac1398f9841a3ac4c9a
Instruction Fuzzy Hash: C9E06D752007018BD360AFBCD508B927BE0AB01740F40896DE486C76A1EBB5E488CB91

Function 00AF3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00AF302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00AF3044

Strings

aut, xrefs: 00AF3038

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: ad50417d46135138b446c25fe3e4587a781bdfdfd676af17e440be1b22442af5
Instruction ID: 86746fb37b56eb8fefe5b2c17effc3894ee379a6ecefb47183f40609f7894a66
Opcode Fuzzy Hash: ad50417d46135138b446c25fe3e4587a781bdfdfd676af17e440be1b22442af5
Instruction Fuzzy Hash: EBD05EB254032867DA20A7A4AC0EFCB3F6CDB05750F4002A1B655E30A1DEF09A84CAD0

Function 00ADD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00ADD220

Strings

X64, xrefs: 00ADD2A8
%.3d, xrefs: 00ADD22B

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 7f4fac8a890df5a8ebe4aa9759a77435b8a1733c5a31bfad8bd6b1052e71c719
Instruction ID: b1c19c2a58f15eefcadee1f373d5d5bcf97f02691a01ebd19a08c6b7c94d982d
Opcode Fuzzy Hash: 7f4fac8a890df5a8ebe4aa9759a77435b8a1733c5a31bfad8bd6b1052e71c719
Instruction Fuzzy Hash: 69D012B1948108EACF509AD0CC458F9B7BCEB18341F508453F807D2140DA34C649A761

Function 00B12322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B1232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B1233F

Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3

Strings

Shell_TrayWnd, xrefs: 00B12325

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 365d9ab950a8d9884e1585f13e1b41ff7df4ee727b2e52f10f5b07376c800ace
Instruction ID: e3963a4e3850132c5d4840c69aae7d489397bc6ac85026c279900e0dcb4ec2ec
Opcode Fuzzy Hash: 365d9ab950a8d9884e1585f13e1b41ff7df4ee727b2e52f10f5b07376c800ace
Instruction Fuzzy Hash: FDD0C9363D4350BAE664A771DC0FFC6AA55AB10B10F4089167645AB1E5D9A0A841CA54

Function 00B12356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B1236C
PostMessageW.USER32(00000000), ref: 00B12373

Part of subcall function 00AEE97B: Sleep.KERNEL32 ref: 00AEE9F3

Strings

Shell_TrayWnd, xrefs: 00B12365

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 11a4a1d4c6d0d75e840cd0ddec41532591853267d833888d8dda7e8f1ddfabb0
Instruction ID: 495225f42807eea0a4879174ba6ca9f06c53ad80cde0763d134e232db5fb695d
Opcode Fuzzy Hash: 11a4a1d4c6d0d75e840cd0ddec41532591853267d833888d8dda7e8f1ddfabb0
Instruction Fuzzy Hash: 2AD0C9323C13507AE664A771DC0FFC6AA55AB15B10F4089167645AB1E5D9A0A841CA54

Function 00ABBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00ABBE93
GetLastError.KERNEL32 ref: 00ABBEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ABBEFC

Memory Dump Source

Source File: 00000000.00000002.2984586360.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.2984565959.0000000000A80000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B1C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984646237.0000000000B42000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984695001.0000000000B4C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2984717342.0000000000B54000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: cc0a370344734d7aa52872d76794b1a93c6ac4341fbc7a1cac0489ce2b410d7d
Instruction ID: f15a88f4a4c485231cbe407fd02426fcad01551f52f3516e4e38ce680390d154
Opcode Fuzzy Hash: cc0a370344734d7aa52872d76794b1a93c6ac4341fbc7a1cac0489ce2b410d7d
Instruction Fuzzy Hash: 1441C334610206AFCF258FB5CD44AFA7BADAF42310F244169F9599B1A2DBB0CD01DB70

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre