Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1527566
MD5:	a914737c9af5014b7cd65b6649094707
SHA1:	52bf91e77db241ae45090c95e59052aedcf4e146
SHA256:	024111033535957eb3d0b9dfb3738c2811db0b8569afc87c066922cadbc5b5da
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 4120 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A914737C9AF5014B7CD65B6649094707)

taskkill.exe (PID: 5940 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6468 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5044 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2680 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6528 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 6000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3303032087.00000000011B8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: file.exe PID: 4120	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 518sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_98.14.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_98.14.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_96.14.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_98.14.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_98.14.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_96.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_96.14.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_98.14.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_98.14.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_98.14.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_98.14.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_98.14.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_98.14.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_98.14.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_98.14.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_98.14.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_98.14.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_98.14.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_98.14.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_96.14.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_98.14.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_98.14.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_98.14.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_96.14.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_98.14.dr	String found in binary or memory: https://www.google.com
Source: chromecache_98.14.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_96.14.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_96.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_96.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_96.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_96.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_96.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_98.14.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_98.14.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.2078815953.00000000007B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000002.3303032087.00000000011B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd7
Source: chromecache_98.14.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:50009 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BDEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00BDEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BDED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00BDED6A

Source: C:\Users\user\Desktop\file.exe

0_2_00BDEAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BCAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00BCAA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00BF9576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_45e4863d-c
Source: file.exe, 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_cbf7b85f-f
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_3a1ac303-f
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_aa054f35-e

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BCD5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00BCD5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BC1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00BC1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BCE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00BCE8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68060	0_2_00B68060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2046	0_2_00BD2046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8298	0_2_00BC8298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E4FF	0_2_00B9E4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9676B	0_2_00B9676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4873	0_2_00BF4873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8CAA0	0_2_00B8CAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CAF0	0_2_00B6CAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7CC39	0_2_00B7CC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B96DD9	0_2_00B96DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B691C0	0_2_00B691C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7B119	0_2_00B7B119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B81394	0_2_00B81394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B81706	0_2_00B81706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8781B	0_2_00B8781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B819B0	0_2_00B819B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B67920	0_2_00B67920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7997D	0_2_00B7997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B87A4A	0_2_00B87A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B87CA7	0_2_00B87CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B81C77	0_2_00B81C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B99EEE	0_2_00B99EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEBE44	0_2_00BEBE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B81F32	0_2_00B81F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B69CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B80A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B7F9F2 appears 40 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@46/36@12/7

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BD37B5 GetLastError,FormatMessageW,

0_2_00BD37B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC10BF AdjustTokenPrivileges,CloseHandle,		0_2_00BC10BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00BC16C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BD51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00BD51CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BEA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_00BEA67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BD648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00BD648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B642A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00B642A2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4764:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3840:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5836:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2604:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Google Drive.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.12.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00B642DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B80A76 push ecx; ret

0_2_00B80A89

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00B7F98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00BF1C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-97187

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7102			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1777			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.3 %

Source: C:\Users\user\Desktop\file.exe TID: 3556

Thread sleep time: -71020s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7102 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00BCDBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C2A2 FindFirstFileExW,	0_2_00B9C2A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD68EE FindFirstFileW,FindClose,	0_2_00BD68EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00BD698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00BCD076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00BCD3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00BD9642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00BD979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00BD9B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD5C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00BD5C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00B642DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BDEAA2 BlockInput,

0_2_00BDEAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B92622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00B92622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00B642DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B84CE8 mov eax, dword ptr fs:[00000030h]

0_2_00B84CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BC0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00BC0B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00B92622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00B8083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B809D5 SetUnhandledExceptionFilter,	0_2_00B809D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B80C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00B80C21

Source: C:\Users\user\Desktop\file.exe

0_2_00BC1201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BA2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00BA2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BCB226 SendInput,keybd_event,

0_2_00BCB226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BE22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_00BE22DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00BC0B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BC1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00BC1663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B80698 cpuid

0_2_00B80698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BD8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00BD8195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BBD27A GetUserNameW,

0_2_00BBD27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B9B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

0_2_00B9B952

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00B642DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.3303032087.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4120, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.3303032087.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4120, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00BE1204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00BE1806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	1 Masquerading	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Registry Run Keys / Startup Folder	2 Valid Accounts	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Virtualization/Sandbox Evasion	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	21 Access Token Manipulation	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
www.google.com	0%	Virustotal	Browse
www3.l.google.com	0%	Virustotal	Browse
play.google.com	0%	Virustotal	Browse
youtube-ui.l.google.com	0%	Virustotal	Browse
www.youtube.com	0%	Virustotal	Browse
youtube.com	0%	Virustotal	Browse
accounts.youtube.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://play.google/intl/	0%	URL Reputation	safe
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe
https://play.google.com/work/enroll?identifier=	0%	Virustotal		Browse
https://youtube.com/t/terms?gl=	0%	Virustotal		Browse
https://www.google.com/intl/	1%	Virustotal		Browse
https://www.google.com	0%	Virustotal		Browse
https://play.google.com/log?hasfast=true&authuser=0&format=json	0%	Virustotal		Browse
https://www.google.com/favicon.ico	0%	Virustotal		Browse
https://play.google.com/log?format=json&hasfast=true	0%	Virustotal		Browse
https://play.google.com/log?format=json&hasfast=true&authuser=0	0%	Virustotal		Browse
https://www.youtube.com/t/terms?chromeless=1&hl=	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
youtube-ui.l.google.com	142.250.185.206	true	false	0%, Virustotal, Browse	unknown
www3.l.google.com	216.58.212.174	true	false	0%, Virustotal, Browse	unknown
play.google.com	142.250.185.78	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.186.132	true	false	0%, Virustotal, Browse	unknown
youtube.com	142.250.185.238	true	false	0%, Virustotal, Browse	unknown
accounts.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	0%, Virustotal, Browse	unknown
https://www.google.com/favicon.ico	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_98.14.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_98.14.dr	false	0%, Virustotal, Browse	unknown
https://policies.google.com/technologies/location-data	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_98.14.dr	false	1%, Virustotal, Browse	unknown
https://apis.google.com/js/api.js	chromecache_96.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_98.14.dr	false	0%, Virustotal, Browse	unknown
https://policies.google.com/terms/service-specific	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_96.14.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_98.14.dr	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_98.14.dr	false	0%, Virustotal, Browse	unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_98.14.dr	false	0%, Virustotal, Browse	unknown
https://support.google.com/accounts?hl=	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_98.14.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_98.14.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.78	play.google.com	United States	15169	GOOGLEUS	false
142.250.185.206	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.238	youtube.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
216.58.212.174	www3.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527566
Start date and time:	2024-10-07 03:22:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@46/36@12/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 38 Number of non-executed functions: 314
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 172.217.16.206, 74.125.206.84, 34.104.35.123, 142.250.184.227, 216.58.206.42, 172.217.18.10, 142.250.185.138, 142.250.184.234, 142.250.186.170, 142.250.185.234, 142.250.185.202, 142.250.185.74, 142.250.185.170, 142.250.186.74, 142.250.181.234, 142.250.186.42, 142.250.186.106, 142.250.185.106, 172.217.16.202, 142.250.184.202, 142.250.185.99, 172.217.16.138, 88.221.110.91, 192.229.221.95, 199.232.210.172, 142.250.184.195, 173.194.76.84, 142.250.186.142
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://maxask.com	Get hash	malicious	Unknown	Browse
	https://email.m.teachable.com/c/eJwszz3O6yAQheHV4NJiZjA_BcVtso1owOMYyZjIkLv-T47Sn0d6zxqTFQ6TRHC4aDLgaJLK5XhekqW8x7OsUSGCDcHRQggKcdpjELZb4ORzSAyrwUzJbgHE28XoDacSUaPRnjRYHQhm9M4s2iP7ZLOWpIyu8xDOO6dD5tzqdMR9jHdX9E_hQ-GjfoYc5dzaVXmUdvZyueW7rNI7v-QXR0QLenuXXbHz2j7nnMrJZxbUCMro133pK3veWzt-EMEZsO6G_yP-BQAA__8EPU-T	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	Camtech_Korea_Invoice_2024.html	Get hash	malicious	HTMLPhisher	Browse
	http://chiso.dev/	Get hash	malicious	Unknown	Browse
	http://buddycities.com/	Get hash	malicious	Unknown	Browse
	http://buckboosters.com/	Get hash	malicious	Unknown	Browse
	https://wchckwl.org/	Get hash	malicious	Unknown	Browse
	http://www.ngdhqw.blogspot.de/	Get hash	malicious	GRQ Scam	Browse
	https://event.stibee.com/v2/click/NDA4MDIvMjQzMzA0Ny80OTAyMzcv/aHR0cHM6Ly91cHBpdHkuY28ua3IvJWVhJWI3JWI4JWViJTgyJWEwLTUlZWIlYTclOGMtJWVjJTliJTkwJWViJThjJTgwLSVlYyU4MiViYyVlYyVhMCU4NCVlYyU5ZCU4NC0lZWIlYjQlYTQlZWMlOTYlYjQlZWMlOWElOTQtMi8	Get hash	malicious	Unknown	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	file.exe	Get hash	malicious	Vidar	Browse	23.1.237.91
	file.exe	Get hash	malicious	Stealc	Browse	23.1.237.91
	SecuriteInfo.com.Trojan.DownLoader47.42925.26493.18247.exe	Get hash	malicious	Amadey	Browse	23.1.237.91
	Camtech_Korea_Invoice_2024.html	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	zncaKWwEdq.exe	Get hash	malicious	Vidar	Browse	23.1.237.91
	http://buddycities.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://vpnpanda.org/	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://revsolsavenue.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://m4xnk.github.io/netflix-clone-by-m4xnk	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://netzerosystem00.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Vidar	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Vidar	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Stealc	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	CR0QGWXdDl.exe	Get hash	malicious	Stealc, Vidar	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	https://maxask.com	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Credential Flusher	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	SecuriteInfo.com.Trojan.DownLoader47.42925.26493.18247.exe	Get hash	malicious	Amadey	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	Camtech_Korea_Invoice_2024.html	Get hash	malicious	HTMLPhisher	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	zncaKWwEdq.exe	Get hash	malicious	Vidar	Browse	20.109.210.53 184.28.90.27 13.107.246.45
	http://chiso.dev/	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 00:23:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.979175651964186
Encrypted:	false
SSDEEP:	48:8cZdKjTuSqfHuZidAKZdA19ehwiZUklqehqy+3:8cm3/rpy
MD5:	5C28414CCB905749A577490649BA4646
SHA1:	68699DDE4CCB140349927D7DF25EF335A0E16566
SHA-256:	C18BCC4A660E77716652638886216B0D5026C2F901C069A6A17D1ABF764FFD3B
SHA-512:	C00A09F6D3805B64FFE41F225C0945AD67989144005F450AE1589716697CB68A162B3C23C42F539EEB3126E1362ABAE126E95F5D50117BFBE7AC43B7F2CEACD5
Malicious:	false
Preview:	L..................F.@.. ...$+.,....k.uW...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 00:23:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9935003341466797
Encrypted:	false
SSDEEP:	48:8ndKjTuSqfHuZidAKZdA1weh/iZUkAQkqehZy+2:8E3/Z9QQy
MD5:	AFA39238961488B7E7ACA2BF59F7AA25
SHA1:	7133B8109DCA72EED2946A09A7B13A88B6ABAACF
SHA-256:	D39702BC563DB2438E6FAF3FE571C33E9A620B89478EF2C3B8AF5C2F49554F2E
SHA-512:	603A60356F8A3BF08DA9FE5B283840A02F2B363FEFAFD225FB85EE30F318C7770C172CEC9D8E00625FBBF63196AAEE835B504B233C83CA44C17D91B9DB760723
Malicious:	false
Preview:	L..................F.@.. ...$+.,....V..uW...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0070175261489265
Encrypted:	false
SSDEEP:	48:8xDdKjTuSsHuZidAKZdA14tseh7sFiZUkmgqeh7sny+BX:8xI3hpn1y
MD5:	AB78E429BB6BCB7E27549A28116098F2
SHA1:	E9DF3A2E4A5B384335263018EDEF9CC76A110B0E
SHA-256:	ACCCC7422ED2D9935526ECD1B4B3FF69E553732ADD6675951EF53DF51D51727F
SHA-512:	F8C0EF9B9D9236571E92DF598DB1A52C84D997ECDBE7E45D5E8388A5B4ED09B5AC3412888148740584D09D25354BEE5233445761072FC69215AF1F5B9805BAF9
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 00:23:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.994402259947533
Encrypted:	false
SSDEEP:	48:8UdKjTuSqfHuZidAKZdA1vehDiZUkwqehNy+R:8J3/6/y
MD5:	A7EE31013E0339D6E93B0971F6AD2C01
SHA1:	57C1A0685086DD6CD0467F44ECEEE427B9D62B4E
SHA-256:	2C289E9BEE0D339BE3E957B4AA3DD54AA12FE6BF3B5C3137AA92D856E1296F2D
SHA-512:	B9F76BA8DD5485B3A5220B353B18C44ABFB5DACA207B0B17C516BC0EDDE9BCAC4918F1635220B956D30F53DA2CE3B8F236F06AE8924635E4F086C44B0A5D81EB
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......uW...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 00:23:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.982676618692641
Encrypted:	false
SSDEEP:	48:8ddKjTuSqfHuZidAKZdA1hehBiZUk1W1qehDy+C:8S3/69jy
MD5:	17517E320CEFC52852723B2DBDC7198E
SHA1:	C1FE808E35AD0F0B4B442DA2A89C0D6B50E1B096
SHA-256:	0D27AE129B683DF130927F866F34A14D573103E203FE03F378699FDCCEF810B2
SHA-512:	08DE2162168FE23643FE1BAC019FAEC5362582EED6AF1AF657DF52B90606BD705348F7799134B2BE8BB684F0F068601C514FDFEAAB3335A07519F9E3DA8E1DE7
Malicious:	false
Preview:	L..................F.@.. ...$+.,....\..uW...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 00:23:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9901687244324
Encrypted:	false
SSDEEP:	48:8GPdKjTuSqfHuZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb1y+yT+:8n3/ET/TbxWOvTb1y7T
MD5:	D140132901FF82490F98A939615CF967
SHA1:	159E2C7DEECAC671BD159EA81CC182FCF5E5713A
SHA-256:	42AF3B60AF2C43D8F3634C0D92B23A4A6E64F6EC4144930F753F622A4FDE9976
SHA-512:	CCF2DEBBB2A2D873A88FD69B61605CB404CDA226DAE68F2BD1F760A78E6CFEF2935D020AEA05894E16401E69E3DD2D7ED7ED95BF7ADA1CFB8F8B56EC48B706CB
Malicious:	false
Preview:	L..................F.@.. ...$+.,....a.wuW...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IGY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VGY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VGY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VGY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792853472193562
Encrypted:	false
SSDEEP:	6144:H5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:HOeKGSpgu/
MD5:	E1EACECE2057677ABF75B712C105209B
SHA1:	9E344321591DF0F0A5070CA740EC5B0A6AE0F652
SHA-256:	8AFE51BFDAE261688E105C2C7EDF8E18A1014157E0F6DDEBB224FDACC000A198
SHA-512:	F2054EAD60C488375EB127744B14138AD5FB141E8F83968C76892BFA51B1B35D53D54C19E1A1C72B46A1E62989BAED5F07E020CC3BAF8D98D8C0C985ED2B24A1
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGb3a8-i7ToyTC_LjURLST5kEgrtQ/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1e4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.58379881209052
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	a914737c9af5014b7cd65b6649094707
SHA1:	52bf91e77db241ae45090c95e59052aedcf4e146
SHA256:	024111033535957eb3d0b9dfb3738c2811db0b8569afc87c066922cadbc5b5da
SHA512:	0b1a09f8b05b1af84379df2911a578040529471dcd0265e6f43382e6e76f2a00721062402b48f176fa5ad70d9c731f99f4a1fd4c55c9835d39befe24cf304a73
SSDEEP:	24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8a47K:oTvC/MTQYxsWR7a4
TLSH:	6A159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67033549 [Mon Oct 7 01:11:37 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F378D448153h
jmp 00007F378D447A5Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F378D447C3Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F378D447C0Ah
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F378D44A7FDh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F378D44A848h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F378D44A831h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	96cdb718b50bb4c10c687e21146b2167	False	0.3167317708333333	data	5.332508239630495	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 03:22:59.025093079 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:22:59.025105000 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:22:59.165718079 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:03.606384993 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:03.606412888 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:03.606475115 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:03.607592106 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:03.607608080 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.255208969 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.255367041 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.255378962 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.255945921 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.256006002 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.257077932 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.257215977 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.259896994 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.260128021 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.260150909 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.302772999 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.302779913 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.349613905 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.528702974 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.528784037 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.528804064 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.528904915 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.529048920 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.530635118 CEST	49705	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:23:04.530658960 CEST	443	49705	142.250.185.238	192.168.2.5
Oct 7, 2024 03:23:04.541239023 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:04.541311026 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:04.541502953 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:04.541712046 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:04.541743040 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.196490049 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.196860075 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.196898937 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.197454929 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.197536945 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.198453903 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.198518991 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.199851990 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.199939013 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.200226068 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.200243950 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.240263939 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.413594961 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.413623095 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.413696051 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:05.413697004 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.413970947 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.418870926 CEST	49710	443	192.168.2.5	142.250.185.206
Oct 7, 2024 03:23:05.418919086 CEST	443	49710	142.250.185.206	192.168.2.5
Oct 7, 2024 03:23:07.878895044 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:07.878952026 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:07.879038095 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:07.879234076 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:07.879249096 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:07.993681908 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:07.993709087 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:07.993777037 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:07.996733904 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:07.996743917 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:08.521728992 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:08.521939039 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:08.521958113 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:08.523643017 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:08.523722887 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:08.524686098 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:08.524770975 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:08.567500114 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:08.567513943 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:08.614363909 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:08.630011082 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:08.630644083 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:08.649588108 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:08.649697065 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:08.659109116 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:08.659113884 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:08.659905910 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:08.708123922 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:08.746237993 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:08.770706892 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:08.791426897 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:09.077756882 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:09.077928066 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:09.077995062 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:09.078512907 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:09.078521967 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:09.078562975 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:09.078567982 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:09.128837109 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:09.128885984 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:09.128962994 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:09.129427910 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:09.129446983 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:09.799624920 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:09.799747944 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:10.074203968 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:10.074238062 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:10.075110912 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:10.076113939 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:10.123400927 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:10.376919031 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:10.377063990 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:10.377671957 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:10.377856970 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:10.377856970 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 7, 2024 03:23:10.377887011 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:10.377909899 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 7, 2024 03:23:10.424969912 CEST	443	49703	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:10.425143957 CEST	49703	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:12.945489883 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:12.945525885 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:12.945597887 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:12.947082996 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:12.947098970 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.589807987 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.590401888 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.590424061 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.591809034 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.592168093 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.594276905 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.594414949 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.595562935 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.595733881 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.595904112 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.595913887 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.646635056 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.907300949 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.907478094 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.907576084 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.907664061 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.907664061 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.907694101 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.912870884 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.914896965 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.914906979 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.919225931 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.919313908 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.919421911 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.919444084 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.919756889 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.928867102 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.928946018 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.931900978 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.931991100 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.932260036 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.932269096 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.934873104 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.980490923 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:13.980530024 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:13.980587006 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:13.981285095 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:13.981298923 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:13.995959997 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.996072054 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.996107101 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.996124029 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.996543884 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.996629953 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:13.996639967 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:13.996773958 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:14.002691984 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.002777100 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:14.002782106 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.002809048 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.006387949 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:14.008790970 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.008876085 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:14.015070915 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.015175104 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:14.015191078 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.021501064 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.023060083 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:14.023073912 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.033673048 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.033968925 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.034059048 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:14.034193039 CEST	49732	443	192.168.2.5	216.58.212.174
Oct 7, 2024 03:23:14.034224033 CEST	443	49732	216.58.212.174	192.168.2.5
Oct 7, 2024 03:23:14.062820911 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.062855959 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.062968969 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.063256979 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.063277006 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.614406109 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.614665985 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.614712000 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.615895033 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.616065025 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.616900921 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.616972923 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.618719101 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.618882895 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.619039059 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.659420967 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.664508104 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.664526939 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.709826946 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.715938091 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.716351032 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.716363907 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.716871977 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.716989994 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.717871904 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.717938900 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.718321085 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.718399048 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.718602896 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.757934093 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.757941008 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.804503918 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:14.913505077 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.913696051 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:14.913760900 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.034864902 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.035048962 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.035278082 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.149939060 CEST	49736	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.149971962 CEST	443	49736	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.153831959 CEST	49737	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.153844118 CEST	443	49737	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.155791044 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.155850887 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.155929089 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.157928944 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.157958984 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.158025026 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.159645081 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.159662962 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.160552979 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.160573959 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.316945076 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:15.316956043 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:15.317020893 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:15.317272902 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:15.317285061 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:15.789063931 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.789290905 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.789310932 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.789824963 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.789886951 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.790817976 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.790875912 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.791177034 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.791254997 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.791326046 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.791337967 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.791357994 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.822998047 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.823198080 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.823211908 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.824441910 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.824505091 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.826937914 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.827002048 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.827188015 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.827274084 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.827334881 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.827344894 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.827445030 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.833478928 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.833488941 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.875402927 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:15.880863905 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:15.992434025 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:15.992564917 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:15.995122910 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:15.995130062 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:15.995630980 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.003079891 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.038746119 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:16.039096117 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:16.039161921 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:16.039746046 CEST	49740	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:16.039761066 CEST	443	49740	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:16.047447920 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.081208944 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:16.082602978 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:16.082695007 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:16.083436012 CEST	49741	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:16.083445072 CEST	443	49741	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:16.119517088 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.119549036 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.119569063 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.119616032 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.119626045 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.119641066 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.119676113 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.209317923 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.209357023 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.209399939 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.209408045 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.209436893 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.209752083 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.211118937 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.211148024 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.211205006 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.211211920 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.211251974 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.299220085 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.299257040 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.299391985 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.299423933 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.299485922 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.300088882 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.300112009 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.300152063 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.300165892 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.300184965 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.300209999 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.301166058 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.301187992 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.301228046 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.301234961 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.301256895 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.301269054 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.302280903 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.302305937 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.302340984 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.302346945 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.302372932 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.302381039 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.574165106 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.574182987 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.574351072 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.574594021 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.574594021 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.574631929 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.574656963 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.574803114 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.574858904 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.574858904 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.574872971 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.574892998 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.574913979 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.574943066 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575222015 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575249910 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575287104 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575293064 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575304985 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575418949 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575443983 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575480938 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575485945 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575504065 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575511932 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575531006 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575563908 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575568914 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575582981 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575588942 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575611115 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575661898 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.575707912 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.575994968 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.576016903 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.576033115 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.576040030 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.637408018 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.637445927 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.637514114 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.639729023 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.639821053 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.639945030 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.641891003 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.641942024 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.642039061 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.642538071 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.642597914 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.642649889 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.642667055 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.642690897 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.642762899 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.642853975 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.642875910 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.642903090 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.642920017 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.642987013 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.643014908 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.643069029 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.643090963 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.643107891 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:16.643126965 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:16.852138996 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:16.895447969 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:17.087016106 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:17.087099075 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:17.087188005 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:17.090363979 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:17.090395927 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:17.118284941 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:17.118410110 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:17.118478060 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:17.118515015 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:17.118541956 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:17.118598938 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:17.118632078 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:17.118904114 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:17.118966103 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:17.122427940 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:23:17.122464895 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 7, 2024 03:23:17.284987926 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.289145947 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.289191008 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.289796114 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.289812088 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.289942026 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.290555000 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.290616989 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.290842056 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.290858030 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.304464102 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.304932117 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.304977894 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.305505991 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.305515051 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.312963009 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.314330101 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.342238903 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.342259884 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.342824936 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.342834949 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.343151093 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.343161106 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.343677998 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.343684912 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.385027885 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.385096073 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.385196924 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.385237932 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.385263920 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.385294914 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.385343075 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.385550022 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.385571003 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.385584116 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.385591030 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.389600039 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.389641047 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.389719963 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.390513897 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.390530109 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.406797886 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.406822920 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.406877995 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.406918049 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.406974077 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.407257080 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.407289982 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.407315016 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.407330036 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.410716057 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.410758018 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.410835028 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.411060095 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.411077023 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.441468000 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.441526890 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.441644907 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.441665888 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.441694975 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.441735983 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.441776991 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.442224979 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.442292929 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.442373037 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.442759991 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.442778111 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.442800999 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.442812920 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.442955971 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.442961931 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.443030119 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.443036079 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.463992119 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.464041948 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.464152098 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.528883934 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.528903008 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.528934956 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.528947115 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.578490019 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.578521013 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.578623056 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.629853964 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.629903078 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.643882990 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.643934011 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.644067049 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.648463964 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.648484945 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.662091017 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.662123919 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.662240028 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.710002899 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:17.710025072 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:17.803257942 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:17.803344011 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:17.806884050 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:17.806901932 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:17.807257891 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:17.854690075 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:18.045557976 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.046179056 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.046199083 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.046976089 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.046979904 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.144756079 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.144834042 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.144887924 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.145217896 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.145231009 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.145242929 CEST	49755	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.145247936 CEST	443	49755	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.149322033 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.149348974 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.149425983 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.149730921 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.149745941 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.273941040 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.274876118 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.274894953 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.275568962 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.275574923 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.283951998 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.284482956 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.284493923 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.285111904 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.285115957 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.342822075 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.343502045 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.343517065 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.343909979 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.343914032 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.373430014 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.373583078 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.373663902 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.373822927 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.373831034 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.373843908 CEST	49756	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.373848915 CEST	443	49756	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.377283096 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.377310038 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.377399921 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.377615929 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.377629042 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.381262064 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.381414890 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.381468058 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.381484985 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.381493092 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.381515980 CEST	49757	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.381527901 CEST	443	49757	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.383841038 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.383848906 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.383924961 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.384076118 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.384087086 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.442090988 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.442148924 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.442198038 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.442364931 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.442373037 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.442384958 CEST	49758	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.442388058 CEST	443	49758	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.445506096 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.445544958 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.445622921 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.445754051 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.445764065 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.558145046 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:18.599476099 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.787849903 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.787905931 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.787925959 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.787982941 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.787992954 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:18.788058043 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.788088083 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.788093090 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:18.788106918 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.788149118 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:18.788192034 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:18.788204908 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.788379908 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:18.788454056 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:18.842884064 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.843461990 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.843521118 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.843944073 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.843961954 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.947808027 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.947958946 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.948203087 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.948262930 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.948262930 CEST	49760	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.948297977 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.948322058 CEST	443	49760	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.951630116 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.951673031 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:18.951817989 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.952043056 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:18.952060938 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.017477989 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.018141031 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.018157959 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.018657923 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.018856049 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.018861055 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.019402027 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.019407034 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.019809008 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.019813061 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.123672009 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.123753071 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.123816967 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.124099970 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.124114990 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.124124050 CEST	49762	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.124130011 CEST	443	49762	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.124512911 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.124686956 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.124739885 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.124989986 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.124994993 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.125020027 CEST	49761	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.125022888 CEST	443	49761	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.127357006 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.128160954 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.128174067 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.128209114 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.128237009 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.128251076 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.128938913 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.128989935 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.129055977 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.129066944 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.129096985 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.129220963 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.129224062 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.129236937 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.129252911 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.232934952 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.232970953 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.233083010 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.233287096 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.233310938 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.233335972 CEST	49763	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.233349085 CEST	443	49763	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.235955000 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.235987902 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.236107111 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.236243963 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.236258984 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.354120016 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.357336998 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.357372999 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.358305931 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:19.358335972 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:19.358361959 CEST	49752	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:19.358375072 CEST	443	49752	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:19.359672070 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.359683990 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.528410912 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.528480053 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.528549910 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.528779984 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.528801918 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.528821945 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.528829098 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.535490036 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.535573006 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.535669088 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.535778046 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.535805941 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.617177963 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.617973089 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.617995977 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.618772984 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.618779898 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.714720964 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.714860916 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.714956045 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.716931105 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.716948032 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.716959953 CEST	49766	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.716965914 CEST	443	49766	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.732990026 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.733006001 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.733094931 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.761754990 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.761770010 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.772794008 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.775624990 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.784882069 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.784890890 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.786485910 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.786490917 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.792635918 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.792646885 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.793749094 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.793756008 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.882637024 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.882776976 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.882857084 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.890463114 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.890620947 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.890697002 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.894640923 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.900211096 CEST	49768	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.900223017 CEST	443	49768	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.903520107 CEST	49767	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.903534889 CEST	443	49767	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.908585072 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.908602953 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.909946918 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.909957886 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.923142910 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.923165083 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.923341990 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.923783064 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.923798084 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.925967932 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.926071882 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:19.926150084 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.931746960 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:19.931782961 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.006966114 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.007132053 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.007235050 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.050699949 CEST	49769	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.050736904 CEST	443	49769	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.069130898 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.069185019 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.069252968 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.069891930 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.069911003 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.168859005 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.189646959 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.189692974 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.190538883 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.190551043 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.285394907 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.285459995 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.285517931 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.285742044 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.285764933 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.285789967 CEST	49770	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.285803080 CEST	443	49770	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.288821936 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.288839102 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.288938999 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.289043903 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.289047003 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.407429934 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.407990932 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.408008099 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.409518957 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.409523964 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.506143093 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.506283045 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.506344080 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.507261992 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.507261992 CEST	49773	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.507271051 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.507281065 CEST	443	49773	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.515393972 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.515415907 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.515501022 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.516983032 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.516999006 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.562458992 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.562844038 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.562861919 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.564553976 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.564559937 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.584835052 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.592210054 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.592258930 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.592711926 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.592717886 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.660320044 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.660379887 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.660454035 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.673271894 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.673312902 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.673330069 CEST	49774	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.673341036 CEST	443	49774	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.690455914 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.690615892 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.690901041 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.691348076 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.691390991 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.691675901 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.693547964 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.693567038 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.693579912 CEST	49775	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.693587065 CEST	443	49775	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.695744038 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.695759058 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.701788902 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.701875925 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.701953888 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.702136040 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.702169895 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.725809097 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.726531982 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.726557016 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.727473021 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.727489948 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.835690975 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.835834026 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.835887909 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.837096930 CEST	49776	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.837106943 CEST	443	49776	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.841295004 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.841336966 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.841417074 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.841682911 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.841707945 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.926904917 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.927290916 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.927311897 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:20.927908897 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:20.927915096 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.033436060 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.033508062 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.033562899 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.033745050 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.033762932 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.033771992 CEST	49777	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.033777952 CEST	443	49777	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.037446022 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.037487030 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.037616014 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.038098097 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.038114071 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.114154100 CEST	49703	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.114413023 CEST	49703	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.114927053 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.114947081 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.115042925 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.118957996 CEST	443	49703	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.119170904 CEST	443	49703	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.119539022 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.119554996 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.200359106 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.201180935 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.201205015 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.201600075 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.201606035 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.304043055 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.304220915 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.304285049 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.304421902 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.304428101 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.304466963 CEST	49779	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.304471016 CEST	443	49779	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.307307959 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.307331085 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.307413101 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.307522058 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.307528019 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.326090097 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.326512098 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.326523066 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.326972008 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.326977015 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.361680031 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.362035036 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.362070084 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.362420082 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.362432957 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.432588100 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.432647943 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.432760000 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.432881117 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.432881117 CEST	49780	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.432900906 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.432913065 CEST	443	49780	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.435746908 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.435786963 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.435857058 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.436077118 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.436093092 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.467283010 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.467339039 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.467457056 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.467535973 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.467569113 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.467595100 CEST	49781	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.467611074 CEST	443	49781	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.469329119 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.469364882 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.469449043 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.469537973 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.469547987 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.509223938 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.511377096 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.511419058 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.511723042 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.511733055 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.611834049 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.612009048 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.612096071 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.612142086 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.612143040 CEST	49782	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.612166882 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.612186909 CEST	443	49782	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.614589930 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.614645004 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.614736080 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.614907026 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.614922047 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.701551914 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.701762915 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.703053951 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.703831911 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.703854084 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.704826117 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.704833984 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.720057964 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.720077991 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.721112967 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.721189976 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.721992016 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.722054958 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.722300053 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.722309113 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.806878090 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.807029963 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.807303905 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.807401896 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.807401896 CEST	49783	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.807423115 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.807435989 CEST	443	49783	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.810868025 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.810900927 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.810980082 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.811258078 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.811275959 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.868513107 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:21.868561983 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:21.868678093 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:21.868927002 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:21.868942022 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:21.946626902 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.947105885 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.947189093 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.947870970 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:21.947885990 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:21.960514069 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.960566998 CEST	443	49784	23.1.237.91	192.168.2.5
Oct 7, 2024 03:23:21.960639000 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:21.960639000 CEST	49784	443	192.168.2.5	23.1.237.91
Oct 7, 2024 03:23:22.044778109 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.044862032 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.044936895 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.045337915 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.045380116 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.045407057 CEST	49785	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.045423031 CEST	443	49785	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.048955917 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.048994064 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.049068928 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.049205065 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.049217939 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.085560083 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.086257935 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.086292982 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.086751938 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.086762905 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.111675024 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.112241983 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.112261057 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.112624884 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.112629890 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.185899019 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.186037064 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.186115980 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.186258078 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.186290026 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.186314106 CEST	49786	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.186327934 CEST	443	49786	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.189099073 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.189135075 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.189220905 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.189395905 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.189420938 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.211103916 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.211241961 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.211313009 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.211345911 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.211358070 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.211365938 CEST	49787	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.211369991 CEST	443	49787	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.213519096 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.213543892 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.213779926 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.213979006 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.213994026 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.256866932 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.257297039 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.257327080 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.257654905 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.257666111 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.354968071 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.355124950 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.355201006 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.355397940 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.355397940 CEST	49788	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.355426073 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.355448008 CEST	443	49788	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.358475924 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.358511925 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.358611107 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.359060049 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.359076977 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.452533960 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.470048904 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.470104933 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.470537901 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.470552921 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.503079891 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:22.503442049 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:22.503473997 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:22.504708052 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:22.505001068 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:22.505153894 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:22.505623102 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:22.505728960 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:22.505739927 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:22.565310955 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.565450907 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.565551043 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.569472075 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.569472075 CEST	49789	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.569506884 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.569535017 CEST	443	49789	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.597835064 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.597934961 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.598052025 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.601785898 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.601824045 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.694555998 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.724375010 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.724432945 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.725039959 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.725054026 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.821367025 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.821427107 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.821497917 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.821713924 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.821758986 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.821787119 CEST	49791	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.821803093 CEST	443	49791	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.825544119 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.825584888 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.825648069 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.825855970 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.825870991 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.836323977 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:22.837088108 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:22.837179899 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:22.840807915 CEST	49790	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:22.840823889 CEST	443	49790	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:22.865304947 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.865789890 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.865811110 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.866239071 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.866245031 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.868503094 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.868973970 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.869009018 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.869347095 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.869358063 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.970592976 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.970720053 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.970813990 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.970959902 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.971009016 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.971030951 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.971061945 CEST	49793	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.971069098 CEST	443	49793	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.971107960 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.971466064 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.971550941 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.971550941 CEST	49792	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.971613884 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.971642971 CEST	443	49792	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.975167036 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.975183010 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.975264072 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.975394964 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.975400925 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.975533962 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.975533962 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.975553989 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.975776911 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.975785971 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.997731924 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.998298883 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.998311043 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:22.998970985 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:22.998975039 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.097214937 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.097354889 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.097495079 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.097604036 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.097614050 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.097644091 CEST	49794	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.097647905 CEST	443	49794	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.100985050 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.101000071 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.101082087 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.101205111 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.101211071 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.251375914 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.251847029 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.251883984 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.252226114 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.252238989 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.350400925 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.350562096 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.350630045 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.350804090 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.350836039 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.350861073 CEST	49795	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.350876093 CEST	443	49795	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.353526115 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.353599072 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.353882074 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.354017019 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.354033947 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.459168911 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.459846973 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.459863901 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.460257053 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.460262060 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.558094978 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.558139086 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.558245897 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.558471918 CEST	49796	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.558484077 CEST	443	49796	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.561592102 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.561642885 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.561870098 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.562021971 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.562046051 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.614695072 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.615135908 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.615150928 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.615508080 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.615514040 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.625605106 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.625972033 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.625984907 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.626312971 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.626317024 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.712568045 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.712728024 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.712790012 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.713087082 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.713095903 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.713108063 CEST	49797	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.713112116 CEST	443	49797	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.715893984 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.715919971 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.716134071 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.716353893 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.716381073 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.725538015 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.725697994 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.725891113 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.725972891 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.725976944 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.725986958 CEST	49798	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.725991011 CEST	443	49798	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.733359098 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.733400106 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.733594894 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.733699083 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.733724117 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.747160912 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.747729063 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.747746944 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.747881889 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.747895002 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.845927000 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.846081018 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.846309900 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.846309900 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.846548080 CEST	49799	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.846554995 CEST	443	49799	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.848663092 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.848706007 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:23.850234985 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.850765944 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:23.850796938 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.005494118 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.006366014 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.006366014 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.006417990 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.006463051 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.105350971 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.105401039 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.105520010 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.105698109 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.105698109 CEST	49800	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.105742931 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.105771065 CEST	443	49800	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.108480930 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.108509064 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.108649015 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.108807087 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.108815908 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.233932972 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.234392881 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.234427929 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.234836102 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.234848022 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.338933945 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.338978052 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.339335918 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.339335918 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.339406013 CEST	49801	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.339432955 CEST	443	49801	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.342010975 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.342036963 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.342200994 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.342374086 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.342387915 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.355010033 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.355451107 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.355469942 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.356034040 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.356045961 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.378576994 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.379031897 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.379071951 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.379556894 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.379573107 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.453516006 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.453682899 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.453876972 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.453876972 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.454030037 CEST	49802	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.454057932 CEST	443	49802	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.456620932 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.456697941 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.456831932 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.457022905 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.457055092 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.477830887 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.477968931 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.478122950 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.478203058 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.478203058 CEST	49803	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.478234053 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.478255033 CEST	443	49803	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.480488062 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.480513096 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.480649948 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.480701923 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.480709076 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.497983932 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.498353958 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.498373985 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.498965025 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.498976946 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.598937988 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.599088907 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.599345922 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.599411011 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.599411011 CEST	49804	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.599442005 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.599463940 CEST	443	49804	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.601644039 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.601680994 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.601845980 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.601895094 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.601903915 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.746233940 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.748656034 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.748670101 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.748939037 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.748943090 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.844964027 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.845104933 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.845309019 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.847167015 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.847181082 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.847189903 CEST	49805	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.847196102 CEST	443	49805	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.854106903 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.854120016 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.854183912 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.855135918 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.855148077 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.979171991 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.982737064 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.982743979 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:24.983503103 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:24.983505964 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.078717947 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.078856945 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.078952074 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.136333942 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.149303913 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.177074909 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.185024023 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.185030937 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.185070038 CEST	49806	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.185074091 CEST	443	49806	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.192693949 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.227863073 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.227895975 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.228465080 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.228477001 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.231056929 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.231061935 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.235146046 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.235148907 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.280251026 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.281913042 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.281924963 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.282761097 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.282767057 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.283869982 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.283904076 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.283982992 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.284223080 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.284238100 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.329400063 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.329566002 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.329624891 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.329910040 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.329910040 CEST	49807	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.329952955 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.329977036 CEST	443	49807	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.333743095 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.333777905 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.333935976 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.335278034 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.335460901 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.335669994 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.336642027 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.336657047 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.336855888 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.336863995 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.336961031 CEST	49808	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.336965084 CEST	443	49808	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.341447115 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.341490030 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.341584921 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.341725111 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.341753006 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.384485006 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.384561062 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.384608030 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.385205984 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.385217905 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.385229111 CEST	49809	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.385235071 CEST	443	49809	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.389580011 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.389602900 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.389684916 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.390000105 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.390026093 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.519207001 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.519792080 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.519798994 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.520488977 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.520493984 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.621067047 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.621206999 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.621269941 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.621423006 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.621423006 CEST	49810	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.621431112 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.621439934 CEST	443	49810	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.625159979 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.625201941 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.625457048 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.625457048 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.625488997 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.943289042 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.947065115 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.947073936 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.947725058 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.947730064 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.982430935 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.982985973 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.983006954 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.983645916 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.983650923 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.988301992 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.988744974 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.988810062 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:25.989358902 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:25.989376068 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.021212101 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.022469997 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.022490025 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.023463011 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.023473024 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.046566963 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.046626091 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.046681881 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.046865940 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.046878099 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.046895981 CEST	49811	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.046901941 CEST	443	49811	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.049904108 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.049926043 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.049992085 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.051260948 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.051274061 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.080554962 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.080727100 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.080853939 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.080928087 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.080928087 CEST	49812	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.080946922 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.080955982 CEST	443	49812	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.086286068 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.086425066 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.086543083 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.089656115 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.089657068 CEST	49813	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.089692116 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.089719057 CEST	443	49813	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.089845896 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.089936972 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.090017080 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.090265036 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.090300083 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.092158079 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.092180967 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.092303038 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.092463017 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.092488050 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.124046087 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.124094963 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.124181032 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.124341965 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.124356985 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.124505043 CEST	49814	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.124517918 CEST	443	49814	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.128931046 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.128950119 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.129020929 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.129437923 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.129451036 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.266340017 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.268091917 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.268105984 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.268666029 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.268672943 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.367242098 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.367376089 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.367567062 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.367567062 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.367599964 CEST	49815	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.367615938 CEST	443	49815	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.371087074 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.371133089 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.371227980 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.371418953 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.371443987 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.687786102 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.688457966 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.688472986 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.689116001 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.689119101 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.735707045 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.736313105 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.736345053 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.736943007 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.736949921 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.756349087 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.756740093 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.756755114 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.757437944 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.757442951 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.786043882 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.786200047 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.786336899 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.786366940 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.786374092 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.786391973 CEST	49816	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.786396027 CEST	443	49816	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.791304111 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.791416883 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.791507959 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.791620016 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.791651964 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.793433905 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.793879032 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.793893099 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.794475079 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.794478893 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.834701061 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.834902048 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.834961891 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.835175991 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.835196018 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.835359097 CEST	49818	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.835366011 CEST	443	49818	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.846616030 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.846676111 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.846760988 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.846956968 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.846978903 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.858532906 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.858709097 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.858772993 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.858882904 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.858896017 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.858906984 CEST	49817	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.858911991 CEST	443	49817	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.861908913 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.861932993 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.862078905 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.862217903 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.862234116 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.894166946 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.894328117 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.894449949 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.894514084 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.894524097 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.894534111 CEST	49819	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.894540071 CEST	443	49819	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.899229050 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.899241924 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:26.899296999 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.899445057 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:26.899456024 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.015948057 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.017112017 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.017129898 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.017838955 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.017846107 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.115097046 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.115156889 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.115312099 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.117310047 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.117317915 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.117331028 CEST	49820	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.117337942 CEST	443	49820	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.122183084 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.122258902 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.122339964 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.122469902 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.122498989 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.443108082 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.446474075 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.446521997 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.447000027 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.447014093 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.486742973 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.497500896 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.497538090 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.497963905 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.497981071 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.498621941 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.500991106 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.501013041 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.501398087 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.501404047 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.543425083 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.543919086 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.543935061 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.544389963 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.544394016 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.544395924 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.544548035 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.544693947 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.544760942 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.544760942 CEST	49821	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.544800997 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.544825077 CEST	443	49821	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.547802925 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.547852039 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.547938108 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.548089981 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.548122883 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.593867064 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.594013929 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.594093084 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.594304085 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.594329119 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.594352961 CEST	49822	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.594366074 CEST	443	49822	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.596468925 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.596491098 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.596679926 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.599261045 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.599450111 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.600682974 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.609575987 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.609585047 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.609724998 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.609733105 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.609746933 CEST	49823	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.609751940 CEST	443	49823	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.611670971 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.611689091 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.611752033 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.611867905 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.611880064 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.645297050 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.645437002 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.645503044 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.645641088 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.645651102 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.645663977 CEST	49824	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.645677090 CEST	443	49824	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.648471117 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.648509026 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.648686886 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.649806023 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.649822950 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.758593082 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.759186983 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.759255886 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.759639978 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.759654045 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.856831074 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.856960058 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.857029915 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.857261896 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.857300997 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.857327938 CEST	49825	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.857342958 CEST	443	49825	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.860390902 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.860436916 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:27.860502005 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.860656977 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:27.860675097 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.182929039 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.186691046 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.186758041 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.187446117 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.187458038 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.264255047 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.264655113 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.264672995 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.265084028 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.265089035 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.266205072 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.266477108 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.266516924 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.266797066 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.266809940 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.281337976 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.281413078 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.281478882 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.281605005 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.281605005 CEST	49826	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.281644106 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.281671047 CEST	443	49826	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.284426928 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.284444094 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.284527063 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.284672022 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.284679890 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.294971943 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.295288086 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.295330048 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.295681953 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.295687914 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.363801956 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.363944054 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.364082098 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.364104033 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.364109039 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.364234924 CEST	49828	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.364239931 CEST	443	49828	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.364247084 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.364352942 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.364420891 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.364476919 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.364476919 CEST	49827	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.364507914 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.364531040 CEST	443	49827	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.368458986 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.368486881 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.368594885 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.368802071 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.368818045 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.369026899 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.369039059 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.369102955 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.369187117 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.369194031 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.398228884 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.398294926 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.398360014 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.398610115 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.398633003 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.398647070 CEST	49829	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.398655891 CEST	443	49829	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.401839972 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.401849985 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.401922941 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.402091980 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.402096987 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.499313116 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.499829054 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.499847889 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.500314951 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.500322104 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.597290039 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.597390890 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.597462893 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.597661972 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.597677946 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.597688913 CEST	49830	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.597695112 CEST	443	49830	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.601001024 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.601043940 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.601207972 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.601334095 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.601346016 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.984425068 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.985430956 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.985441923 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:28.985876083 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:28.985883951 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.027578115 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.028045893 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.028090000 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.028404951 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.028417110 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.058942080 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.059273958 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.059302092 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.059561014 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.059567928 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.066858053 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.067152977 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.067171097 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.067473888 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.067478895 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.088304043 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.088454008 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.088526011 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.088668108 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.088668108 CEST	49831	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.088680983 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.088686943 CEST	443	49831	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.090828896 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.090868950 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.090931892 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.091061115 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.091078997 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.128422976 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.128582001 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.128720999 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.128748894 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.128766060 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.128777027 CEST	49833	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.128782988 CEST	443	49833	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.130815029 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.130842924 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.130918980 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.131035089 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.131041050 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.163214922 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.163265944 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.163353920 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.163367987 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.163438082 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.163507938 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.163508892 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.163537025 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.163563967 CEST	49832	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.163574934 CEST	443	49832	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.165405035 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.165416956 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.165498972 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.165605068 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.165610075 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.165942907 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.166096926 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.166157961 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.166275978 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.166281939 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.166295052 CEST	49834	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.166299105 CEST	443	49834	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.168071032 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.168092012 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.168299913 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.168301105 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.168328047 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.251087904 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.251553059 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.251574993 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.251956940 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.251962900 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.348833084 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.348886013 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.349072933 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.349072933 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.349133968 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.349164963 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.349186897 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.349204063 CEST	49835	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.349210978 CEST	443	49835	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.351640940 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.351706028 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.351787090 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.351891994 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.351906061 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.730211020 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.753413916 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.753423929 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.753853083 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.753864050 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.802269936 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.802681923 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.802709103 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.803069115 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.803075075 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.815553904 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.816355944 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.816364050 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.816852093 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.816860914 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.833551884 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.834002972 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.834012985 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.834386110 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.834388971 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.848782063 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.848813057 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.848859072 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.848876953 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.848913908 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.849010944 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.849023104 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.849026918 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.849034071 CEST	49836	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.849066973 CEST	443	49836	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.852775097 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.852808952 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.852880955 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.853076935 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.853087902 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.905536890 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.905597925 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.905648947 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.905675888 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.905754089 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.905803919 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.905921936 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.905942917 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.905955076 CEST	49837	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.905961990 CEST	443	49837	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.908979893 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.909010887 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.909080029 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.909210920 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.909223080 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.915941954 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.916094065 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.916152954 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.916188002 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.916197062 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.916207075 CEST	49838	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.916212082 CEST	443	49838	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.917918921 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.917954922 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.918025970 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.918131113 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.918142080 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.934407949 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.934585094 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.934643984 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.934676886 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.934689045 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.934700012 CEST	49839	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.934705019 CEST	443	49839	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.936244965 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.936305046 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.936387062 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.936499119 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.936518908 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.990583897 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.991149902 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.991189957 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:29.991487026 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:29.991501093 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.088736057 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.088893890 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.088977098 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.089026928 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.089051962 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.089099884 CEST	49840	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.089114904 CEST	443	49840	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.090702057 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.090783119 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.090862036 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.090955973 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.090976000 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.485908031 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.486341000 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.486366034 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.486749887 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.486756086 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.561120987 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.561453104 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.561480999 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.561779022 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.561785936 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.569621086 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.569926977 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.569992065 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.570245028 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.570262909 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.578950882 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.579257965 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.579301119 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.579571009 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.579586983 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.584264040 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.584367037 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.584423065 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.584501982 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.584525108 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.584538937 CEST	49841	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.584546089 CEST	443	49841	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.590311050 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.590393066 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.590488911 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.590588093 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.590605974 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.660855055 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.661036968 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.661313057 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.661441088 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.661441088 CEST	49842	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.661462069 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.661475897 CEST	443	49842	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.663497925 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.663562059 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.663644075 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.663760900 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.663774967 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.669528008 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.669711113 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.669780016 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.670053005 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.670053005 CEST	49843	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.670084953 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.670109034 CEST	443	49843	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.671825886 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.671869040 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.671947956 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.672063112 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.672079086 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.681354046 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.683135986 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.683199883 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.683247089 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.683274984 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.683300972 CEST	49844	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.683314085 CEST	443	49844	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.684905052 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.684925079 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.684990883 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.685106039 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.685116053 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.756571054 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.756927013 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.756988049 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.757271051 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.757285118 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.859536886 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.859683037 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.859743118 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.859910011 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.859941959 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.859967947 CEST	49845	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.859982967 CEST	443	49845	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.862720966 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.862746954 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:30.862797022 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.863044024 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:30.863058090 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.242000103 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.242626905 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.242661953 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.243171930 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.243185043 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.323788881 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.324270964 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.324286938 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.324446917 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.324583054 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.324587107 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.324970007 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.325000048 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.325294018 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.325300932 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.341844082 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.342025042 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.342106104 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.342181921 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.342181921 CEST	49846	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.342221022 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.342245102 CEST	443	49846	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.344676018 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.344710112 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.344779968 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.344892025 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.344904900 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.421467066 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.422729015 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.422812939 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.422827959 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.422842979 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.422852039 CEST	49849	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.422857046 CEST	443	49849	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.424649000 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.424734116 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.424810886 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.424925089 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.424946070 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.432414055 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.432478905 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.432533979 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.432564974 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.432595015 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.432647943 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.432670116 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.432686090 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.432698965 CEST	49848	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.432706118 CEST	443	49848	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.434292078 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.434322119 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.434386969 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.434479952 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.434489965 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.500605106 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.500965118 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.500981092 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.501302958 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.501307964 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.599411011 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.599483967 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.599534035 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.599544048 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.599596977 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.599644899 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.601440907 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.601449966 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.601459026 CEST	49850	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.601464033 CEST	443	49850	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.607531071 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.607563972 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.607619047 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.607753992 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.607767105 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.731143951 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.731822968 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.731868982 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.732207060 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.732218981 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.829313040 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.829446077 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.829534054 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.829615116 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.829643965 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.829684973 CEST	49847	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.829699039 CEST	443	49847	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.831840992 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.831932068 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.832109928 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.832211971 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.832232952 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.997065067 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.998253107 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.998280048 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:31.998790979 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:31.998796940 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.065659046 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.071026087 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.071075916 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.071583033 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.071595907 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.078639984 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.079022884 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.079036951 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.079408884 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.079415083 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.098252058 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.098406076 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.098463058 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.098612070 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.098628998 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.098664999 CEST	49851	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.098671913 CEST	443	49851	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.167761087 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.167941093 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.168032885 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.176568985 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.176917076 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.177006960 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.216020107 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.216067076 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.216100931 CEST	49852	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.216115952 CEST	443	49852	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.219260931 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.219281912 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.219290972 CEST	49853	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.219296932 CEST	443	49853	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.223938942 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.223968983 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.224045038 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.232877016 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.232909918 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.233129978 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.233727932 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.233745098 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.233961105 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.233973980 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.234437943 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.234445095 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.234513998 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.234596968 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.234603882 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.246951103 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.249269962 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.249290943 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.249654055 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.249659061 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.345963001 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.346067905 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.346122026 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.346141100 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.346199036 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.346302032 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.346302986 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.346322060 CEST	49854	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.346329927 CEST	443	49854	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.348546028 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.348581076 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.348654032 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.348747969 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.348756075 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.472134113 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.476037025 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.476077080 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.476494074 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.476510048 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.571360111 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.571546078 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.574922085 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.574922085 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.574975967 CEST	49855	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.575000048 CEST	443	49855	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.577117920 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.577155113 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.577244043 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.577347994 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.577359915 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.786010981 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.786607981 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.786628008 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.787256956 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.787262917 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.870217085 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.870719910 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.870735884 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.871205091 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.871208906 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.883116007 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.883239985 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.883304119 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.883409977 CEST	49857	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.883420944 CEST	443	49857	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.888941050 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.888988972 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.889157057 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.889420986 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.889439106 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.915817976 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.916585922 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.916604042 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.917747021 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.917751074 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.968982935 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.969101906 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.969151974 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.969295979 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.969302893 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.969311953 CEST	49856	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.969316006 CEST	443	49856	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.972203970 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.972228050 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:32.972326040 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.972445011 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:32.972456932 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.010853052 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.016621113 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.016633034 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.017108917 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.017112017 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.019330978 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.019438028 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.019488096 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.019503117 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.019539118 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.019591093 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.019670963 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.019680977 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.019691944 CEST	49858	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.019696951 CEST	443	49858	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.023338079 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.023370028 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.023452997 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.023582935 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.023608923 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.113832951 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.113989115 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.114087105 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.114450932 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.114451885 CEST	49859	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.114464998 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.114474058 CEST	443	49859	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.117439985 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.117476940 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.117547989 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.117697001 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.117706060 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.229403973 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.230030060 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.230110884 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.230669022 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.230685949 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.329468966 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.329544067 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.329700947 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.329858065 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.329960108 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.329960108 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.331065893 CEST	49860	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.331084967 CEST	443	49860	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.332847118 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.332875013 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.332946062 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.333071947 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.333077908 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.555788040 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.556360006 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.556380033 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.557018995 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.557024002 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.618988991 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.619602919 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.619616985 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.620152950 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.620157957 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.657345057 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.657685995 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.657752991 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.657799006 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.657810926 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.657820940 CEST	49861	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.657824993 CEST	443	49861	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.660741091 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.660763979 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.660832882 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.660975933 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.660980940 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.662786961 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.665416956 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.665447950 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.666032076 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.666045904 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.721787930 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.721936941 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.722022057 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.722306013 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.722306013 CEST	49862	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.722317934 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.722325087 CEST	443	49862	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.726957083 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.727021933 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.727118015 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.727298975 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.727313042 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.755935907 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.756566048 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.756584883 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.757282972 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.757293940 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.761132002 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.761524916 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.761599064 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.761648893 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.761648893 CEST	49863	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.761679888 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.761703968 CEST	443	49863	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.764725924 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.764772892 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.764867067 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.765007019 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.765032053 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.854655027 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.854789019 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.854847908 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.854866982 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.854895115 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.854953051 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.855180979 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.855214119 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.855237961 CEST	49864	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.855272055 CEST	443	49864	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.858809948 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.858831882 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:33.858915091 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.859097004 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:33.859108925 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.001723051 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.002430916 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.002449036 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.003109932 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.003117085 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.101644039 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.101721048 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.101816893 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.102039099 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.102056026 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.102066994 CEST	49865	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.102072001 CEST	443	49865	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.106321096 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.106404066 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.106508970 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.106712103 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.106750965 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.393461943 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.394196987 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.394217014 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.394722939 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.394728899 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.447577953 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.448092937 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.448138952 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.448585987 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.448596954 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.497554064 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.497739077 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.497812986 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.524930954 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.536525011 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.536547899 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.536581993 CEST	49867	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.536587954 CEST	443	49867	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.551575899 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.551734924 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.551817894 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.551829100 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.551871061 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.568088055 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.571832895 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.571870089 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.571897984 CEST	49868	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.571913004 CEST	443	49868	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.574120045 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.574172974 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.574625015 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.574640989 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.579663992 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.579718113 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.579804897 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.579973936 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.579988003 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.580831051 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.580871105 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.580931902 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.581330061 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.581346989 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.656064034 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.662265062 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.662347078 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.662940025 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.662954092 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.673654079 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.674514055 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.674609900 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.675612926 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.675645113 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.675673008 CEST	49869	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.675687075 CEST	443	49869	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.697774887 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.697860956 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.697971106 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.701982975 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.702063084 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.757534981 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.757632971 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.757886887 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.790380955 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.790380955 CEST	49870	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.790431023 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.790456057 CEST	443	49870	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.793389082 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.793472052 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:34.793556929 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.793704033 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:34.793726921 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.231570959 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.232275009 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.232285023 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.232816935 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.232820988 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.266455889 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.267055035 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.267103910 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.267678976 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.267697096 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.332942963 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.333152056 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.333216906 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.333348989 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.333348989 CEST	49872	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.333373070 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.333384991 CEST	443	49872	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.336981058 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.337003946 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.337203979 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.337203979 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.337229013 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.342494011 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.342931032 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.343008995 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.343555927 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.343570948 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.366533041 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.366602898 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.366679907 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.366708994 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.366744995 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.366791964 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.366889954 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.366889954 CEST	49871	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.366919994 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.366940022 CEST	443	49871	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.369777918 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.369805098 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.369873047 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.370006084 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.370012999 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.427901030 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.428818941 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.428879976 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.429546118 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.429565907 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.440705061 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.440853119 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.440948009 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.441047907 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.441092014 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.441149950 CEST	49873	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.441164970 CEST	443	49873	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.444981098 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.445023060 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.445215940 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.445272923 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.445287943 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.526932955 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.527003050 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.527075052 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.527314901 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.527314901 CEST	49874	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.527359962 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.527405977 CEST	443	49874	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.530452013 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.530487061 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.530558109 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.530832052 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.530847073 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.735609055 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.736428022 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.736459017 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.736947060 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.736952066 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.838526011 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.838710070 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.838917017 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.838984966 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.839003086 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.839014053 CEST	49866	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.839020967 CEST	443	49866	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.842329979 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.842371941 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.842451096 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.842622042 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.842631102 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.970628977 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.971687078 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.971702099 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:35.972311020 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:35.972318888 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.021285057 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.025178909 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.025194883 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.025719881 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.025724888 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.069493055 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.069914103 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.070029974 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.070549965 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.070549965 CEST	49875	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.070579052 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.070590973 CEST	443	49875	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.073488951 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.073573112 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.073684931 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.073968887 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.074002981 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.095776081 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.096390009 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.096415043 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.096904993 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.096910954 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.125051975 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.125144005 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.125193119 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.125211000 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.125247002 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.125297070 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.125449896 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.125468969 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.125480890 CEST	49876	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.125485897 CEST	443	49876	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.128613949 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.128695011 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.128774881 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.128907919 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.128925085 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.189965963 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.193087101 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.193099022 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.194322109 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.194328070 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.196439981 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.196587086 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.196641922 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.196721077 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.196734905 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.196747065 CEST	49877	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.196752071 CEST	443	49877	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.199851036 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.199904919 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.199992895 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.200128078 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.200160027 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.292853117 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.292979956 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.293021917 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.293107986 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.293107986 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.293371916 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.293371916 CEST	49878	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.293392897 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.293411016 CEST	443	49878	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.296314001 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.296340942 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.296427011 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.296575069 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.296581030 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.485316038 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.487848043 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.487867117 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.488347054 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.488352060 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.585340023 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.585483074 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.585733891 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.585788965 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.585788965 CEST	49879	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.585808992 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.585815907 CEST	443	49879	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.589220047 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.589241982 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.589366913 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.589548111 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.589554071 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.720402956 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.721050978 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.721159935 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.721539021 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.721551895 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.774382114 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.775755882 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.775830030 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.776215076 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.776232958 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.821170092 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.821203947 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.821244001 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.821578026 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.821641922 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.821680069 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.821708918 CEST	49880	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.821723938 CEST	443	49880	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.824909925 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.824947119 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.825015068 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.825182915 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.825205088 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.855304956 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.858216047 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.858277082 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.858778000 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.858788967 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.873110056 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.873248100 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.873306036 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.873567104 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.873603106 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.873630047 CEST	49881	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.873642921 CEST	443	49881	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.877291918 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.877340078 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.877407074 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.877599001 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.877624989 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.931813002 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.932513952 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.932547092 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.933217049 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.933228016 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.955348969 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.955476046 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.955528021 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.955553055 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.955584049 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.955635071 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.955698967 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.955722094 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.955744982 CEST	49882	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.955758095 CEST	443	49882	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.958336115 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.958354950 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:36.958421946 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.958544970 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:36.958559036 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.033138037 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.033219099 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.033293009 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.033464909 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.033464909 CEST	49883	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.033485889 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.033507109 CEST	443	49883	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.036135912 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.036145926 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.036214113 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.036350965 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.036362886 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.228378057 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.236553907 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.236572981 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.241020918 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.241040945 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.336719036 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.336812973 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.336936951 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.336987972 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.337225914 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.337225914 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.337225914 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.340121031 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.340179920 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.340276003 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.340411901 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.340425014 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.454242945 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.454730988 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.454761028 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.455203056 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.455214024 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.546921968 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.547593117 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.547630072 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.548084021 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.548090935 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.552908897 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.553066015 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.553149939 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.553191900 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.553191900 CEST	49885	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.553214073 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.553226948 CEST	443	49885	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.555963039 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.556021929 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.556116104 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.556243896 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.556263924 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.638004065 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.638735056 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.638761044 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.639259100 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.639262915 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.646245956 CEST	49884	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.646255016 CEST	443	49884	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.648350000 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.648490906 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.648556948 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.648642063 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.648660898 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.648677111 CEST	49886	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.648683071 CEST	443	49886	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.651482105 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.651494980 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.651587009 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.651734114 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.651746035 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.695489883 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.696125984 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.696147919 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.696453094 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.696470976 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.741337061 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.741509914 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.741579056 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.741652966 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.741667986 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.741677999 CEST	49887	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.741682053 CEST	443	49887	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.744643927 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.744726896 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.744843960 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.744997978 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.745019913 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.798336983 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.798434973 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.798490047 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.798494101 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.798609018 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.798765898 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.798777103 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.798818111 CEST	49888	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.798821926 CEST	443	49888	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.801779032 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.801852942 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.801953077 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.802115917 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.802145958 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.980019093 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.980616093 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.980652094 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:37.981373072 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:37.981393099 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.080147028 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.080295086 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.080357075 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.080507994 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.080529928 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.080543995 CEST	49889	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.080550909 CEST	443	49889	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.083561897 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.083622932 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.083709002 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.083933115 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.083950996 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.208127975 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.209203005 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.209228039 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.210027933 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.210042953 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.304825068 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.305444956 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.305468082 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.306150913 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.306157112 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.307614088 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.307712078 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.307766914 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.307789087 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.307816029 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.307881117 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.308007002 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.308021069 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.308032036 CEST	49890	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.308038950 CEST	443	49890	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.311017990 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.311101913 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.311192989 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.311336040 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.311356068 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.384802103 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.385308981 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.385366917 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.385776043 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.385811090 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.404591084 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.404740095 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.404922009 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.404922009 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.404922009 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.407484055 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.407510996 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.407586098 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.407798052 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.407804012 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.437020063 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.437520981 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.437547922 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.437949896 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.437963963 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.484337091 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.484405041 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.484472990 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.484735012 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.484735012 CEST	49892	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.484750986 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.484771967 CEST	443	49892	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.488029003 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.488059044 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.488149881 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.488320112 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.488332033 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.536222935 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.536422014 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.536485910 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.536536932 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.536566019 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.536609888 CEST	49893	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.536624908 CEST	443	49893	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.538790941 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.538800001 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.538877010 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.539001942 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.539005995 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.708786011 CEST	49891	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.708797932 CEST	443	49891	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.718313932 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.718919039 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.718981981 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.719470024 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.719487906 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.822371960 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.822400093 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.822453976 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.822494030 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.822534084 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.822822094 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.822864056 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.822896004 CEST	49894	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.822911024 CEST	443	49894	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.826282024 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.826322079 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.826406002 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.826587915 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.826601982 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.962718964 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.968684912 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.968765974 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:38.969211102 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:38.969224930 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.052725077 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.057275057 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.057312965 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.057751894 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.057755947 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.066457033 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.066608906 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.066834927 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.067001104 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.067048073 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.067081928 CEST	49895	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.067097902 CEST	443	49895	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.070759058 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.070827007 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.072837114 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.073009968 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.073024035 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.123028994 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.125385046 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.125403881 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.125850916 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.125869036 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.153247118 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.153425932 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.153515100 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.153527975 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.153593063 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.153696060 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.153712034 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.153729916 CEST	49896	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.153734922 CEST	443	49896	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.157042980 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.157130957 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.157234907 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.157367945 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.157392979 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.174177885 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.174535036 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.174559116 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.174979925 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.174992085 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.222058058 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.222368956 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.222426891 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.222632885 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.222644091 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.222654104 CEST	49897	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.222657919 CEST	443	49897	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.226169109 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.226198912 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.226309061 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.226442099 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.226464033 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.272962093 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.273179054 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.273300886 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.273529053 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.273535013 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.273570061 CEST	49898	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.273575068 CEST	443	49898	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.276609898 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.276642084 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.276741028 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.276890039 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.276912928 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.492028952 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.492587090 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.492599010 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.493038893 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.493041992 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.596401930 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.596607924 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.596669912 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.596713066 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.596721888 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.596731901 CEST	49899	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.596735001 CEST	443	49899	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.599999905 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.600090981 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.600194931 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.600325108 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.600358009 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.713114977 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.713723898 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.713741064 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.714232922 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.714240074 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.803272963 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.805126905 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.805186987 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.805592060 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.805605888 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.811079979 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.811764002 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.811842918 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.812045097 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.812060118 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.812076092 CEST	49900	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.812084913 CEST	443	49900	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.814970970 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.814996004 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.815077066 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.815211058 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.815222979 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.870466948 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.870836020 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.870912075 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.871225119 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.871241093 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.902605057 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.902833939 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.902900934 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.902982950 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.903017044 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.903043032 CEST	49901	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.903057098 CEST	443	49901	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.907068014 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.907079935 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.907149076 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.907356024 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.907366037 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.932885885 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.933504105 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.933526039 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.934329033 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.934334040 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.972287893 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.972455978 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.972533941 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.972883940 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.972883940 CEST	49902	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.972903013 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.972925901 CEST	443	49902	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.977945089 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.978017092 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:39.978121042 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.978429079 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:39.978461981 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.038314104 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.038460970 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.038521051 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.040739059 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.040754080 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.040770054 CEST	49903	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.040776014 CEST	443	49903	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.043838024 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.043879986 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.043961048 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.044110060 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.044117928 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.236617088 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.237127066 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.237174034 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.237617016 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.237631083 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.335725069 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.336040020 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.336092949 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.336117983 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.336179018 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.336245060 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.336282015 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.336308002 CEST	49904	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.336324930 CEST	443	49904	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.339296103 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.339339018 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.339443922 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.339699030 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.339741945 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.466450930 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.466901064 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.466959000 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.467340946 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.467355967 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.551347971 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.551786900 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.551810026 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.552340984 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.552351952 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.567301989 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.567512035 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.567599058 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.567804098 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.567804098 CEST	49905	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.567835093 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.567858934 CEST	443	49905	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.570306063 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.570338964 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.570425034 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.570561886 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.570574045 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.624517918 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.625245094 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.625283003 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.625613928 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.625627995 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.648998022 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.649158955 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.649499893 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.649499893 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.649499893 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.652219057 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.652257919 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.652349949 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.652470112 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.652475119 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.694281101 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.694744110 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.694753885 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.695280075 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.695283890 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.722596884 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.722799063 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.722899914 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.723052025 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.723052025 CEST	49907	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.723083019 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.723104000 CEST	443	49907	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.725749969 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.725831985 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.725917101 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.726032972 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.726054907 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.795835018 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.795861006 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.796027899 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.796036959 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.796050072 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.796129942 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.796184063 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.796189070 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.796199083 CEST	49908	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.796202898 CEST	443	49908	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.798527956 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.798557043 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.798629045 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.798808098 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.798831940 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.864857912 CEST	49906	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.864921093 CEST	443	49906	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.982978106 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.983556032 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.983566999 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:40.984050035 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:40.984055996 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.083131075 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.083225012 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.083280087 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.083283901 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.083342075 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.084363937 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.084384918 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.084388971 CEST	49909	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.084395885 CEST	443	49909	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.092269897 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.092327118 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.092442036 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.092611074 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.092633963 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.225617886 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.226257086 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.226281881 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.226866007 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.226872921 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.289345980 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.290205002 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.290241957 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.290522099 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.290527105 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.326081991 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.326150894 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.326261044 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.326343060 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.326489925 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.326509953 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.326524019 CEST	49910	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.326530933 CEST	443	49910	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.330018044 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.330101013 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.330205917 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.330368996 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.330393076 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.386910915 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.387100935 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.387237072 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.387290955 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.387310982 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.387320042 CEST	49911	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.387326002 CEST	443	49911	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.390661955 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.390691042 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.390892029 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.391086102 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.391093016 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.406595945 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.407579899 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.407613993 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.408153057 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.408164978 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.437215090 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.456815958 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.456837893 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.457248926 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.457257986 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.509757042 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.509855032 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.509944916 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.509958982 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.510037899 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.510271072 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.510297060 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.510324001 CEST	49912	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.510335922 CEST	443	49912	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.513153076 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.513200045 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.513267994 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.513407946 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.513417959 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.652657032 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.652748108 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.652812958 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.653106928 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.653132915 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.653157949 CEST	49913	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.653167963 CEST	443	49913	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.732228041 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.781359911 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.792668104 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.792706966 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.793200970 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.793214083 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.794387102 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.794429064 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.794534922 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.794681072 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.794691086 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.888853073 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.888880968 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.888940096 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.888957024 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.889007092 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.891565084 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.891618013 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.891638994 CEST	49914	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.891648054 CEST	443	49914	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.895539999 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.895560980 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.895632029 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.895824909 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.895837069 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.974841118 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.976142883 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.976202011 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:41.976855040 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:41.976872921 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.039721966 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.040446043 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.040455103 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.040949106 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.040952921 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.073457956 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.073527098 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.073630095 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.073785067 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.073786020 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.073940039 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.073940039 CEST	49915	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.073982000 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.074009895 CEST	443	49915	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.076867104 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.076936960 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.077023983 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.077162027 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.077181101 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.138716936 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.138801098 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.138860941 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.138883114 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.138909101 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.138961077 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.139128923 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.139137983 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.139149904 CEST	49916	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.139153004 CEST	443	49916	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.142364979 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.142429113 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.142530918 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.142699003 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.142718077 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.149810076 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.150206089 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.150223017 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.150665998 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.150671005 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.252907991 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.252978086 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.253151894 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.253278971 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.253295898 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.253304958 CEST	49917	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.253309011 CEST	443	49917	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.257463932 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.257548094 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.257915974 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.257916927 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.258035898 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.431139946 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.431821108 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.431860924 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.432286024 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.432291031 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.530172110 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.530272007 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.530430079 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.530550957 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.530569077 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.530577898 CEST	49918	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.530582905 CEST	443	49918	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.533766985 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.533814907 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.533950090 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.534125090 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.534149885 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.574341059 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.574903011 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.574923992 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.575273991 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.575278044 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.679886103 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.680043936 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.680315971 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.680675983 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.680675983 CEST	49919	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.680690050 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.680697918 CEST	443	49919	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.684437990 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.684484005 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.684578896 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.684765100 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.684782982 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.756680012 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.757457018 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.757472992 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.757808924 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.757813931 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.787085056 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.787776947 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.787861109 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.788177013 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.788192034 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.860691071 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.860766888 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.860821962 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.860842943 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.860869884 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.860974073 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.861099958 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.861114979 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.861150026 CEST	49920	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.861155033 CEST	443	49920	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.864247084 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.864283085 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.864362955 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.864518881 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.864523888 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.886331081 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.886523962 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.886745930 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.886828899 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.886828899 CEST	49921	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.886872053 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.886902094 CEST	443	49921	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.889051914 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.889079094 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.889158010 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.889307976 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.889312983 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.905527115 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.906018972 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.906102896 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:42.906318903 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:42.906333923 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.003468037 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.003936052 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.004040003 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.004106045 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.004184008 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.004184008 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.004184008 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.006346941 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.006392956 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.006444931 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.006571054 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.006587029 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.168359041 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.169496059 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.169507980 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.170008898 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.170013905 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.266822100 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.267007113 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.267147064 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.267147064 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.267219067 CEST	49923	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.267232895 CEST	443	49923	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.270307064 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.270368099 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.270452976 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.270593882 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.270627975 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.309125900 CEST	49922	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.309187889 CEST	443	49922	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.352888107 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.353313923 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.353334904 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.353971004 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.353976965 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.455008030 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.455070972 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.455117941 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.455132008 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.455195904 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.455250978 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.455354929 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.455374002 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.455384970 CEST	49924	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.455393076 CEST	443	49924	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.458651066 CEST	49929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.458700895 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.458774090 CEST	49929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.458981037 CEST	49929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.458998919 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.529190063 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.529767990 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.529777050 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.530603886 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.530607939 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.545135975 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.545542955 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.545550108 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.546015978 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.546020031 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.628563881 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.628707886 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.628881931 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.628911018 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.628911018 CEST	49926	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.628925085 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.628933907 CEST	443	49926	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.631827116 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.631870031 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.631934881 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.632116079 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.632141113 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.648876905 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.649017096 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.649069071 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.649082899 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.649086952 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.649096966 CEST	49925	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.649101019 CEST	443	49925	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.651242971 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.651324034 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.651456118 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.651529074 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.651547909 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.657181025 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.657515049 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.657540083 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.657943964 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.657949924 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.757328987 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.757519960 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.757661104 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.757739067 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.757756948 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.757790089 CEST	49927	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.757796049 CEST	443	49927	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.760768890 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.760797977 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.760912895 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.761065960 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.761076927 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.932285070 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.933676958 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.933753967 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:43.934339046 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:43.934354067 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.035170078 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.035298109 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.036788940 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.037055016 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.037098885 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.037128925 CEST	49928	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.037144899 CEST	443	49928	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.040896893 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.040958881 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.044738054 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.044944048 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.044961929 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.099044085 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.124597073 CEST	49929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.124661922 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.125251055 CEST	49929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.125268936 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.221015930 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.221196890 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.224761009 CEST	49929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.263340950 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:44.263364077 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:44.263480902 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:44.264391899 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:44.264405012 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:44.272830009 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.273129940 CEST	49929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.273129940 CEST	49929	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.273169994 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.273184061 CEST	443	49929	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.276115894 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.276154041 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.282968998 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.282993078 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.285840988 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.290241957 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.290299892 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.290664911 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.290678978 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.293016911 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.293025017 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.294775963 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.296091080 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.296099901 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.377918005 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.378231049 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.378325939 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.378374100 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.378443003 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.378669024 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.378669024 CEST	49930	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.378715038 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.378742933 CEST	443	49930	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.382278919 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.382301092 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.382371902 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.382637024 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.382648945 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.385695934 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.385837078 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.385973930 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.386056900 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.386090994 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.386116982 CEST	49931	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.386131048 CEST	443	49931	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.388540030 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.388583899 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.388654947 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.388825893 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.388847113 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.401803017 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.402338982 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.402344942 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.402807951 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.402812004 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.500288963 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.501219034 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.501266956 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.501322031 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.501396894 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.501406908 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.501415014 CEST	49932	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.501420021 CEST	443	49932	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.504354000 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.504385948 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.504463911 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.504621983 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.504638910 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.724469900 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.725516081 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.725533009 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.726464987 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.726471901 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.828402996 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.828564882 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.829195023 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.829251051 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.829268932 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.829279900 CEST	49933	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.829286098 CEST	443	49933	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.832345963 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.832370996 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.832442999 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.832683086 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.832715034 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.894853115 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:44.895253897 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:44.895278931 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:44.895823002 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:44.896276951 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:44.896362066 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:44.896495104 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:44.896511078 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:44.896527052 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:44.949719906 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.950361013 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.950367928 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:44.951435089 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:44.951437950 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.049552917 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.049621105 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.049668074 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.049675941 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.049721956 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.049772978 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.049954891 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.049964905 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.049972057 CEST	49935	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.049977064 CEST	443	49935	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.053471088 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.053555012 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.053647995 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.054378033 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.054416895 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.055423021 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.055830956 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.055856943 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.056268930 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.056276083 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.063875914 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.064202070 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.064224958 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.064632893 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.064640999 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.138700962 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.139218092 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.139238119 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.139672041 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.139677048 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.158262968 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.158332109 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.158390045 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.158399105 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.158440113 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.158505917 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.158600092 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.158621073 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.158632994 CEST	49937	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.158638954 CEST	443	49937	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.161600113 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.161639929 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.161844015 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.163077116 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.163098097 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.167464018 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.167654037 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.167747974 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.167747974 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.167804003 CEST	49936	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.167833090 CEST	443	49936	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.169800997 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.169821024 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.169917107 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.170062065 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.170078039 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.192832947 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:45.193434954 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:45.193531036 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:45.194155931 CEST	49934	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:45.194168091 CEST	443	49934	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:45.237598896 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.237803936 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.237891912 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.238023996 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.238039017 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.238049984 CEST	49938	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.238055944 CEST	443	49938	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.242206097 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.242290020 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.242383957 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.242564917 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.242599010 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.446507931 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:45.446537971 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:45.446629047 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:45.446964979 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:45.446975946 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:45.472901106 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.473469019 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.473509073 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.474286079 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.474293947 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.571820974 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.571851969 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.571907997 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.571918964 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.571966887 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.572138071 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.572154045 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.572166920 CEST	49939	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.572173119 CEST	443	49939	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.576344967 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.576363087 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.576436996 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.576716900 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.576728106 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.718275070 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.719044924 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.719105005 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.719466925 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.719480038 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.797010899 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.797539949 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.797566891 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.797976971 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.797983885 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.811697006 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.812086105 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.812103987 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.812443972 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.812449932 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.821157932 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.821207047 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.821265936 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.821294069 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.821329117 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.821388960 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.821469069 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.821497917 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.821525097 CEST	49940	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.821537971 CEST	443	49940	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.824587107 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.824599981 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.824688911 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.824821949 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.824831963 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.895807028 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.895900965 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.896001101 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.896078110 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.896117926 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.896214962 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.896241903 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.896286964 CEST	49941	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.896296024 CEST	443	49941	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.897252083 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.898389101 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.898473978 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.898777008 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.898832083 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.904848099 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.904900074 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.904983997 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.905102015 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.905107021 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.915247917 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.915465117 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.915528059 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.915555954 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.915568113 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.915579081 CEST	49942	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.915585041 CEST	443	49942	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.917601109 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.917692900 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:45.917767048 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.917892933 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:45.917916059 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.092016935 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:46.092468023 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:46.092490911 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:46.094065905 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:46.094382048 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:46.094517946 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:46.094531059 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:46.094544888 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:46.094836950 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:46.146800041 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:46.179575920 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.179651022 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.179778099 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.179945946 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.179945946 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.180044889 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.180044889 CEST	49943	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.180085897 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.180119038 CEST	443	49943	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.183146954 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.183229923 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.183465958 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.183676004 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.183712006 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.227063894 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.227643013 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.227653027 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.228250027 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.228256941 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.329078913 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.329261065 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.329421043 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.329487085 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.329498053 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.329507113 CEST	49945	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.329510927 CEST	443	49945	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.332426071 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.332505941 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.332750082 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.332750082 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.332828045 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.394275904 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:46.394623995 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:46.394917965 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:46.395337105 CEST	49944	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:46.395359039 CEST	443	49944	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:46.464066982 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.467525959 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.467550993 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.468112946 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.468132973 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.553126097 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.563584089 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.563648939 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.563735008 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.563743114 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.563760042 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.563822031 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.571835995 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.599785089 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.610698938 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.610726118 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.611154079 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.611160994 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.611468077 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.611480951 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.611490965 CEST	49946	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.611495018 CEST	443	49946	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.612903118 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.612931013 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.613282919 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.613287926 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.618338108 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.618377924 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.618809938 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.620522022 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.620539904 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.715609074 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.715708971 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.715806961 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.715811968 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.715964079 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.715964079 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.715991974 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.716010094 CEST	49948	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.716016054 CEST	443	49948	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.720165968 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.720321894 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.720390081 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.729410887 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.729429960 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.729439974 CEST	49947	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.729444981 CEST	443	49947	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.742679119 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.742708921 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.742804050 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.742908001 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.742929935 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.744447947 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.744549990 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.744790077 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.746325970 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.746361971 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.823658943 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.824321985 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.824345112 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.824785948 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.824799061 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.928670883 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.928862095 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.929069996 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.929398060 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.929398060 CEST	49949	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.929466963 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.929502964 CEST	443	49949	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.935488939 CEST	49954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.935571909 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:46.935651064 CEST	49954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.936002970 CEST	49954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:46.936083078 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.004488945 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.005011082 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.005072117 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.005639076 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.005654097 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.104383945 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.104644060 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.104741096 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.104747057 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.104959011 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.104959011 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.104959011 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.107686996 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.107760906 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.107856035 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.108001947 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.108021975 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.196852922 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:47.196882963 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:47.197119951 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:47.197248936 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:47.197261095 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:47.283968925 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.284513950 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.284538031 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.285399914 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.285410881 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.382491112 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.383269072 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.383321047 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.383898973 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.383913040 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.386775017 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.386943102 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.387002945 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.387053967 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.387088060 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.387113094 CEST	49951	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.387126923 CEST	443	49951	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.390074968 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.390094042 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.390224934 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.390350103 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.390358925 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.412858009 CEST	49950	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.412919998 CEST	443	49950	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.415287018 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.415630102 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.415657043 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.416044950 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.416055918 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.481635094 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.481796980 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.481971025 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.481971025 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.481971025 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.484312057 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.484344006 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.484559059 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.484559059 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.484606028 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.516947985 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.517019033 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.517113924 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.517232895 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.517232895 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.517374039 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.517416954 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.517446995 CEST	49953	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.517462969 CEST	443	49953	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.520076036 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.520144939 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.520226002 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.520366907 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.520380974 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.588745117 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.589289904 CEST	49954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.589369059 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.589621067 CEST	49954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.589634895 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.689028978 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.689125061 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.689205885 CEST	49954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.689625978 CEST	49954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.689626932 CEST	49954	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.689692974 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.689733028 CEST	443	49954	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.692506075 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.692589998 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.692951918 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.692951918 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.693079948 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.761915922 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.762540102 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.762590885 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.762945890 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.762963057 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.788153887 CEST	49952	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.788187027 CEST	443	49952	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.829200983 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:47.829616070 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:47.829638004 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:47.830347061 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:47.830693960 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:47.830867052 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:47.830872059 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:47.830884933 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:47.830920935 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:47.863009930 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.863147020 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.863347054 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.863347054 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.863348007 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.866575003 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.866619110 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.866744995 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.866873026 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:47.866885900 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:47.880127907 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:48.025608063 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.026158094 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.026173115 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.026731968 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.026735067 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.127327919 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:48.127335072 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.127490044 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:48.127885103 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:48.127928972 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.127954006 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.128174067 CEST	49956	443	192.168.2.5	142.250.185.78
Oct 7, 2024 03:23:48.128199100 CEST	443	49956	142.250.185.78	192.168.2.5
Oct 7, 2024 03:23:48.128581047 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.128599882 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.130124092 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.130191088 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.130245924 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.130254030 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.130289078 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.130343914 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.130460978 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.130460978 CEST	49957	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.130470991 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.130477905 CEST	443	49957	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.133502960 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.133548975 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.133629084 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.133826971 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.133836985 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.160201073 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.160981894 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.161015987 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.161468983 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.161474943 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.178071976 CEST	49955	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.178121090 CEST	443	49955	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.227864981 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.228049994 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.228224039 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.228472948 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.228472948 CEST	49958	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.228494883 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.228507042 CEST	443	49958	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.231456041 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.231539011 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.231645107 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.231823921 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.231848955 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.258657932 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.258733034 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.258804083 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.258816957 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.258843899 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.258912086 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.258979082 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.258991957 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.259001017 CEST	49959	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.259006023 CEST	443	49959	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.261176109 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.261215925 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.261301994 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.261425018 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.261435986 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.345000029 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.345830917 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.345916033 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.346174955 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.346190929 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.444174051 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.445115089 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.445336103 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.445337057 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.445337057 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.447911024 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.447945118 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.448010921 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.448139906 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.448146105 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.540468931 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.540992975 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.541016102 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.541472912 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.541479111 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.643033028 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.643184900 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.643270016 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.643481970 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.643505096 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.643518925 CEST	49961	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.643526077 CEST	443	49961	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.647097111 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.647151947 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.647236109 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.647566080 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.647583961 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.756289005 CEST	49960	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.756351948 CEST	443	49960	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.812186956 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.812820911 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.812849045 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.813352108 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.813359976 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.872514009 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.873505116 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.873567104 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.874000072 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.874054909 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.903063059 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.903512001 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.903539896 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.903928995 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.903938055 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.916465998 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.916488886 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.916522026 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.916557074 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.916613102 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.916826010 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.916848898 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.916861057 CEST	49962	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.916867971 CEST	443	49962	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.919727087 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.919768095 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.920001030 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.920001030 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.920079947 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.971106052 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.971277952 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.971357107 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.971626997 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.971672058 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:48.971704960 CEST	49963	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:48.971720934 CEST	443	49963	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.001713037 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.001880884 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.001944065 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.064321041 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.064342022 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.064444065 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.064702988 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.064702988 CEST	49964	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.064733982 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.064753056 CEST	443	49964	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.067859888 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.067873955 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.071939945 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.071980000 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.072052956 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.072315931 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.072335005 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.091584921 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.094494104 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.094516039 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.102252007 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.102257967 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.198307991 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.198409081 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.198460102 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.198470116 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.198658943 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.198704958 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.204935074 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.204951048 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.204961061 CEST	49965	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.204965115 CEST	443	49965	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.213401079 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.213440895 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.213515043 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.213660002 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.213665962 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.286792994 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.287415981 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.287440062 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.287923098 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.287931919 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.390336990 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.390515089 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.390583992 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.390733957 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.390748978 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.390757084 CEST	49966	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.390760899 CEST	443	49966	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.393913984 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.393944979 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.394016981 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.394313097 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.394326925 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.582906961 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.583838940 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.583868980 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.584259987 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.584266901 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.682296991 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.682395935 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.682457924 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.682487011 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.682508945 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.682562113 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.686494112 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.686506987 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.686530113 CEST	49967	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.686537027 CEST	443	49967	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.689516068 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.689598083 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.689690113 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.689815998 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.689851046 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.707750082 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.708314896 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.708343983 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.708812952 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.708832979 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.747559071 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.748058081 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.748081923 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.748532057 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.748541117 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.806255102 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.806408882 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.806705952 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.806706905 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.806706905 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.809426069 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.809523106 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.809608936 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.809743881 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.809762955 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.852817059 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.852982044 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.853054047 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.853116035 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.853138924 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.853152037 CEST	49969	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.853158951 CEST	443	49969	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.855128050 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.856056929 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.856101036 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.856138945 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.856149912 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.856178999 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.856667042 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.856672049 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.856828928 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.856859922 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.952739954 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.953092098 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.953212976 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.953423023 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.953444958 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.953459978 CEST	49970	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.953466892 CEST	443	49970	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.956815004 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.956897020 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:49.957005024 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.957170963 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:49.957205057 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.021161079 CEST	49968	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.021176100 CEST	443	49968	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.046725035 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.048232079 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.048248053 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.048824072 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.048827887 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.147466898 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.147617102 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.147705078 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.147713900 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.147741079 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.147795916 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.147984028 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.147989035 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.147999048 CEST	49971	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.148001909 CEST	443	49971	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.151351929 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.151413918 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.151504040 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.151674032 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.151681900 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.367224932 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.368025064 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.368103981 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.368534088 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.368587017 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.472393990 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.472563028 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.472644091 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.472826958 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.472826958 CEST	49972	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.472868919 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.472896099 CEST	443	49972	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.476296902 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.477061033 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.477139950 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.477487087 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.477519035 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.477603912 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.477644920 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.477660894 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.477816105 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.477830887 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.521008015 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.521456957 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.521518946 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.522248030 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.522260904 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.578455925 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.578528881 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.578610897 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.578629017 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.578704119 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.578879118 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.578919888 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.578946114 CEST	49973	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.578960896 CEST	443	49973	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.581743002 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.581758976 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.581831932 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.581981897 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.581994057 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.606378078 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.606937885 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.607018948 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.607470989 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.607487917 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.623500109 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.623699903 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.623780966 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.623832941 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.623832941 CEST	49974	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.623861074 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.623883009 CEST	443	49974	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.626627922 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.626671076 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.626751900 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.626898050 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.626904964 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.705372095 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.705791950 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.705988884 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.706053972 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.706149101 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.706324100 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.706324100 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.706324100 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.706412077 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.710676908 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.710724115 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.710809946 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.711009026 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.711030006 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.805695057 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.806369066 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.806402922 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.806752920 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.806760073 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.905428886 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.905589104 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.905669928 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.905823946 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.905843019 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.905854940 CEST	49976	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.905863047 CEST	443	49976	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.908809900 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.908894062 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:50.908987999 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.909138918 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:50.909173965 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.006019115 CEST	49975	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.006082058 CEST	443	49975	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.143354893 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.143866062 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.143893003 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.144342899 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.144349098 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.244551897 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.244916916 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.245002031 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.245053053 CEST	49977	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.245068073 CEST	443	49977	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.248090029 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.248172998 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.248264074 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.248420000 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.248452902 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.255871058 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.256220102 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.256237030 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.260226965 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.260234118 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.288274050 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.291003942 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.291059971 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.291433096 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.291440010 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.358885050 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.359031916 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.359215975 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.382435083 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.382435083 CEST	49978	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.382448912 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.382458925 CEST	443	49978	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.388195992 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.388286114 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.388344049 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.388365030 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.388385057 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.388431072 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.391834974 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.416820049 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.416820049 CEST	49979	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.416841984 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.416851997 CEST	443	49979	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.420243979 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.420267105 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.420675993 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.420682907 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.424365044 CEST	49983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.424403906 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.424467087 CEST	49983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.426655054 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.426686049 CEST	443	49984	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.426742077 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.427270889 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.427288055 CEST	443	49984	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.458239079 CEST	49983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.458268881 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.521087885 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.521312952 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.521433115 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.553195953 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.553195953 CEST	49980	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.553225994 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.553236961 CEST	443	49980	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.568248034 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.568288088 CEST	443	49985	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.568392992 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.572225094 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.572258949 CEST	443	49985	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.575871944 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.579653025 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.579735041 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.583655119 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.583669901 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.686110973 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.686319113 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.686410904 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.689857006 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.689857960 CEST	49981	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.689901114 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.689928055 CEST	443	49981	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.704037905 CEST	49986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.704056978 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.704119921 CEST	49986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.704818010 CEST	49986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.704828978 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.888315916 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.889103889 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.889187098 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.889359951 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.889374971 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.986879110 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.987706900 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.987972975 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.987972975 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.987972975 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.990897894 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.990959883 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:51.991059065 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.991239071 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:51.991261005 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.080168009 CEST	443	49984	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.084697962 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.084717035 CEST	443	49984	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.085241079 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.085248947 CEST	443	49984	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.108485937 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.109334946 CEST	49983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.109358072 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.109810114 CEST	49983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.109817028 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.182027102 CEST	443	49984	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.184062004 CEST	443	49984	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.184246063 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.184246063 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.184246063 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.187053919 CEST	49988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.187088013 CEST	443	49988	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.187160969 CEST	49988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.187282085 CEST	49988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.187297106 CEST	443	49988	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.216778040 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.216933966 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.217287064 CEST	49983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.217515945 CEST	49983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.217515945 CEST	49983	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.217526913 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.217535973 CEST	443	49983	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.219527006 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.219616890 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.219712973 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.219856977 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.219904900 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.223874092 CEST	443	49985	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.224436045 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.224447966 CEST	443	49985	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.224894047 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.224900007 CEST	443	49985	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.302270889 CEST	49982	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.302294016 CEST	443	49982	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.321044922 CEST	443	49985	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.321341991 CEST	443	49985	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.321532965 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.321532965 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.321532965 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.324616909 CEST	49990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.324656010 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.324773073 CEST	49990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.324970007 CEST	49990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.324996948 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.362186909 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.363089085 CEST	49986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.363105059 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.363497019 CEST	49986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.363501072 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.460403919 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.460649014 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.460714102 CEST	49986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.460750103 CEST	49986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.460757017 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.460768938 CEST	49986	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.460772991 CEST	443	49986	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.463598967 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.463634014 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.463803053 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.463949919 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.463963985 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.489576101 CEST	49984	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.489597082 CEST	443	49984	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.536501884 CEST	49985	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.536508083 CEST	443	49985	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.642112970 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.642699957 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.642718077 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.643218040 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.643224955 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.741339922 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.741374016 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.741419077 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.741466999 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.741518974 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.741786003 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.741802931 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.741813898 CEST	49987	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.741821051 CEST	443	49987	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.745090008 CEST	49992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.745119095 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.745217085 CEST	49992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.745376110 CEST	49992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.745392084 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.856553078 CEST	443	49988	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.857530117 CEST	49988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.857542038 CEST	443	49988	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.857974052 CEST	49988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.857980013 CEST	443	49988	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.888914108 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.889252901 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.889280081 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.889606953 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.889620066 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.958334923 CEST	443	49988	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.958544970 CEST	443	49988	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.958725929 CEST	49988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.958725929 CEST	49988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.958760023 CEST	49988	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.958776951 CEST	443	49988	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.961987019 CEST	49993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.962047100 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.962121964 CEST	49993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.962246895 CEST	49993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.962265015 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.968741894 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.969228029 CEST	49990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.969263077 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.969620943 CEST	49990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.969633102 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.990422010 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.990521908 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.990576029 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.990597963 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.990628004 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.990683079 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.990755081 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.990781069 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.990804911 CEST	49989	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.990818977 CEST	443	49989	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.993277073 CEST	49994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.993299961 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:52.993365049 CEST	49994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.993515968 CEST	49994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:52.993540049 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.068171978 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.068363905 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.068429947 CEST	49990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.068514109 CEST	49990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.068526983 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.068556070 CEST	49990	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.068567038 CEST	443	49990	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.072479010 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.072504044 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.072571993 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.072715998 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.072730064 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.103032112 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.103434086 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.103449106 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.103964090 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.103967905 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.200992107 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.201078892 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.201180935 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.201234102 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.201399088 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.201399088 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.201457977 CEST	49991	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.201478004 CEST	443	49991	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.204371929 CEST	49996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.204405069 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.204490900 CEST	49996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.204653025 CEST	49996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.204677105 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.645056009 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.645140886 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.645574093 CEST	49993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.645600080 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.646081924 CEST	49993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.646087885 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.647038937 CEST	49994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.647053957 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.647404909 CEST	49994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.647408962 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.728965044 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.729443073 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.729460955 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.731152058 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.731158972 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.745918036 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.746057987 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.746134043 CEST	49994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.746313095 CEST	49994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.746331930 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.746361017 CEST	49994	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.746366978 CEST	443	49994	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.749331951 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.749543905 CEST	49997	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.749557972 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.749623060 CEST	49993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.749670029 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.749752045 CEST	49997	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.749931097 CEST	49997	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.749953985 CEST	49993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.749959946 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.749965906 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.749973059 CEST	49993	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.749977112 CEST	443	49993	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.752388000 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.752414942 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.752491951 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.753426075 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.753448963 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.845232010 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.845987082 CEST	49996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.846048117 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.846354008 CEST	49996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.846369028 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.865401983 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.865474939 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.865555048 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.865586042 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.865613937 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.865664005 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.867753029 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.867753029 CEST	49995	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.867785931 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.867820024 CEST	443	49995	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.871500969 CEST	49999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.871584892 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.871687889 CEST	49999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.872134924 CEST	49999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.872217894 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.943290949 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.943761110 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.944020987 CEST	49996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.957221985 CEST	49996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.957221985 CEST	49996	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.957288980 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.957324982 CEST	443	49996	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.991745949 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.991831064 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:53.991945028 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.992105007 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:53.992141008 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.406395912 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.407345057 CEST	49997	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.407435894 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.407896042 CEST	49997	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.407911062 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.420963049 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.421235085 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.421267986 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.421549082 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.421560049 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.507812977 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.507961035 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.508049965 CEST	49997	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.508363008 CEST	49997	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.508407116 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.508434057 CEST	49997	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.508450031 CEST	443	49997	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.508645058 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.509094000 CEST	49999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.509170055 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.509618998 CEST	49999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.509634018 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.511670113 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.511717081 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.511789083 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.511908054 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.511933088 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.524194002 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.524243116 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.524302006 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.524322033 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.524360895 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.524421930 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.524502993 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.524521112 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.524543047 CEST	49998	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.524554014 CEST	443	49998	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.526670933 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.526684999 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.526751041 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.526878119 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.526890993 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.606468916 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.606604099 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.606722116 CEST	49999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.606935024 CEST	49999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.606981039 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.607011080 CEST	49999	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.607026100 CEST	443	49999	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.609014988 CEST	50003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.609055042 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.609137058 CEST	50003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.609261036 CEST	50003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.609277010 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.673548937 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.674134016 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.674176931 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.674499989 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.674526930 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.779715061 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.779752016 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.779838085 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.779845953 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.779901028 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.780183077 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.780226946 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.780257940 CEST	50000	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.780273914 CEST	443	50000	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.783623934 CEST	50004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.783643961 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:54.783742905 CEST	50004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.783917904 CEST	50004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:54.783931971 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.174736023 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.175355911 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.175393105 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.175837994 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.175846100 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.191095114 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.191581964 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.191595078 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.191951990 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.191961050 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.250020981 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.250386000 CEST	50003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.250427008 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.250745058 CEST	50003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.250758886 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.272742033 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.272795916 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.272851944 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.272867918 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.273068905 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.273112059 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.273139954 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.273154020 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.273165941 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.273180008 CEST	50002	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.273185015 CEST	443	50002	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.276164055 CEST	50005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.276217937 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.276298046 CEST	50005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.276437044 CEST	50005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.276456118 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.295037985 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.295097113 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.295150042 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.295162916 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.295217991 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.295280933 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.295473099 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.295485973 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.295526028 CEST	50001	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.295532942 CEST	443	50001	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.297372103 CEST	50006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.297383070 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.297454119 CEST	50006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.297569036 CEST	50006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.297585011 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.350766897 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.350804090 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.350847960 CEST	50003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.350878954 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.350953102 CEST	50003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.350965023 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.350977898 CEST	50003	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.350982904 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.351037025 CEST	443	50003	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.352552891 CEST	50007	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.352585077 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.352643967 CEST	50007	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.352736950 CEST	50007	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.352747917 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.436036110 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.437973976 CEST	50004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.437984943 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.438596010 CEST	50004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.438601017 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.536242962 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.536403894 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.536499977 CEST	50004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.537225962 CEST	50004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.537240982 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.537250996 CEST	50004	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.537255049 CEST	443	50004	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.544401884 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.544464111 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.544574022 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.544789076 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.544797897 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.681232929 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:55.681266069 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:55.681344032 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:55.681694031 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:55.681704998 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:55.926090956 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.926634073 CEST	50005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.926671028 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.926981926 CEST	50005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.926990986 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.936264038 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.936572075 CEST	50006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.936580896 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:55.937004089 CEST	50006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:55.937009096 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.003635883 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.003988028 CEST	50007	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.004003048 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.004369974 CEST	50007	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.004375935 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.026952028 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.027117014 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.027178049 CEST	50005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.027335882 CEST	50005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.027354956 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.027365923 CEST	50005	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.027373075 CEST	443	50005	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.030658960 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.030740976 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.030831099 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.030946970 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.030980110 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.041960001 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.042104959 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.042156935 CEST	50006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.042182922 CEST	50006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.042191029 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.042201996 CEST	50006	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.042207003 CEST	443	50006	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.044357061 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.044405937 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.044461966 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.044559002 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.044579029 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.103029013 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.103247881 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.103313923 CEST	50007	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.103400946 CEST	50007	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.103415012 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.103426933 CEST	50007	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.103430986 CEST	443	50007	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.106448889 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.106554985 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.106637001 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.106775045 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.106812000 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.208883047 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.210577965 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.210633039 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.211036921 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.211054087 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.311778069 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.311837912 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.311997890 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.312010050 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.312083960 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.312354088 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.312397003 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.312423944 CEST	50008	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.312438011 CEST	443	50008	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.315810919 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.315855980 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.316097975 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.316152096 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.316167116 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.387068033 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.387330055 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.388783932 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.388839960 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.389427900 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.397103071 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.399555922 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.399928093 CEST	49992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.399966002 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.400338888 CEST	49992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.400347948 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.443449974 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.497828960 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.498101950 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.498200893 CEST	49992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.498282909 CEST	49992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.498305082 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.498318911 CEST	49992	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.498326063 CEST	443	49992	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.501534939 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.501553059 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.501641035 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.501796961 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.501811981 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.653708935 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.653769970 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.653821945 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.653872013 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.653928995 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.653963089 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.653991938 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.654391050 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.654458046 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.654469013 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.654510021 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.654530048 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.654602051 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.654650927 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.657809973 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.657819986 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.657830954 CEST	50009	443	192.168.2.5	20.109.210.53
Oct 7, 2024 03:23:56.657835007 CEST	443	50009	20.109.210.53	192.168.2.5
Oct 7, 2024 03:23:56.682698011 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.683140993 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.683216095 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.683527946 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.683542013 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.727746010 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.728240967 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.728271008 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.728668928 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.728674889 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.758409977 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.758872032 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.758939028 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.759335995 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.759355068 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.783319950 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.783416033 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.783494949 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.783518076 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.783545971 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.783606052 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.783663988 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.783695936 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.783720970 CEST	50010	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.783734083 CEST	443	50010	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.787067890 CEST	50015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.787141085 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.787226915 CEST	50015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.787375927 CEST	50015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.787420988 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.841294050 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.841351986 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.841393948 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.841435909 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.841481924 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.841514111 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.841546059 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.859620094 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.859667063 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.859781027 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.859817028 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.859843969 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.859909058 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.859978914 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.859980106 CEST	50012	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.860008955 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.860029936 CEST	443	50012	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.862422943 CEST	50016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.862437010 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.862514019 CEST	50016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.862653971 CEST	50016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.862659931 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.932001114 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.932127953 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.932152987 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.932204008 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.932307959 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.932357073 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.932387114 CEST	50011	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.932400942 CEST	443	50011	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.935084105 CEST	50017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.935123920 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.935213089 CEST	50017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.935357094 CEST	50017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.935374022 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.962702990 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.965182066 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.965225935 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:56.965663910 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:56.965672970 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.065064907 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.065123081 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.065165043 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.065200090 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.065218925 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.065243959 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.065262079 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.140798092 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.141396999 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.141405106 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.142112017 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.142116070 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.151269913 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.151350975 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.151355028 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.151417017 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.151442051 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.151463032 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.151465893 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.151556015 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.151560068 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.151573896 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.151609898 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.151664019 CEST	50013	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.151674032 CEST	443	50013	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.156330109 CEST	50018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.156343937 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.156428099 CEST	50018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.156563044 CEST	50018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.156573057 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.238892078 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.238909960 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.239020109 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.239028931 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.239067078 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.239350080 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.239377975 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.239382029 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.239447117 CEST	50014	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.239470005 CEST	443	50014	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.243810892 CEST	50019	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.243901014 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.243980885 CEST	50019	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.244154930 CEST	50019	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.244193077 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.425781012 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.426388025 CEST	50015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.426430941 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.426959038 CEST	50015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.426970959 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.497704983 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.498289108 CEST	50016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.498356104 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.498821020 CEST	50016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.498832941 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.523610115 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.523658037 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.523761988 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.523855925 CEST	50015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.523907900 CEST	50015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.523943901 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.523967981 CEST	50015	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.523982048 CEST	443	50015	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.526918888 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.526979923 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.527075052 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.527223110 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.527254105 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.581962109 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.585261106 CEST	50017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.585273027 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.585763931 CEST	50017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.585768938 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.596754074 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.597022057 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.597148895 CEST	50016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.598131895 CEST	50016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.598153114 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.598175049 CEST	50016	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.598186016 CEST	443	50016	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.602884054 CEST	50021	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.602955103 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.603039980 CEST	50021	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.603177071 CEST	50021	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.603223085 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.681399107 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.681464911 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.681571007 CEST	50017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.681891918 CEST	50017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.681891918 CEST	50017	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.681905031 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.681914091 CEST	443	50017	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.684642076 CEST	50022	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.684727907 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.685288906 CEST	50022	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.685467958 CEST	50022	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.685503006 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.828445911 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.829133987 CEST	50018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.829149961 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.829627991 CEST	50018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.829632998 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.882929087 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.885581970 CEST	50019	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.885631084 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.885865927 CEST	50019	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.885879040 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.933573961 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.933674097 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.933748007 CEST	50018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.933958054 CEST	50018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.933964014 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.933976889 CEST	50018	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.933980942 CEST	443	50018	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.936830997 CEST	50023	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.936894894 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.936985016 CEST	50023	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.937104940 CEST	50023	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.937131882 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.980971098 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.981465101 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.981609106 CEST	50019	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.981952906 CEST	50019	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.981952906 CEST	50019	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.981987953 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.982011080 CEST	443	50019	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.985436916 CEST	50024	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.985459089 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:57.985532045 CEST	50024	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.985836983 CEST	50024	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:57.985848904 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.166925907 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.167764902 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.167830944 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.168171883 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.168190002 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.248498917 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.249286890 CEST	50021	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.249344110 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.249638081 CEST	50021	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.249650955 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.265693903 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.265760899 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.265855074 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.266017914 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.266017914 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.266217947 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.266218901 CEST	50020	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.266254902 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.266275883 CEST	443	50020	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.349648952 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.349742889 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.349817038 CEST	50021	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.350372076 CEST	50021	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.350405931 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.350431919 CEST	50021	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.350445032 CEST	443	50021	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.351061106 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.351922035 CEST	50022	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.351952076 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.352344036 CEST	50022	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.352354050 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.453104973 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.453475952 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.453727007 CEST	50022	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.453891993 CEST	50022	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.453891993 CEST	50022	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.453915119 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.453937054 CEST	443	50022	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.587559938 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.594561100 CEST	50023	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.594610929 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.598542929 CEST	50023	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.598555088 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.659975052 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.671406031 CEST	50024	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.671432972 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.677994013 CEST	50024	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.678004026 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.694272995 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.694359064 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.694638968 CEST	50023	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.694725037 CEST	50023	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.694725037 CEST	50023	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.694777012 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.694807053 CEST	443	50023	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.778604031 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.778647900 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.778820038 CEST	50024	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.779191971 CEST	50024	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.779191971 CEST	50024	443	192.168.2.5	13.107.246.45
Oct 7, 2024 03:23:58.779253960 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:23:58.779280901 CEST	443	50024	13.107.246.45	192.168.2.5
Oct 7, 2024 03:24:07.923917055 CEST	50026	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:24:07.923958063 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:07.924078941 CEST	50026	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:24:07.924582958 CEST	50026	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:24:07.924597979 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:08.555985928 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:08.556354046 CEST	50026	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:24:08.556385040 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:08.557075977 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:08.557516098 CEST	50026	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:24:08.557785034 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:08.599404097 CEST	50026	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:24:14.657805920 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:14.657907009 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:14.657980919 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:14.658287048 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:14.658324957 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:15.291924953 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:15.294075012 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:15.294128895 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:15.294519901 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:15.295161009 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:15.295238018 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:15.295362949 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:15.295429945 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:15.295442104 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:15.592556000 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:15.592992067 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:15.593174934 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:15.593293905 CEST	50027	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:15.593331099 CEST	443	50027	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:17.446417093 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:17.446455002 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:17.446667910 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:17.446894884 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:17.446914911 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.079248905 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.079906940 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:18.079941988 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.080893993 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.081202984 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:18.081351042 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.081392050 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:18.081418991 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:18.081444025 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.296415091 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.296814919 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.296880960 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:18.297007084 CEST	50029	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:18.297024012 CEST	443	50029	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:18.469842911 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:18.469989061 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:18.470045090 CEST	50026	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:24:31.975567102 CEST	50026	443	192.168.2.5	142.250.186.132
Oct 7, 2024 03:24:31.975598097 CEST	443	50026	142.250.186.132	192.168.2.5
Oct 7, 2024 03:24:44.978146076 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:44.978283882 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:44.978404999 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:44.978822947 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:44.978853941 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:45.625117064 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:45.625767946 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:45.625845909 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:45.626595020 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:45.627157927 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:45.627288103 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:45.627289057 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:45.627295971 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:45.627357960 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:45.677283049 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:45.844522953 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:45.845021963 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:45.845443010 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:45.845443010 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:46.145756960 CEST	50031	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:46.145831108 CEST	443	50031	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.007864952 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.007965088 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.008081913 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.008506060 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.008543015 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.656172991 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.656980991 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.657007933 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.657731056 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.658148050 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.658236980 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.658353090 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.658376932 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.658387899 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.957283974 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.961824894 CEST	443	50032	142.250.185.238	192.168.2.5
Oct 7, 2024 03:24:48.961949110 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.962115049 CEST	50032	443	192.168.2.5	142.250.185.238
Oct 7, 2024 03:24:48.962157965 CEST	443	50032	142.250.185.238	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 03:23:03.588009119 CEST	51425	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:03.588514090 CEST	58572	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:03.594717026 CEST	53	51425	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:03.595437050 CEST	53	58572	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:03.596949100 CEST	53	51002	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:03.617789984 CEST	53	59919	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:04.533962965 CEST	57156	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:04.534310102 CEST	62925	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:04.540472031 CEST	53	57156	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:04.540899038 CEST	53	62925	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:04.600227118 CEST	53	60317	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:07.871279001 CEST	49698	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:07.871417046 CEST	50626	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:07.878012896 CEST	53	50626	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:07.878120899 CEST	53	49698	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:08.138078928 CEST	53	64067	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:10.193233967 CEST	53	52993	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:12.931190014 CEST	53071	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:12.931458950 CEST	50514	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:12.938060045 CEST	53	53071	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:12.939963102 CEST	53	50514	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:13.972273111 CEST	58927	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:13.972526073 CEST	51136	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:23:13.978965044 CEST	53	58927	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:13.979353905 CEST	53	51136	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:21.641434908 CEST	53	51694	1.1.1.1	192.168.2.5
Oct 7, 2024 03:23:40.700896978 CEST	53	52305	1.1.1.1	192.168.2.5
Oct 7, 2024 03:24:03.126060009 CEST	53	51690	1.1.1.1	192.168.2.5
Oct 7, 2024 03:24:03.832041025 CEST	53	55346	1.1.1.1	192.168.2.5
Oct 7, 2024 03:24:14.649713039 CEST	61716	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:24:14.649857044 CEST	51543	53	192.168.2.5	1.1.1.1
Oct 7, 2024 03:24:14.657135963 CEST	53	61716	1.1.1.1	192.168.2.5
Oct 7, 2024 03:24:14.657186985 CEST	53	51543	1.1.1.1	192.168.2.5
Oct 7, 2024 03:24:14.878402948 CEST	53	52980	1.1.1.1	192.168.2.5
Oct 7, 2024 03:24:31.982913017 CEST	53	49745	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 03:23:03.588009119 CEST	192.168.2.5	1.1.1.1	0xffc3	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:03.588514090 CEST	192.168.2.5	1.1.1.1	0xaa7f	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 03:23:04.533962965 CEST	192.168.2.5	1.1.1.1	0x234a	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.534310102 CEST	192.168.2.5	1.1.1.1	0xf64d	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 03:23:07.871279001 CEST	192.168.2.5	1.1.1.1	0xa973	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:07.871417046 CEST	192.168.2.5	1.1.1.1	0x5f49	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 03:23:12.931190014 CEST	192.168.2.5	1.1.1.1	0x5645	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:12.931458950 CEST	192.168.2.5	1.1.1.1	0xa4db	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 03:23:13.972273111 CEST	192.168.2.5	1.1.1.1	0xdad1	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:13.972526073 CEST	192.168.2.5	1.1.1.1	0x31c4	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 03:24:14.649713039 CEST	192.168.2.5	1.1.1.1	0x95db	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:24:14.649857044 CEST	192.168.2.5	1.1.1.1	0xe531	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 03:23:03.594717026 CEST	1.1.1.1	192.168.2.5	0xffc3	No error (0)	youtube.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:03.595437050 CEST	1.1.1.1	192.168.2.5	0xaa7f	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540472031 CEST	1.1.1.1	192.168.2.5	0x234a	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540899038 CEST	1.1.1.1	192.168.2.5	0xf64d	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 03:23:04.540899038 CEST	1.1.1.1	192.168.2.5	0xf64d	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 03:23:07.878012896 CEST	1.1.1.1	192.168.2.5	0x5f49	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 03:23:07.878120899 CEST	1.1.1.1	192.168.2.5	0xa973	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:12.938060045 CEST	1.1.1.1	192.168.2.5	0x5645	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 03:23:12.938060045 CEST	1.1.1.1	192.168.2.5	0x5645	No error (0)	www3.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:23:12.939963102 CEST	1.1.1.1	192.168.2.5	0xa4db	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 03:23:13.978965044 CEST	1.1.1.1	192.168.2.5	0xdad1	No error (0)	play.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 03:24:14.657135963 CEST	1.1.1.1	192.168.2.5	0x95db	No error (0)	play.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

accounts.youtube.com

play.google.com

www.google.com

www.bing.com

otelrules.azureedge.net

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49705	142.250.185.238	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:04 UTC	867	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 01:23:04 UTC	1704	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 01:23:04 GMT Date: Mon, 07 Oct 2024 01:23:04 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Server: ESF Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49710	142.250.185.206	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:05 UTC	885	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 01:23:05 UTC	2634	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 01:23:05 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 01:53:05 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=2EaaETDpZ5w; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=8hKm3sM4sjQ; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 01:23:05 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgNQ%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 01:23:05 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:08 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 01:23:09 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=228154 Date: Mon, 07 Oct 2024 01:23:08 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49721	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:10 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 01:23:10 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=228088 Date: Mon, 07 Oct 2024 01:23:10 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 01:23:10 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49732	216.58.212.174	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:13 UTC	1252	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1028665308&timestamp=1728264192218 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 01:23:13 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-y2OHJDBhe67Az_J_2MWXsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 01:23:13 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw0pBikPj6kkkLiJ3SZ7CGAHHSv_OsJUB8ufsS63UgVu25xGoOxEUSV1hbgFiIh6PxQ88ONoEDC6_8YlLSS8ovjM9MSc0rySypTMnPTczMS87Pz85MLS5OLSpLLYo3MjAyMbA0stQzsIgvMAAA5X4tqA" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 37 36 31 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 79 32 4f 48 4a 44 42 68 65 36 37 41 7a 5f 4a 5f 32 4d 57 58 73 41 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 7615<html><head><script nonce="y2OHJDBhe67Az_J_2MWXsA">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
2024-10-07 01:23:13 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49736	142.250.185.78	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:14 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 01:23:14 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 01:23:14 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49737	142.250.185.78	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:14 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 01:23:15 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 01:23:14 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49740	142.250.185.78	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:15 UTC	1140	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 518 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 01:23:15 UTC	518	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 36 34 31 39 33 32 37 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728264193270",null,null,null
2024-10-07 01:23:16 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=v-JTgGnTasHbNjP3nl_ekuTFYF2TW2rCtzXViT8pNxQezS8XrhWh-P6pA0Ujdk_2nDHDhi6GM_FsOANO9LUU2iqcZ1m6R-jexDRLB6n0NFMraZe4EScmwQLmNRggjP1CS9QYdUDRZ3rwn99AAwDWe0AKZ-6x_8JtKYV35uPiLB6awtX412k; expires=Tue, 08-Apr-2025 01:23:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 01:23:15 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 01:23:15 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 01:23:16 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 01:23:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49741	142.250.185.78	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:15 UTC	1140	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 01:23:15 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 36 34 31 39 33 33 36 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728264193361",null,null,null
2024-10-07 01:23:16 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=dGD3AuXvJl4sSBU8kgkuMqi0-YXoJlyVvb24GH8e9EvgHO6wOIuSD9CjYYJ34DkVCcz-7T2Rg68kMi0pAUyL2uhU63H0DMDdryocHTQyLEwQYQ8msd0Y8QRzUbbifzWHsDUsT-m8QPCimg5dHKhhrVgBSt8fhlsH0z_mrjVrnwC4kpzA0w; expires=Tue, 08-Apr-2025 01:23:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 01:23:15 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 01:23:15 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 01:23:16 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 01:23:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:15 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:16 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:16 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 04 Oct 2024 23:21:50 GMT ETag: "0x8DCE4CB535A72FA" x-ms-request-id: 4dad204e-401e-005b-4bf5-169c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012316Z-1657d5bbd48vlsxxpe15ac3q7n00000002u0000000005yt8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:16 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 01:23:16 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49715	142.250.186.132	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:16 UTC	1229	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=dGD3AuXvJl4sSBU8kgkuMqi0-YXoJlyVvb24GH8e9EvgHO6wOIuSD9CjYYJ34DkVCcz-7T2Rg68kMi0pAUyL2uhU63H0DMDdryocHTQyLEwQYQ8msd0Y8QRzUbbifzWHsDUsT-m8QPCimg5dHKhhrVgBSt8fhlsH0z_mrjVrnwC4kpzA0w
2024-10-07 01:23:17 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 00:35:07 GMT Expires: Tue, 15 Oct 2024 00:35:07 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 2890 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 01:23:17 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 01:23:17 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 01:23:17 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 01:23:17 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 01:23:17 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	49748	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:17 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:17 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012317Z-1657d5bbd48vhs7r2p1ky7cs5w0000000340000000009b0s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:17 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:17 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:17 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b27588a3-a01e-003d-6001-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012317Z-1657d5bbd48tnj6wmberkg2xy800000002rg00000000zpct x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:17 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:17 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:17 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c62b5fc1-401e-0067-3a60-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012317Z-1657d5bbd48f7nlxc7n5fnfzh000000002dg00000000dq17 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:17 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49747	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:17 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:17 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012317Z-1657d5bbd48gqrfwecymhhbfm800000001r0000000000tfg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:17 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49746	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:17 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:17 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012317Z-1657d5bbd48sqtlf1huhzuwq7000000002g000000000ebax x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:17 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:18 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:18 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012318Z-1657d5bbd48f7nlxc7n5fnfzh000000002e000000000btw6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:18 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	49756	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:18 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:18 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012318Z-1657d5bbd48qjg85buwfdynm5w00000002zg000000000cgh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:18 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:18 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:18 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012318Z-1657d5bbd48gqrfwecymhhbfm800000001r0000000000tkx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:18 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:18 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:18 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012318Z-1657d5bbd48xsz2nuzq4vfrzg800000002qg000000007hsg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:18 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49752	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:18 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KndhTZvVLl+B8kv&MD=L2CfmmXy HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 01:23:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 6348a96c-a966-4149-8eff-a2031437620d MS-RequestId: 3a5b3b8e-c582-4374-b2c7-6f6f2d608d65 MS-CV: ZJGRRjQTrEuhyGpZ.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 01:23:17 GMT Connection: close Content-Length: 24490
2024-10-07 01:23:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 01:23:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:18 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:18 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012318Z-1657d5bbd48lknvp09v995n79000000002b000000000qgbu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:18 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:19 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012319Z-1657d5bbd48brl8we3nu8cxwgn000000033g00000000cpx7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:19 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:19 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012319Z-1657d5bbd48p2j6x2quer0q0280000000330000000000ebw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:19 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:19 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012319Z-1657d5bbd487nf59mzf5b3gk8n000000029g00000000uteh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:19 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:19 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012319Z-1657d5bbd48dfrdj7px744zp8s00000002kg000000007yba x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:19 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:19 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:19 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012319Z-1657d5bbd48q6t9vvmrkd293mg00000002sg00000000c1sg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:19 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:19 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:19 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012319Z-1657d5bbd48tqvfc1ysmtbdrg000000002s0000000001ary x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:19 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:19 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:19 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012319Z-1657d5bbd48vlsxxpe15ac3q7n00000002rg00000000f8fu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:19 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:19 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:19 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012319Z-1657d5bbd48762wn1qw4s5sd3000000002h000000000vxkr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:19 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:20 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:20 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012320Z-1657d5bbd48qjg85buwfdynm5w00000002w000000000dhgs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:20 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.5	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:20 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:20 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012320Z-1657d5bbd48xdq5dkwwugdpzr0000000030g00000000qnwd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:20 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:20 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:20 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012320Z-1657d5bbd48jwrqbupe3ktsx9w00000002w000000000vdp9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:20 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.5	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:20 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:20 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012320Z-1657d5bbd48brl8we3nu8cxwgn000000033000000000dmnx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:20 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.5	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:20 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:20 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:20 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012320Z-1657d5bbd48brl8we3nu8cxwgn000000032000000000gfq2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:20 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:20 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:20 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012320Z-1657d5bbd48vhs7r2p1ky7cs5w000000030000000000tr9k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:21 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:21 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:21 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012321Z-1657d5bbd48gqrfwecymhhbfm800000001k000000000kw76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:21 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.5	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:21 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:21 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012321Z-1657d5bbd48lknvp09v995n79000000002g0000000003ugn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:21 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.5	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:21 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:21 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012321Z-1657d5bbd487nf59mzf5b3gk8n00000002c000000000hc4s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:21 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.5	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:21 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:21 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012321Z-1657d5bbd48vhs7r2p1ky7cs5w000000031000000000p3p7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:21 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.5	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:21 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:21 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012321Z-1657d5bbd48cpbzgkvtewk0wu000000002v000000000g0bk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:21 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.5	49784	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:21 UTC	2100	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1728264169002&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-10-07 01:23:21 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-10-07 01:23:21 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-10-07 01:23:21 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 3A9AD0D9A7654668A26656D20F26483D Ref B: LAX311000115051 Ref C: 2024-10-07T01:23:21Z Date: Mon, 07 Oct 2024 01:23:21 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.2ced0117.1728264201.55d24e15

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.5	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:21 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:21 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 688d2aae-a01e-0084-3466-179ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012321Z-1657d5bbd48gqrfwecymhhbfm800000001fg00000000vegp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:22 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.5	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:22 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 10df1352-f01e-00aa-105a-178521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012322Z-1657d5bbd4824mj9d6vp65b6n4000000030000000000b65r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:22 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.5	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:22 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012322Z-1657d5bbd48dfrdj7px744zp8s00000002f000000000qkqp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:22 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.5	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:22 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012322Z-1657d5bbd482tlqpvyz9e93p5400000002vg00000000dap1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:22 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.5	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:22 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 92e59db7-001e-002b-6700-1799f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012322Z-1657d5bbd48wd55zet5pcra0cg00000002r000000000h11w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:22 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49790	142.250.185.78	443	2472	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	1314	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1218 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCI/KzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=dGD3AuXvJl4sSBU8kgkuMqi0-YXoJlyVvb24GH8e9EvgHO6wOIuSD9CjYYJ34DkVCcz-7T2Rg68kMi0pAUyL2uhU63H0DMDdryocHTQyLEwQYQ8msd0Y8QRzUbbifzWHsDUsT-m8QPCimg5dHKhhrVgBSt8fhlsH0z_mrjVrnwC4kpzA0w
2024-10-07 01:23:22 UTC	1218	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 32 36 34 31 39 31 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728264191000",null,null,null,
2024-10-07 01:23:22 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=xiBahR429-Bkti6arprOvwN6k9rzGheaU6o4ymUXhqQEXqL1SQx2HYa-33dDG1YueYAD3XFf2gzyjFDHIpQrEV0tt5baf04UcD2G2JMmw41Q8ECeRD0IwGXrxUbpLoeadSsUtrXh-bzEjA4oWwc0RfG8AFmQu_lwJ1pOB8rZpu9k1juh3M_zWL6FUQ; expires=Tue, 08-Apr-2025 01:23:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 01:23:22 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 01:23:22 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 01:23:22 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 01:23:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.5	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:22 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012322Z-1657d5bbd48qjg85buwfdynm5w00000002w000000000dhnv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:22 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.5	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:22 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012322Z-1657d5bbd48q6t9vvmrkd293mg00000002ug000000004x5y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:22 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.5	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:22 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012322Z-1657d5bbd48sqtlf1huhzuwq7000000002m0000000003x42 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:22 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.5	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:22 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:23 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012323Z-1657d5bbd48wd55zet5pcra0cg00000002ug0000000059y9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:23 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:23 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:23 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 11b227e2-601e-0002-7f6b-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012323Z-1657d5bbd482lxwq1dp2t1zwkc00000002f000000000p7gv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:23 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.5	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:23 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:23 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 1be548a6-001e-00a2-4166-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012323Z-1657d5bbd48gqrfwecymhhbfm800000001kg00000000gz02 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:23 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.5	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:23 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:23 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012323Z-1657d5bbd48t66tjar5xuq22r800000002ug0000000053rn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:23 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.5	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:23 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:23 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 678daa67-201e-00aa-3f60-173928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012323Z-1657d5bbd48dfrdj7px744zp8s00000002m0000000005u78 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:23 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.5	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:23 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:23 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5e879109-c01e-00a2-3e73-172327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012323Z-1657d5bbd48tqvfc1ysmtbdrg000000002pg00000000a0ud x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:23 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.5	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:23 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:24 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012324Z-1657d5bbd48sdh4cyzadbb374800000002rg0000000012by x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:24 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.5	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:24 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:24 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012324Z-1657d5bbd48brl8we3nu8cxwgn00000002zg00000000ucky x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:24 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.5	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:24 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:24 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012324Z-1657d5bbd48dfrdj7px744zp8s00000002ng000000000wrt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:24 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.5	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:24 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:24 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 04801829-801e-00ac-6301-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012324Z-1657d5bbd48sdh4cyzadbb374800000002q0000000006p03 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:24 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.5	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:24 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:24 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012324Z-1657d5bbd48sqtlf1huhzuwq7000000002k00000000086cz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:24 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.5	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:24 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:24 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012324Z-1657d5bbd48xlwdx82gahegw4000000002zg00000000dd0k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:24 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.5	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:24 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:25 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012325Z-1657d5bbd48tqvfc1ysmtbdrg000000002pg00000000a0wh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:25 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.5	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:25 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:25 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012325Z-1657d5bbd482krtfgrg72dfbtn00000002f000000000m12b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:25 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.5	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:25 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:25 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 27cd2a1a-001e-0046-1b08-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012325Z-1657d5bbd4824mj9d6vp65b6n400000002w000000000vvf8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:25 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.5	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:25 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:25 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 938e68e0-901e-0029-0160-17274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012325Z-1657d5bbd48lknvp09v995n79000000002dg00000000breu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:25 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.5	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:25 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:25 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:25 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012325Z-1657d5bbd48f7nlxc7n5fnfzh000000002c000000000kv0r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:25 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.5	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:25 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:25 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012325Z-1657d5bbd48gqrfwecymhhbfm800000001h000000000p4qk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.5	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:25 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:26 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012326Z-1657d5bbd482lxwq1dp2t1zwkc00000002n0000000002hz6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.5	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:25 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:26 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012326Z-1657d5bbd48762wn1qw4s5sd3000000002q00000000094rt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:26 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:26 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012326Z-1657d5bbd48t66tjar5xuq22r800000002rg00000000gcmm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.5	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:26 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:26 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012326Z-1657d5bbd48762wn1qw4s5sd3000000002m000000000nfe0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.5	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:26 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:26 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012326Z-1657d5bbd48q6t9vvmrkd293mg00000002w00000000000xg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.5	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:26 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:26 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012326Z-1657d5bbd482lxwq1dp2t1zwkc00000002dg00000000vpaf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.5	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:26 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:26 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012326Z-1657d5bbd48tqvfc1ysmtbdrg000000002gg00000000xq6c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.5	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:26 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:26 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012326Z-1657d5bbd48t66tjar5xuq22r800000002vg000000001q6u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:26 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.5	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:27 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:27 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012327Z-1657d5bbd48xlwdx82gahegw4000000002vg00000000xnf8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:27 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.5	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:27 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:27 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012327Z-1657d5bbd4824mj9d6vp65b6n400000002w000000000vvmc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:27 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.5	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:27 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:27 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012327Z-1657d5bbd48xdq5dkwwugdpzr00000000360000000002tvm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:27 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.5	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:27 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:27 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: bfab55ab-401e-0015-6202-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012327Z-1657d5bbd48cpbzgkvtewk0wu000000002wg00000000ax0s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:27 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.5	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:27 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:27 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012327Z-1657d5bbd48762wn1qw4s5sd3000000002gg00000000ztbb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:27 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.5	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:27 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:27 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:27 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012327Z-1657d5bbd482tlqpvyz9e93p5400000002t000000000q2nv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:27 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.5	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:28 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:28 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012328Z-1657d5bbd487nf59mzf5b3gk8n00000002bg00000000mer3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:28 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.5	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:28 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012328Z-1657d5bbd48dfrdj7px744zp8s00000002d000000000vk2t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.5	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:28 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 3c7823fd-401e-0015-0c60-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012328Z-1657d5bbd487nf59mzf5b3gk8n00000002b000000000q58r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.5	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:28 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:28 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012328Z-1657d5bbd482krtfgrg72dfbtn00000002d000000000uue3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:28 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.5	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:28 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:28 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012328Z-1657d5bbd482lxwq1dp2t1zwkc00000002hg00000000bnww x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:28 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.5	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:28 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48tnj6wmberkg2xy800000002wg00000000afyn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.5	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48p2j6x2quer0q02800000002w000000000trgy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.5	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48qjg85buwfdynm5w00000002x0000000009ebs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.5	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48gqrfwecymhhbfm800000001ng000000008et0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.5	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48xsz2nuzq4vfrzg800000002qg000000007kgp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.5	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48gqrfwecymhhbfm800000001h000000000p4y4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.5	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48gqrfwecymhhbfm800000001ng000000008eue x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.5	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48lknvp09v995n79000000002d000000000f2ku x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.5	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:29 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48tnj6wmberkg2xy800000002ug00000000hsb7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:29 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.5	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:29 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:29 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012329Z-1657d5bbd48xdq5dkwwugdpzr0000000035g000000004xs0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:30 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.5	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:30 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:30 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012330Z-1657d5bbd48dfrdj7px744zp8s00000002ng000000000x49 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:30 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.5	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:30 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:30 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012330Z-1657d5bbd48jwrqbupe3ktsx9w0000000330000000000rup x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:30 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.5	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:30 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:30 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012330Z-1657d5bbd48xlwdx82gahegw4000000002zg00000000dd96 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:30 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.5	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:30 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:30 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012330Z-1657d5bbd48cpbzgkvtewk0wu000000002tg00000000pch1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:30 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.5	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:30 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:30 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:30 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 76165599-601e-000d-1a02-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012330Z-1657d5bbd48xsz2nuzq4vfrzg800000002gg00000000xym6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:30 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.5	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:31 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:31 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:31 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012331Z-1657d5bbd48lknvp09v995n79000000002d000000000f2pa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:31 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.5	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:31 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:31 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:31 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012331Z-1657d5bbd48wd55zet5pcra0cg00000002q000000000m9st x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:31 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.5	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:31 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:31 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:31 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: c7b66cba-b01e-005c-04ff-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012331Z-1657d5bbd48xlwdx82gahegw4000000002x000000000qznn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:31 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.5	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:31 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:31 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:31 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 6bee43b5-001e-00a2-2106-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012331Z-1657d5bbd48cpbzgkvtewk0wu000000002w000000000cse6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:31 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.5	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:31 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:31 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:31 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012331Z-1657d5bbd48dfrdj7px744zp8s00000002n0000000002e24 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:31 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.5	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:31 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:32 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012332Z-1657d5bbd48wd55zet5pcra0cg00000002v0000000003410 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:32 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.5	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:32 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:32 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012332Z-1657d5bbd48xlwdx82gahegw4000000002v0000000010w04 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:32 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.5	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:32 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:32 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012332Z-1657d5bbd48762wn1qw4s5sd3000000002gg00000000ztkc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:32 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.5	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:32 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:32 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012332Z-1657d5bbd48gqrfwecymhhbfm800000001mg00000000dfxk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:32 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.5	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:32 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:32 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fcca05a5-501e-00a0-3202-179d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012332Z-1657d5bbd48vhs7r2p1ky7cs5w000000032000000000fuew x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:32 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.5	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:32 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:32 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: fbb49b00-e01e-00aa-4806-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012332Z-1657d5bbd48wd55zet5pcra0cg00000002v000000000341r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:32 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.5	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:32 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:32 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:32 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 31868579-401e-008c-0af2-1686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012332Z-1657d5bbd48qjg85buwfdynm5w00000002xg000000008cgp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:32 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.5	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:32 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:32 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012332Z-1657d5bbd48vlsxxpe15ac3q7n00000002v0000000002d0b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:33 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.5	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:33 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:33 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012333Z-1657d5bbd48wd55zet5pcra0cg00000002ng00000000uqd0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:33 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.5	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:33 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:33 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012333Z-1657d5bbd48tqvfc1ysmtbdrg000000002p000000000bh4a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:33 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.5	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:33 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:33 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012333Z-1657d5bbd48tnj6wmberkg2xy800000002t000000000u5wq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:33 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.5	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:33 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:33 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012333Z-1657d5bbd48vlsxxpe15ac3q7n00000002s000000000csa1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:33 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.5	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:33 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:33 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012333Z-1657d5bbd482lxwq1dp2t1zwkc00000002h000000000d23v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:33 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.5	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:33 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:33 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:33 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 6d2b2f65-e01e-0099-735a-17da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012333Z-1657d5bbd48gqrfwecymhhbfm800000001g000000000ttc6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:33 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.5	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:33 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:33 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012333Z-1657d5bbd48qjg85buwfdynm5w00000002tg00000000svgh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:34 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.5	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:34 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:34 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012334Z-1657d5bbd48gqrfwecymhhbfm800000001hg00000000n2va x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:34 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.5	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:34 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:34 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012334Z-1657d5bbd48tqvfc1ysmtbdrg000000002p000000000bh68 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:34 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:34 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:34 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012334Z-1657d5bbd48jwrqbupe3ktsx9w00000002zg00000000dzdp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:34 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.5	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:34 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:34 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:34 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012334Z-1657d5bbd48xsz2nuzq4vfrzg800000002r0000000004u3x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:34 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:35 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:35 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012335Z-1657d5bbd48sqtlf1huhzuwq7000000002dg00000000tbz9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:35 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.5	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:35 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:35 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012335Z-1657d5bbd48sdh4cyzadbb374800000002kg00000000h3yq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:35 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.5	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:35 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:35 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012335Z-1657d5bbd48762wn1qw4s5sd3000000002r000000000595a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:35 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.5	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:35 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:35 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012335Z-1657d5bbd482krtfgrg72dfbtn00000002m00000000065p2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:35 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.5	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:35 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:35 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:35 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 635e2ff4-801e-0035-1973-17752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012335Z-1657d5bbd48dfrdj7px744zp8s00000002ng000000000xdc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:35 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:35 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd48brl8we3nu8cxwgn00000002z000000000yf8t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:36 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	49876	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:36 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd48wd55zet5pcra0cg00000002n000000000w21s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:36 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	49877	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:36 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd48xdq5dkwwugdpzr0000000032g00000000g8by x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:36 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:36 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd48xsz2nuzq4vfrzg800000002m000000000mb7b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:36 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:36 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd48sqtlf1huhzuwq7000000002kg000000005r29 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:36 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.5	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:36 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd48gqrfwecymhhbfm800000001hg00000000n2y7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:36 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:36 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd482lxwq1dp2t1zwkc00000002d000000000x9mu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:36 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:36 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:36 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd48t66tjar5xuq22r800000002p000000000t45p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:36 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:36 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:36 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012336Z-1657d5bbd48xdq5dkwwugdpzr0000000036g000000000hhr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:37 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.5	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:37 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:37 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012337Z-1657d5bbd48sdh4cyzadbb374800000002kg00000000h41k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:37 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:37 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:37 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012337Z-1657d5bbd48qjg85buwfdynm5w00000002t000000000r52h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:37 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.5	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:37 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:37 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012337Z-1657d5bbd48q6t9vvmrkd293mg00000002q000000000p1sc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:37 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.5	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:37 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:37 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: b1fbfe33-a01e-003d-4fd4-1698d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012337Z-1657d5bbd482lxwq1dp2t1zwkc00000002k000000000bfq8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:37 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.5	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:37 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:37 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:37 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 770fdf22-501e-0035-0d02-17c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012337Z-1657d5bbd48tqvfc1ysmtbdrg000000002h000000000uqpn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:37 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.5	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:37 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:38 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: c55b1dc3-701e-0097-42e9-16b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012338Z-1657d5bbd48tqvfc1ysmtbdrg000000002rg000000003b11 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:38 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.5	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:38 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:38 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 4543d13f-701e-0050-5a04-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012338Z-1657d5bbd48gqrfwecymhhbfm800000001hg00000000n309 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:38 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.5	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:38 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:38 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: fba86ca6-e01e-00aa-5200-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012338Z-1657d5bbd4824mj9d6vp65b6n400000002w000000000vwa8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:38 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.5	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 01:23:38 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 01:23:38 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 01:23:38 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: 961c0255-701e-005c-1406-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T012338Z-1657d5bbd48jwrqbupe3ktsx9w00000002yg00000000h2e2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 01:23:38 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Target ID:	0
Start time:	21:22:59
Start date:	06/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xb60000
File size:	919'040 bytes
MD5 hash:	A914737C9AF5014B7CD65B6649094707
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000000.00000002.3303032087.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	21:22:59
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xf80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	21:22:59
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	21:22:59
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xf80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	21:22:59
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	21:22:59
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xf80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	21:22:59
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	21:23:00
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xf80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	21:23:00
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	21:23:00
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xf80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	21:23:00
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	21:23:01
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	21:23:02
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	21:23:13
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	21:23:13
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=2020,i,14012305356016186702,9663531477118597042,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.7%
Total number of Nodes:	1553
Total number of Limit Nodes:	51

Executed Functions

Function 00B642DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00B6430D

Part of subcall function 00B66B57: _wcslen.LIBCMT ref: 00B66B6A

GetCurrentProcess.KERNEL32(?,00BFCB64,00000000,?,?), ref: 00B64422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00B64429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00B64454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00B64466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00B64474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00B6447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00B644A0

Strings

GetNativeSystemInfo, xrefs: 00B64460
kernel32.dll, xrefs: 00B6444F
|O, xrefs: 00BA36F8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 240488dea82d6a38e135992f733709cc12d1ebec5fb41ed7f64fa84ccdd9905b
Instruction ID: 1dbe50aecfd7d6a5b96f91be9337c7c13af949a556d9d2477149b227072273ab
Opcode Fuzzy Hash: 240488dea82d6a38e135992f733709cc12d1ebec5fb41ed7f64fa84ccdd9905b
Instruction Fuzzy Hash: 69A1927597E6C4DFC791D7697C827AD7FE4AB27700B0C48D9E84193B32DA244A48CB21

Function 00B642A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00B650AA,?,?,00000000,00000000), ref: 00B642B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00B650AA,?,?,00000000,00000000), ref: 00B642C9
LoadResource.KERNEL32(?,00000000,?,?,00B650AA,?,?,00000000,00000000,?,?,?,?,?,?,00B64F20), ref: 00BA35BE
SizeofResource.KERNEL32(?,00000000,?,?,00B650AA,?,?,00000000,00000000,?,?,?,?,?,?,00B64F20), ref: 00BA35D3
LockResource.KERNEL32(00B650AA,?,?,00B650AA,?,?,00000000,00000000,?,?,?,?,?,?,00B64F20,?), ref: 00BA35E6

Strings

SCRIPT, xrefs: 00B642BF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 72a85dec11a76bcc1c75d700aa10cde2a9275d423ee54c47c3c19422014f719f
Instruction ID: 90e7b3c68415bbf48626b3781c966682ce71b214e5e6dc4d7141d02f7402a949
Opcode Fuzzy Hash: 72a85dec11a76bcc1c75d700aa10cde2a9275d423ee54c47c3c19422014f719f
Instruction Fuzzy Hash: 6B115A70201604AFDB218B65DD58F277BB9EBC5B51F2081A9F40297260DB71D854CA20

Function 00BA2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00B62B6B

Part of subcall function 00B63A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00C31418,?,00B62E7F,?,?,?,00000000), ref: 00B63A78

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00C22224), ref: 00BA2C10
ShellExecuteW.SHELL32(00000000,?,?,00C22224), ref: 00BA2C17

Strings

runas, xrefs: 00BA2C0B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 128cc0011cce76cb49581cbc7c4d329398bcf7f0cee9dfb9bc10c3437ced50b3
Instruction ID: a09d71e5130bef8387738d0374481a7820e926ba06faff045e1ef62ae1cad406
Opcode Fuzzy Hash: 128cc0011cce76cb49581cbc7c4d329398bcf7f0cee9dfb9bc10c3437ced50b3
Instruction Fuzzy Hash: 8811E931208345AED704FF64D951ABEBBE4DF95750F4C04ADF582531A2CF39894AD712

Function 00BEA67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00BEA6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00BEA6BA

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Process32NextW.KERNEL32(00000000,?), ref: 00BEA79C
CloseHandle.KERNELBASE(00000000), ref: 00BEA7AB

Part of subcall function 00B7CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00BA3303,?), ref: 00B7CE8A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: f318a3c08fbe61e502f92f27c839d53b34f26ff2f6bc351cbd86ac91c5f0412c
Instruction ID: 9e379616a46b1a419e7cdd80ea176a512aabf9c3996e3695fdc0da981411221c
Opcode Fuzzy Hash: f318a3c08fbe61e502f92f27c839d53b34f26ff2f6bc351cbd86ac91c5f0412c
Instruction Fuzzy Hash: 94514D715083409FD710EF25C886E6BBBE8FF89754F00895DF599972A1EB34E904CB92

Function 00BCDBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00BA5222), ref: 00BCDBCE
GetFileAttributesW.KERNELBASE(?), ref: 00BCDBDD
FindFirstFileW.KERNEL32(?,?), ref: 00BCDBEE
FindClose.KERNEL32(00000000), ref: 00BCDBFA

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 9df335126ff60e85b0ec6ac2244eda2f3f473665f98affeee918764d707cf5ac
Instruction ID: 20dcd2d4351e2390746503bd065cf1a66fb5f0a1e56caf8a70a798773b412206
Opcode Fuzzy Hash: 9df335126ff60e85b0ec6ac2244eda2f3f473665f98affeee918764d707cf5ac
Instruction Fuzzy Hash: 9BF0A0308109185782206F7CAE0D9BB3BACDE01334B104B5AF836C30E0EFB06994C695

Function 00BEAFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00BEB198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00BEB1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00BEB1D4
_wcslen.LIBCMT ref: 00BEB200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00BEB214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00BEB236
_wcslen.LIBCMT ref: 00BEB332

Part of subcall function 00BD05A7: GetStdHandle.KERNEL32(000000F6), ref: 00BD05C6

_wcslen.LIBCMT ref: 00BEB34B
_wcslen.LIBCMT ref: 00BEB366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00BEB3B6
GetLastError.KERNEL32(00000000), ref: 00BEB407
CloseHandle.KERNEL32(?), ref: 00BEB439
CloseHandle.KERNEL32(00000000), ref: 00BEB44A
CloseHandle.KERNEL32(00000000), ref: 00BEB45C
CloseHandle.KERNEL32(00000000), ref: 00BEB46E
CloseHandle.KERNEL32(?), ref: 00BEB4E3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 850cbb73220f3ee9827349f9ce88937e5d5fdb414b31e4e5c734e756027179ce
Instruction ID: e1f655454cecd9d4be42776e6c20774e61b2d3d983d99146565ce2dccf2789aa
Opcode Fuzzy Hash: 850cbb73220f3ee9827349f9ce88937e5d5fdb414b31e4e5c734e756027179ce
Instruction Fuzzy Hash: 5CF15A315082409FC714EF25C891F6BBBE5EF85314F14859DF89A9B2A2DB35EC44CB52

Function 00B6D730 Relevance: 21.6, APIs: 14, Instructions: 619windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00B6D807
timeGetTime.WINMM ref: 00B6DA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B6DB28
TranslateMessage.USER32(?), ref: 00B6DB7B
DispatchMessageW.USER32(?), ref: 00B6DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B6DB9F
Sleep.KERNELBASE(0000000A), ref: 00B6DBB1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 7274d061368f1673619746bf22afcc3a2d1baca18fcbd3c81c134b08b170308c
Instruction ID: 8784bf7612ef82eebcbf1923cc9455d19caf12665127055079a5e6c0b8c19bf0
Opcode Fuzzy Hash: 7274d061368f1673619746bf22afcc3a2d1baca18fcbd3c81c134b08b170308c
Instruction Fuzzy Hash: 3A42C230B08645DFD728CF24C894BBABBE0FF45304F5886A9E56587291D7B4E844CB92

Function 00B62CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00B62D07
RegisterClassExW.USER32(00000030), ref: 00B62D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B62D42
InitCommonControlsEx.COMCTL32(?), ref: 00B62D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00B62D6F
LoadIconW.USER32(000000A9), ref: 00B62D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00B62D94

Strings

0, xrefs: 00B62CE9
+, xrefs: 00B62CF0
TaskbarCreated, xrefs: 00B62D37
AutoIt v3 GUI, xrefs: 00B62D23

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 179ab510fc8147eeb89b3e83c671cc28a1abe3d71664d6d1215da76b177899b7
Instruction ID: f2056b32ee1e4a781b05841c200f1e6994df85dfdda85d5862c7196bee0e9b74
Opcode Fuzzy Hash: 179ab510fc8147eeb89b3e83c671cc28a1abe3d71664d6d1215da76b177899b7
Instruction Fuzzy Hash: 4E21B2B591131CAFDB00DFA4E949BEDBFB4FB08700F04811AEA11A72A0DBB15584CF95

Function 00BA065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BA039A: CreateFileW.KERNELBASE(00000000,00000000,?,00BA0704,?,?,00000000,?,00BA0704,00000000,0000000C), ref: 00BA03B7

GetLastError.KERNEL32 ref: 00BA076F
__dosmaperr.LIBCMT ref: 00BA0776
GetFileType.KERNELBASE(00000000), ref: 00BA0782
GetLastError.KERNEL32 ref: 00BA078C
__dosmaperr.LIBCMT ref: 00BA0795
CloseHandle.KERNEL32(00000000), ref: 00BA07B5
CloseHandle.KERNEL32(?), ref: 00BA08FF
GetLastError.KERNEL32 ref: 00BA0931
__dosmaperr.LIBCMT ref: 00BA0938

Strings

H, xrefs: 00BA08BD

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 6429c32c6b80fef3c75d6eb9fe7be9dd49547499fa2e7c5cc2721c2d89c267b2
Instruction ID: 979a1bb38ae0285b910a144d3b9f93ce1600edeb5e661e73dcee0ea699b8e00f
Opcode Fuzzy Hash: 6429c32c6b80fef3c75d6eb9fe7be9dd49547499fa2e7c5cc2721c2d89c267b2
Instruction Fuzzy Hash: ABA10932A281098FDF19BF68D851BAE7BE0EB0A324F140199F815DB291DB359D12CB95

Function 00B6344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B63A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00C31418,?,00B62E7F,?,?,?,00000000), ref: 00B63A78

Part of subcall function 00B63357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00B63379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00B6356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00BA318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00BA31CE
RegCloseKey.ADVAPI32(?), ref: 00BA3210
_wcslen.LIBCMT ref: 00BA3277
_wcslen.LIBCMT ref: 00BA3286

Strings

Software\AutoIt v3\AutoIt, xrefs: 00B63560
\, xrefs: 00BA328C
Include, xrefs: 00BA3184, 00BA31C5
\Include\, xrefs: 00B63527

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 48186c30442d11556e20d57b2484fff78276aa9fc3cef7b0ee24c4fc07dff9d0
Instruction ID: 7179be431f52bea53873614262637f4f1c3eae99d3b6385805afb7b0685b4c64
Opcode Fuzzy Hash: 48186c30442d11556e20d57b2484fff78276aa9fc3cef7b0ee24c4fc07dff9d0
Instruction Fuzzy Hash: C4718A714183059ECB54EF65EC82AAFBBE8FF95740F40486EF545931B0EB349A48CB62

Function 00B62B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00B62B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00B62B9D
LoadIconW.USER32(00000063), ref: 00B62BB3
LoadIconW.USER32(000000A4), ref: 00B62BC5
LoadIconW.USER32(000000A2), ref: 00B62BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00B62BEF
RegisterClassExW.USER32(?), ref: 00B62C40

Part of subcall function 00B62CD4: GetSysColorBrush.USER32(0000000F), ref: 00B62D07
Part of subcall function 00B62CD4: RegisterClassExW.USER32(00000030), ref: 00B62D31
Part of subcall function 00B62CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B62D42
Part of subcall function 00B62CD4: InitCommonControlsEx.COMCTL32(?), ref: 00B62D5F
Part of subcall function 00B62CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00B62D6F
Part of subcall function 00B62CD4: LoadIconW.USER32(000000A9), ref: 00B62D85
Part of subcall function 00B62CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00B62D94

Strings

0, xrefs: 00B62C0F
AutoIt v3, xrefs: 00B62C2F
#, xrefs: 00B62C16

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: adeb85f2559daa972195bc64698b0329e25fa52e0ece85d891a6edb9b6faf329
Instruction ID: 1645c6a3200eb7b17256c156a0bc03978a0a3553fafd9b23f7e1fa74b816f783
Opcode Fuzzy Hash: adeb85f2559daa972195bc64698b0329e25fa52e0ece85d891a6edb9b6faf329
Instruction Fuzzy Hash: E1214971E20318AFDB509FA6ED45BADBFB4FB08B50F08005AEA00A76B0D7B10954CF90

Function 00B63170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00B6316A,?,?), ref: 00B631D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00B6316A,?,?), ref: 00B63204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00B63227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00B6316A,?,?), ref: 00B63232
CreatePopupMenu.USER32 ref: 00B63246
PostQuitMessage.USER32(00000000), ref: 00B63267

Strings

TaskbarCreated, xrefs: 00B6322D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 7526a83f26872b6b807de73d887f79cfdeb4c417dd210acd6e42461468275e6c
Instruction ID: 9579ef90e2b21c879097ff61bcd7ee2973574db7148cb20efdaeeef9ae15b4b5
Opcode Fuzzy Hash: 7526a83f26872b6b807de73d887f79cfdeb4c417dd210acd6e42461468275e6c
Instruction Fuzzy Hash: 45411831264204ABDF146B7C9D99B7D3AD9EB06B50F0801A5FE02D72A1CB799E80DB61

Function 00B62C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00B62C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00B62CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00B61CAD,?), ref: 00B62CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00B61CAD,?), ref: 00B62CCF

Strings

AutoIt v3, xrefs: 00B62C89, 00B62C8E, 00B62C8F
edit, xrefs: 00B62CAC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: 72857aebde6c4133cdd5abf6d09263425c8a72948dd9911b54173c89fc4d982f
Instruction ID: d152f9f95494e02e3bf0b5cc80681b2fbe1c219c39ed3e06aa4abd18e382f03f
Opcode Fuzzy Hash: 72857aebde6c4133cdd5abf6d09263425c8a72948dd9911b54173c89fc4d982f
Instruction Fuzzy Hash: AEF0DA755502987EEB711B17AC08FBB6EBDD7C6F50B04405AFE04A35B0C6615898DEB0

Function 00B92DF8 Relevance: 7.6, APIs: 5, Instructions: 53
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,?,00B8F2DE,00B93863,00C31444,?,00B7FDF5,?,?,00B6A976,00000010,00C31440,00B613FC,?,00B613C6), ref: 00B92DFD
_free.LIBCMT ref: 00B92E32
_free.LIBCMT ref: 00B92E59
SetLastError.KERNEL32(00000000,00B61129), ref: 00B92E66
SetLastError.KERNEL32(00000000,00B61129), ref: 00B92E6F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 6692cc3fcc62fd629e3f0fb370dcb385f989b28d81df06c7c980915970c23333
Instruction ID: 0f7634020965e4e23ee2e83bb1d8afa43b6dca3e4e819759692b05f081f0fd49
Opcode Fuzzy Hash: 6692cc3fcc62fd629e3f0fb370dcb385f989b28d81df06c7c980915970c23333
Instruction Fuzzy Hash: A801A432E45E007BCE1267746DC6E2F2AEDEFD17A5B2540B9F425A3292EF748C414160

Function 00B63B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00B63B0F,SwapMouseButtons,00000004,?), ref: 00B63B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00B63B0F,SwapMouseButtons,00000004,?), ref: 00B63B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00B63B0F,SwapMouseButtons,00000004,?), ref: 00B63B83

Strings

Control Panel\Mouse, xrefs: 00B63B3E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: aaae925e4bdb2bb62a1dcf484e1f7ddcfc3709abebed9decafff858cacf06650
Instruction ID: fb74a1526914a202e27c69ab16e28094c7332741c717dea93dddd6565c40903a
Opcode Fuzzy Hash: aaae925e4bdb2bb62a1dcf484e1f7ddcfc3709abebed9decafff858cacf06650
Instruction Fuzzy Hash: 951157B1610208FFDB208FA4DC84EEEBBF8EF05B40B1484AAE901D7110E6319E409BA0

Function 00B63923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00BA33A2

Part of subcall function 00B66B57: _wcslen.LIBCMT ref: 00B66B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00B63A04

Strings

Line: , xrefs: 00BA33EB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 438139af449257a151c28303531e1b6aedd37a2f8b5ce0490b328c4d8f59f301
Instruction ID: 715ac9b7d6644f5ab6df6c8aecec7c74482d60e9d6f46bcb94b446fcd34da6b6
Opcode Fuzzy Hash: 438139af449257a151c28303531e1b6aedd37a2f8b5ce0490b328c4d8f59f301
Instruction Fuzzy Hash: 6831D271408304AED725EB20DC45BEFB7D8AF40B10F0845AAF59A931E1DF789A48CBC6

Function 00B7FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00B80668

Part of subcall function 00B832A4: RaiseException.KERNEL32(?,?,?,00B8068A,?,00C31444,?,?,?,?,?,?,00B8068A,00B61129,00C28738,00B61129), ref: 00B83304

__CxxThrowException@8.LIBVCRUNTIME ref: 00B80685

Strings

Unknown exception, xrefs: 00B80692

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: af1dc297fc7c23029b57602498e7627a6f23c24432b4a4fd4f552728e5a46549
Instruction ID: 47c005a4a9fa5d52c66e64da7983987cc9b6ec5b33b5b10ffdf733e99523b922
Opcode Fuzzy Hash: af1dc297fc7c23029b57602498e7627a6f23c24432b4a4fd4f552728e5a46549
Instruction Fuzzy Hash: FFF0C83490020EB78B14BA64E886CAD77EC9E00750B6085F1B928965B1EF71DA5DC794

Function 00B610F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00B61BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00B61BF4
Part of subcall function 00B61BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00B61BFC
Part of subcall function 00B61BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00B61C07
Part of subcall function 00B61BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00B61C12
Part of subcall function 00B61BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00B61C1A
Part of subcall function 00B61BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00B61C22

Part of subcall function 00B61B4A: RegisterWindowMessageW.USER32(00000004,?,00B612C4), ref: 00B61BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00B6136A
OleInitialize.OLE32 ref: 00B61388
CloseHandle.KERNEL32(00000000,00000000), ref: 00BA24AB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 507f0b67267a72b3238378df9a496dd45689cfc0a174e6cf72b3e9de648dc282
Instruction ID: 714a5882653e6f94f6da1f85f4bf4e8df5c1b6bb42233e6c8945dfcfb7976d4f
Opcode Fuzzy Hash: 507f0b67267a72b3238378df9a496dd45689cfc0a174e6cf72b3e9de648dc282
Instruction Fuzzy Hash: DA71EAB59313048FC784EFB9A9457AD3AE0FB8934071D866AED0AC73A1EB344445CF59

Function 00BCC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B63923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00B63A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00BCC259
KillTimer.USER32(?,00000001,?,?), ref: 00BCC261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00BCC270

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 5f85e43286a44792cf3659dc8b3cee81570abedb92c6608fca0b089814996fa5
Instruction ID: 2b763749cf961eaf87f9d957e5f32e10410dd41bb990b927caf7eeea3904d18f
Opcode Fuzzy Hash: 5f85e43286a44792cf3659dc8b3cee81570abedb92c6608fca0b089814996fa5
Instruction Fuzzy Hash: D0319170904344AFEB729F648895BEBBFECAB26308F0404DED6DEA7241C7745A84CB51

Function 00B986AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00B985CC,?,00C28CC8,0000000C), ref: 00B98704
GetLastError.KERNEL32(?,00B985CC,?,00C28CC8,0000000C), ref: 00B9870E
__dosmaperr.LIBCMT ref: 00B98739

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 553c994e8f7373f3f7f21b0869e6f368cc572bd964fad5be4d8063af49b39095
Instruction ID: f15f9d2fa204843af4b4d74f50e35f0100ef725e44a961ea1a5898a37b27a80b
Opcode Fuzzy Hash: 553c994e8f7373f3f7f21b0869e6f368cc572bd964fad5be4d8063af49b39095
Instruction Fuzzy Hash: B8012633A0962027DE356274A845B7E6BD98B83774F3901F9F9198F1D2DEB48C81C294

Function 00B6DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00B6DB7B
DispatchMessageW.USER32(?), ref: 00B6DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B6DB9F
Sleep.KERNELBASE(0000000A), ref: 00B6DBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00BB1CC9

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 6afe2bd9fa82a225ff39a7cc594d56da23e80e88a430aa1f64981591c21d6a47
Instruction ID: 2f6c0029be1538dae536d6fe47405864b49fc922ba0841663d4c5c73a34dc9d2
Opcode Fuzzy Hash: 6afe2bd9fa82a225ff39a7cc594d56da23e80e88a430aa1f64981591c21d6a47
Instruction Fuzzy Hash: 14F05E316143449BEB30DBA08C99FFA77E8EB48310F544959E61A870D0DB74A488CB16

Function 00B71310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00B717F6

Strings

CALL, xrefs: 00B717C6

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 3d7a82fd50e356cc553c07fdb2f886c9ee30cc2d091a21f579a235653217fcc6
Instruction ID: 2eb3834fad85307dbf2d9587a7f03e02904d75c17e6e4ed2db7dfb29ea9422e3
Opcode Fuzzy Hash: 3d7a82fd50e356cc553c07fdb2f886c9ee30cc2d091a21f579a235653217fcc6
Instruction Fuzzy Hash: 6C2289706082019FC714DF18C490A6ABBF1FF95314F1489ADF4AA8B3A1D775ED45CBA2

Function 00B62DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00BA2C8C

Part of subcall function 00B63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B63A97,?,?,00B62E7F,?,?,?,00000000), ref: 00B63AC2

Part of subcall function 00B62DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00B62DC4

Strings

X, xrefs: 00BA2C5A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 4b8f0f0ad114f48d95a5bb2956765d064aae98424fb37b41aec4e2000efaae3c
Instruction ID: 05bd0b9527b1892c66f3430bbf4c9182a476e0bd6b952cc424edbf4892f79365
Opcode Fuzzy Hash: 4b8f0f0ad114f48d95a5bb2956765d064aae98424fb37b41aec4e2000efaae3c
Instruction Fuzzy Hash: 3221A571A002989FDF41EF98D845BEE7BF8EF49714F008099E505A7241DFB85A89CF61

Function 00B63837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00B63908

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 23468f39487a34e84dcbce4b65de20e71b28291f703af0aabe0e4b0f20e31bbf
Instruction ID: 65c30d81396580b22907a0cc207a648bdc697252df72aebf58ae6957c8e20dd9
Opcode Fuzzy Hash: 23468f39487a34e84dcbce4b65de20e71b28291f703af0aabe0e4b0f20e31bbf
Instruction Fuzzy Hash: 3831A2705047019FD760DF24D8847DBBBE8FB49B08F04096EFA9A83290E775AA44CB52

Function 00B7F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00B7F661

Part of subcall function 00B6D730: GetInputState.USER32 ref: 00B6D807

Sleep.KERNEL32(00000000), ref: 00BBF2DE

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: e6cba91e7c8a9767c0097762e2fddc3ec2ed322e1c1218bfd4a9256e44f2858f
Instruction ID: 76174f5aa5c7ffa12633d390bbb6ffc52ec6acc3e9842a66673a0def6fa836a4
Opcode Fuzzy Hash: e6cba91e7c8a9767c0097762e2fddc3ec2ed322e1c1218bfd4a9256e44f2858f
Instruction Fuzzy Hash: 41F08C312402059FD310EF69D959FBABBE8EF55760F0040B9E85AC7361EB70AC40CB91

Function 00B6B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00B6BB4E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: cd7608b4507235d6835cb08f2b5cac96e027737396dfd7f1340133acf96628eb
Instruction ID: d2da48bd98efa7b9dddadf040b4c292be68fbc304c1b8ed3eaf2080c03b82169
Opcode Fuzzy Hash: cd7608b4507235d6835cb08f2b5cac96e027737396dfd7f1340133acf96628eb
Instruction Fuzzy Hash: 2E327A71A102099FDF24DF58C894EBEB7F9EF44304F148099E915AB261D7B8ED81CB51

Function 00B64ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B64E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B64EDD,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64E9C
Part of subcall function 00B64E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00B64EAE
Part of subcall function 00B64E90: FreeLibrary.KERNEL32(00000000,?,?,00B64EDD,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64EFD

Part of subcall function 00B64E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00BA3CDE,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64E62
Part of subcall function 00B64E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00B64E74
Part of subcall function 00B64E59: FreeLibrary.KERNEL32(00000000,?,?,00BA3CDE,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64E87

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 64711ae935146f381795a60ec3a3e9e38ff187543a5bfd6c90e33f28657b63b2
Instruction ID: bbf1136367744c18312e96bc89b6bfd968333a87e7f25c01dd4cd029ebe316c9
Opcode Fuzzy Hash: 64711ae935146f381795a60ec3a3e9e38ff187543a5bfd6c90e33f28657b63b2
Instruction Fuzzy Hash: 7E112332600705AACB25BB60DC02FED77E4AF40B10F2084AEF546A71D1EF799A459B90

Function 00B98402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00B98440

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 8521b21c96813b3bb9dbf78b3aae857502d6818484b4ee006cdfcd4978753587
Instruction ID: 3cfaca47b8c41f26a7534fb45046bb09d2ad4ceb958e256927b467edb2852220
Opcode Fuzzy Hash: 8521b21c96813b3bb9dbf78b3aae857502d6818484b4ee006cdfcd4978753587
Instruction Fuzzy Hash: 5A11187590410AAFCF05DF58E941A9E7BF5EF49314F1040A9F808AB312DA31DA11CBA5

Function 00BF29BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,00BF14B5,?), ref: 00BF2A01

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: da322363084128c0c1e926f3bee0f09841f452ded95415ed20beefb9fc629c65
Instruction ID: 1e3ec770456432a6f06bf9ed2a2fcd72a5d046058655cd0484329a9078f2c5d0
Opcode Fuzzy Hash: da322363084128c0c1e926f3bee0f09841f452ded95415ed20beefb9fc629c65
Instruction Fuzzy Hash: 3701B136300A459FD325CB2CC494B3237D2EB85314F29C4A8C2478B291DB32FC46C7A0

Function 00B8E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 843299ac119ce96f31a33c8428911f700e8bdf12ec91f8a774d7fa2e90c25d91
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 89F0F432510A14A6DA313A69DC05B5A37D89F53330F1407F6F434962F2EB74D802CBA5

Function 00B94C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00B61129,00000000,?,00B92E29,00000001,00000364,?,?,?,00B8F2DE,00B93863,00C31444,?,00B7FDF5,?), ref: 00B94CBE

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 1c5fafb77ed47a9f1afd189897b69fd75b4b9fd7fcb9e14aeec473a838f656d5
Instruction ID: 0e1d47889ad0f31a23e5040a5e872804b21eb8cf756c011329229d7f10634d10
Opcode Fuzzy Hash: 1c5fafb77ed47a9f1afd189897b69fd75b4b9fd7fcb9e14aeec473a838f656d5
Instruction Fuzzy Hash: A6F0B4316022256EDF216F729C05F5B37E8FF417A1B1542B5B819A7191CB70D802C6A0

Function 00B93820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00C31444,?,00B7FDF5,?,?,00B6A976,00000010,00C31440,00B613FC,?,00B613C6,?,00B61129), ref: 00B93852

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d55df8a9d889606ecbf539f54c179d0fdec8d30d75e6dfeb7738252080693856
Instruction ID: 9a57fe23ee88494276b1ea98af9a26c3360b1144ed6125eed39fb71ebca2468c
Opcode Fuzzy Hash: d55df8a9d889606ecbf539f54c179d0fdec8d30d75e6dfeb7738252080693856
Instruction Fuzzy Hash: A8E0E5311006259ADE213A679C84B9A36C9EF42FB0F1500F1BD05928A0DB10DE01D3E0

Function 00B64F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64F6D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: df038e427abc4e16661d9b3b62f00030268ec8d5f240bc17efa231a0ce27bab4
Instruction ID: d00264b31117becdeeab14f33713bd587b4a4ba9b84c3e78c62e7e170cee7826
Opcode Fuzzy Hash: df038e427abc4e16661d9b3b62f00030268ec8d5f240bc17efa231a0ce27bab4
Instruction Fuzzy Hash: ACF03071105B51CFDB389F64D490822BBE4EF1431931089BEE1EE83521CB359844DF10

Function 00BF2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00BF2A66

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 56fa18146ae1696a48162fa38ba1a9cf85d99986448403ae7a96a7a3e8075b5a
Instruction ID: 70f1b3e0ea44646919c4417a077a7541c5ec97040be16b3c0cbbe583c3d65b79
Opcode Fuzzy Hash: 56fa18146ae1696a48162fa38ba1a9cf85d99986448403ae7a96a7a3e8075b5a
Instruction Fuzzy Hash: 0BE04F3635411AAAC714EB30EC809FAB7DCEB5039571045BAAD56D3100EB309A99D6A0

Function 00B62DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00B62DC4

Part of subcall function 00B66B57: _wcslen.LIBCMT ref: 00B66B6A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 9d0e406b374f023fc2157e9d73b6d7a5e726691cf60d717cfae38fd9141a09ac
Instruction ID: 41e37ecc4d51e391596d02710fb86e3fd042a8dc7651a1f20ea25244f9498668
Opcode Fuzzy Hash: 9d0e406b374f023fc2157e9d73b6d7a5e726691cf60d717cfae38fd9141a09ac
Instruction Fuzzy Hash: BEE0CD766041245BC710965C9C06FEA77DDDFC8790F0440B1FD09D7248D964AD80C550

Function 00B62B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00B63837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00B63908

Part of subcall function 00B6D730: GetInputState.USER32 ref: 00B6D807

SetCurrentDirectoryW.KERNEL32(?), ref: 00B62B6B

Part of subcall function 00B630F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00B6314E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: be87d52e4eb1e90f1dfc79982caa3c9c161b08cde17adfcbfa69ff9e4607d0bb
Instruction ID: 59ec40c68d448488f95245932435815bc0040495fc7400094f295e4faf94ce1b
Opcode Fuzzy Hash: be87d52e4eb1e90f1dfc79982caa3c9c161b08cde17adfcbfa69ff9e4607d0bb
Instruction Fuzzy Hash: 64E0CD317042840BCA08BB75A8526BDF7D9DBD1751F4419BEF546431A3CF3D49498352

Function 00BA039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00BA0704,?,?,00000000,?,00BA0704,00000000,0000000C), ref: 00BA03B7

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6f87200e69c9e59d16f50962c195aeb5d46468cc2d8cb90337cedb4864f83cec
Instruction ID: 1536021126fcaccfb6c8da31c26aa86778ab0494f2377f1aa97fcf891fbedf8c
Opcode Fuzzy Hash: 6f87200e69c9e59d16f50962c195aeb5d46468cc2d8cb90337cedb4864f83cec
Instruction Fuzzy Hash: 36D06C3204010DBBDF028F84DD06EDA3FAAFB48714F014000BE1866020C732E971EB90

Function 00B61CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00B61CBC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 67cfda639c983899ccac04df6f097b47cbd51309ecbf4e043110c5cca879c57a
Instruction ID: 47db01a20c56d3fe3aaf6db96fe3e3f97650eb12e61011dd03924c4fb6945017
Opcode Fuzzy Hash: 67cfda639c983899ccac04df6f097b47cbd51309ecbf4e043110c5cca879c57a
Instruction Fuzzy Hash: 63C09236290308AFF6148B80BD4BF287B64A358B01F088001FA09AB5F3C7A22864EA50

Non-executed Functions

Function 00BF9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00BF961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00BF965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00BF969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BF96C9
SendMessageW.USER32 ref: 00BF96F2
GetKeyState.USER32(00000011), ref: 00BF978B
GetKeyState.USER32(00000009), ref: 00BF9798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00BF97AE
GetKeyState.USER32(00000010), ref: 00BF97B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BF97E9
SendMessageW.USER32 ref: 00BF9810
SendMessageW.USER32(?,00001030,?,00BF7E95), ref: 00BF9918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00BF992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00BF9941
SetCapture.USER32(?), ref: 00BF994A
ClientToScreen.USER32(?,?), ref: 00BF99AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00BF99BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00BF99D6
ReleaseCapture.USER32 ref: 00BF99E1
GetCursorPos.USER32(?), ref: 00BF9A19
ScreenToClient.USER32(?,?), ref: 00BF9A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00BF9A80
SendMessageW.USER32 ref: 00BF9AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00BF9AEB
SendMessageW.USER32 ref: 00BF9B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00BF9B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00BF9B4A
GetCursorPos.USER32(?), ref: 00BF9B68
ScreenToClient.USER32(?,?), ref: 00BF9B75
GetParent.USER32(?), ref: 00BF9B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00BF9BFA
SendMessageW.USER32 ref: 00BF9C2B
ClientToScreen.USER32(?,?), ref: 00BF9C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00BF9CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00BF9CDE
SendMessageW.USER32 ref: 00BF9D01
ClientToScreen.USER32(?,?), ref: 00BF9D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00BF9D82

Part of subcall function 00B79944: GetWindowLongW.USER32(?,000000EB), ref: 00B79952

GetWindowLongW.USER32(?,000000F0), ref: 00BF9E05

Strings

F, xrefs: 00BF9D07
@GUI_DRAGID, xrefs: 00BF997D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 69299c0cd9348b57a4038412ff8bf569a40accfcb2aae3bc1c22df08605d58f4
Instruction ID: bf1036f9883fc9924598a2981710cad81fa117034cbd3d62fa7faad7aafd9ba8
Opcode Fuzzy Hash: 69299c0cd9348b57a4038412ff8bf569a40accfcb2aae3bc1c22df08605d58f4
Instruction Fuzzy Hash: 7B428D34204209AFDB24DF24CD84BBABBE5FF49710F144699F699C72A1DB31A898CF51

Function 00BF4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00BF48F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00BF4908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00BF4927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00BF494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00BF495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00BF497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00BF49AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00BF49D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00BF4A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00BF4A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00BF4A7E
IsMenu.USER32(?), ref: 00BF4A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BF4AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BF4B20
GetWindowLongW.USER32(?,000000F0), ref: 00BF4B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00BF4BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00BF4C82
wsprintfW.USER32 ref: 00BF4CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00BF4CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00BF4CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00BF4D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00BF4D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00BF4D5A

Strings

%d/%02d/%02d, xrefs: 00BF4CA8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 6e5a8048c01940ab5c4eb9526904c727b02c2286a7ddaffb0883cc0d3071bd38
Instruction ID: f0acfa45b78fd4878151f6dd17c84209c81f0449f8b871a0477bc1a19d350465
Opcode Fuzzy Hash: 6e5a8048c01940ab5c4eb9526904c727b02c2286a7ddaffb0883cc0d3071bd38
Instruction Fuzzy Hash: 6812CF71600259ABEB248F28CC49FBF7BF8EF45710F1041A9FA1ADB2A1DB749945CB50

Function 00B7F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00B7F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BBF474
IsIconic.USER32(00000000), ref: 00BBF47D
ShowWindow.USER32(00000000,00000009), ref: 00BBF48A
SetForegroundWindow.USER32(00000000), ref: 00BBF494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00BBF4AA
GetCurrentThreadId.KERNEL32 ref: 00BBF4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00BBF4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00BBF4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00BBF4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00BBF4DE
SetForegroundWindow.USER32(00000000), ref: 00BBF4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00BBF4F6
keybd_event.USER32(00000012,00000000), ref: 00BBF501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00BBF50B
keybd_event.USER32(00000012,00000000), ref: 00BBF510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00BBF519
keybd_event.USER32(00000012,00000000), ref: 00BBF51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00BBF528
keybd_event.USER32(00000012,00000000), ref: 00BBF52D
SetForegroundWindow.USER32(00000000), ref: 00BBF530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00BBF557

Strings

Shell_TrayWnd, xrefs: 00BBF46F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: a58526e032f09001e4f02b988ab7dccf14ff4e7434b6c84609cbc9d18f5a1cab
Instruction ID: 6f2303501006fc0fbbe1594c6e0819deafddc60eb9b4ac265eb85b1f339215d6
Opcode Fuzzy Hash: a58526e032f09001e4f02b988ab7dccf14ff4e7434b6c84609cbc9d18f5a1cab
Instruction Fuzzy Hash: E2314F71A4021DBBEB206BB55D4AFBF7EACEB44B50F100065FA01E71D1CBB19D40EAA0

Function 00BC1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00BC16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BC170D
Part of subcall function 00BC16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BC173A
Part of subcall function 00BC16C3: GetLastError.KERNEL32 ref: 00BC174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00BC1286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00BC12A8
CloseHandle.KERNEL32(?), ref: 00BC12B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00BC12D1
GetProcessWindowStation.USER32 ref: 00BC12EA
SetProcessWindowStation.USER32(00000000), ref: 00BC12F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00BC1310

Part of subcall function 00BC10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00BC11FC), ref: 00BC10D4
Part of subcall function 00BC10BF: CloseHandle.KERNEL32(?,?,00BC11FC), ref: 00BC10E9

Strings

winsta0, xrefs: 00BC12CC
, xrefs: 00BC125A
default, xrefs: 00BC130B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 80ab3682d7dc906a0cfb73bed8ff325645e86ddeaf29a50be60bbedc56332496
Instruction ID: 9b73bf645e1938dbf2bd310cc06b289795f79b91475d494bc70968c617f2892a
Opcode Fuzzy Hash: 80ab3682d7dc906a0cfb73bed8ff325645e86ddeaf29a50be60bbedc56332496
Instruction Fuzzy Hash: 15817871900209ABDF259FA8DD49FEE7BB9EF05704F1445A9F910B72A2DB308984CF60

Function 00BC0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00BC10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BC1114
Part of subcall function 00BC10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC1120
Part of subcall function 00BC10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC112F
Part of subcall function 00BC10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC1136
Part of subcall function 00BC10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BC114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00BC0BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00BC0C00
GetLengthSid.ADVAPI32(?), ref: 00BC0C17
GetAce.ADVAPI32(?,00000000,?), ref: 00BC0C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00BC0C6D
GetLengthSid.ADVAPI32(?), ref: 00BC0C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00BC0C8C
HeapAlloc.KERNEL32(00000000), ref: 00BC0C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00BC0CB4
CopySid.ADVAPI32(00000000), ref: 00BC0CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00BC0CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00BC0D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00BC0D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BC0D45
HeapFree.KERNEL32(00000000), ref: 00BC0D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BC0D55
HeapFree.KERNEL32(00000000), ref: 00BC0D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BC0D65
HeapFree.KERNEL32(00000000), ref: 00BC0D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00BC0D78
HeapFree.KERNEL32(00000000), ref: 00BC0D7F

Part of subcall function 00BC1193: GetProcessHeap.KERNEL32(00000008,00BC0BB1,?,00000000,?,00BC0BB1,?), ref: 00BC11A1
Part of subcall function 00BC1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00BC0BB1,?), ref: 00BC11A8
Part of subcall function 00BC1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00BC0BB1,?), ref: 00BC11B7

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: bee75659effae38db4e7c3d1bea5d66397d80bd5e63f545998313108dd802cc6
Instruction ID: 59750d439d50d0531e688b5e40e1e8dd2db01ed4be20587950c4ef35a9dbb9c0
Opcode Fuzzy Hash: bee75659effae38db4e7c3d1bea5d66397d80bd5e63f545998313108dd802cc6
Instruction Fuzzy Hash: 2E715C7290020AEBDF10EFA4DD44FAEBBB8FF04700F1446A9E915E7191DB71AA45CB60

Function 00BDEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00BFCC08), ref: 00BDEB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00BDEB37
GetClipboardData.USER32(0000000D), ref: 00BDEB43
CloseClipboard.USER32 ref: 00BDEB4F
GlobalLock.KERNEL32(00000000), ref: 00BDEB87
CloseClipboard.USER32 ref: 00BDEB91
GlobalUnlock.KERNEL32(00000000), ref: 00BDEBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00BDEBC9
GetClipboardData.USER32(00000001), ref: 00BDEBD1
GlobalLock.KERNEL32(00000000), ref: 00BDEBE2
GlobalUnlock.KERNEL32(00000000), ref: 00BDEC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00BDEC38
GetClipboardData.USER32(0000000F), ref: 00BDEC44
GlobalLock.KERNEL32(00000000), ref: 00BDEC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00BDEC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00BDEC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00BDECD2
GlobalUnlock.KERNEL32(00000000), ref: 00BDECF3
CountClipboardFormats.USER32 ref: 00BDED14
CloseClipboard.USER32 ref: 00BDED59

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: cc394dfb89e49c42bf0c498ad99efe7ad7c0482d89abcdc560db912d4f2f5805
Instruction ID: dba7c4042ec047c30d9c36c963c0e20cf1a280dc140eeed80a5a3810300274c7
Opcode Fuzzy Hash: cc394dfb89e49c42bf0c498ad99efe7ad7c0482d89abcdc560db912d4f2f5805
Instruction Fuzzy Hash: C6619F34204206AFD300EF24D985F3ABBE4EF84714F14459AF4669B3A1EF31E949CB62

Function 00BD698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00BD69BE
FindClose.KERNEL32(00000000), ref: 00BD6A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BD6A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BD6A75

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00BD6AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00BD6ADF

Strings

%4d, xrefs: 00BD6BB1
%03d, xrefs: 00BD6DA2
%4d%02d%02d%02d%02d%02d, xrefs: 00BD6B6A
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00BD6B32
%02d, xrefs: 00BD6C00, 00BD6C0A, 00BD6C5A, 00BD6CAA, 00BD6CFA, 00BD6D4A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 4b21bd78aa07d8724e9fd26a382377ec281be50a824e355eded18b7659227a1b
Instruction ID: 645c0ce30bd43c8367799652124b65aff21d8a1558a4cb0429122284c0f19f3c
Opcode Fuzzy Hash: 4b21bd78aa07d8724e9fd26a382377ec281be50a824e355eded18b7659227a1b
Instruction Fuzzy Hash: 2FD14171508340AFC714DBA4C981EABB7ECEF98704F04495EF589D7251EB78DA44CB62

Function 00BD9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00BD9663
GetFileAttributesW.KERNEL32(?), ref: 00BD96A1
SetFileAttributesW.KERNEL32(?,?), ref: 00BD96BB
FindNextFileW.KERNEL32(00000000,?), ref: 00BD96D3
FindClose.KERNEL32(00000000), ref: 00BD96DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00BD96FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00BD974A
SetCurrentDirectoryW.KERNEL32(00C26B7C), ref: 00BD9768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00BD9772
FindClose.KERNEL32(00000000), ref: 00BD977F
FindClose.KERNEL32(00000000), ref: 00BD978F

Strings

*.*, xrefs: 00BD96F5

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: e154f76431f341df7f276a8585639fa8809e0614b46b093f81c3f73891a9f261
Instruction ID: 3802f2f8b2500d5cc324c8c7da13e69db583ed3d9f16f293c0f1980c314bbeae
Opcode Fuzzy Hash: e154f76431f341df7f276a8585639fa8809e0614b46b093f81c3f73891a9f261
Instruction Fuzzy Hash: 0331843254121D6ADF14AFB4ED49AEEBBECDF49321F1041A6E915E31A0EB30DD84CB64

Function 00BD979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00BD97BE
FindNextFileW.KERNEL32(00000000,?), ref: 00BD9819
FindClose.KERNEL32(00000000), ref: 00BD9824
FindFirstFileW.KERNEL32(*.*,?), ref: 00BD9840
SetCurrentDirectoryW.KERNEL32(?), ref: 00BD9890
SetCurrentDirectoryW.KERNEL32(00C26B7C), ref: 00BD98AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00BD98B8
FindClose.KERNEL32(00000000), ref: 00BD98C5
FindClose.KERNEL32(00000000), ref: 00BD98D5

Part of subcall function 00BCDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00BCDB00

Strings

*.*, xrefs: 00BD983B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 4f0c41848de4fdc4b112b2ee1d7da99793cbe06622dfcd6ed0a76fe101179fc0
Instruction ID: 06acc43bdf9c90ac78a539326e5383b2bcfb94e433be96e5f94f689513cca1b1
Opcode Fuzzy Hash: 4f0c41848de4fdc4b112b2ee1d7da99793cbe06622dfcd6ed0a76fe101179fc0
Instruction Fuzzy Hash: 9A31953254061D6ADF14AFA4EC48AEEB7ECDF06760F1441A6E514A32A0EB31D984DB64

Function 00BEBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00BEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BEB6AE,?,?), ref: 00BEC9B5
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BEC9F1
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BECA68
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BEBF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00BEBFA9
RegCloseKey.ADVAPI32(00000000), ref: 00BEBFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00BEC02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00BEC0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00BEC154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00BEC1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00BEC23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00BEC2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00BEC382
RegCloseKey.ADVAPI32(00000000), ref: 00BEC38F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: c4802f8cf1e8e93939a4efd0dfa6d4b12f0326737854aa1f5a41952674596974
Instruction ID: 781062b2849992882ec6afd5a9eff0a122259ff3536bb8d36b17e81eba50f3da
Opcode Fuzzy Hash: c4802f8cf1e8e93939a4efd0dfa6d4b12f0326737854aa1f5a41952674596974
Instruction Fuzzy Hash: 97025F716042409FD714DF29C895E2ABBE5EF49318F18C49DF84ADB2A2DB31EC46CB91

Function 00BD8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00BD8257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00BD8267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00BD8273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BD8310
SetCurrentDirectoryW.KERNEL32(?), ref: 00BD8324
SetCurrentDirectoryW.KERNEL32(?), ref: 00BD8356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00BD838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00BD8395

Strings

*.*, xrefs: 00BD839B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: e08682bf7fa7f5c27d2f0aefaef63608c3eccf636cf71eba06364e83c1ab9e6c
Instruction ID: 846e28686d7d291e0eac49c05aa694f81e4a8ddc7ce4d3d0ecb6e323d9c34ecb
Opcode Fuzzy Hash: e08682bf7fa7f5c27d2f0aefaef63608c3eccf636cf71eba06364e83c1ab9e6c
Instruction Fuzzy Hash: 3E616A725043459FCB10EF64C8409AEF7E8FF89320F0449AEF99997251EB35E949CB92

Function 00BCD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B63A97,?,?,00B62E7F,?,?,?,00000000), ref: 00B63AC2

Part of subcall function 00BCE199: GetFileAttributesW.KERNEL32(?,00BCCF95), ref: 00BCE19A

FindFirstFileW.KERNEL32(?,?), ref: 00BCD122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00BCD1DD
MoveFileW.KERNEL32(?,?), ref: 00BCD1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00BCD20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00BCD237

Part of subcall function 00BCD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00BCD21C,?,?), ref: 00BCD2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00BCD253
FindClose.KERNEL32(00000000), ref: 00BCD264

Strings

\*.*, xrefs: 00BCD0CD, 00BCD0D6, 00BCD0EB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 3dc20f966c8374256df98fe0bcef510557e3d722cecd442928a1ac7ee0b0b8be
Instruction ID: 0f9df49f36ff4b1f5c8a01381ecf26534b93cb55c5bfb3b56a8ab6d3cdeb75ae
Opcode Fuzzy Hash: 3dc20f966c8374256df98fe0bcef510557e3d722cecd442928a1ac7ee0b0b8be
Instruction Fuzzy Hash: A8614A3580110DAACF15EBE0DA92EEDBBF9EF55340F2441A9E40277191EB34AF09DB60

Function 00BDED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00BDED91
EmptyClipboard.USER32 ref: 00BDED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00BDEDAC
CloseClipboard.USER32 ref: 00BDEEA3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: f427fa83fe91071ab2e059e678da7d8c57e802360ea937c0843102a7a87dac76
Instruction ID: dea957120ca64b81f18dd9d7defb68b477c078336b303ca6975bb761bcee941b
Opcode Fuzzy Hash: f427fa83fe91071ab2e059e678da7d8c57e802360ea937c0843102a7a87dac76
Instruction Fuzzy Hash: BF417E35604651EFE720EF15D888B29BBE5EF44318F14C09AE4698F762DB75EC81CB90

Function 00BCE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00BC16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BC170D
Part of subcall function 00BC16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BC173A
Part of subcall function 00BC16C3: GetLastError.KERNEL32 ref: 00BC174A

ExitWindowsEx.USER32(?,00000000), ref: 00BCE932

Strings

SeShutdownPrivilege, xrefs: 00BCE902
@, xrefs: 00BCE925
, xrefs: 00BCE920
, xrefs: 00BCE95C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: e14636d0395f863603d176309c70270b07fe734be64bf14527057eb69349e6c8
Instruction ID: c97b96fc8b158dc47dd9723b14ebd420d51ab259cfc1121c6ea16d1b9bd82622
Opcode Fuzzy Hash: e14636d0395f863603d176309c70270b07fe734be64bf14527057eb69349e6c8
Instruction Fuzzy Hash: BF012B32610215EBEB5426789C8AFBF72DCD714740F1449A9F823E30D2DAF09C808294

Function 00BE1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00BE1276
WSAGetLastError.WSOCK32 ref: 00BE1283
bind.WSOCK32(00000000,?,00000010), ref: 00BE12BA
WSAGetLastError.WSOCK32 ref: 00BE12C5
closesocket.WSOCK32(00000000), ref: 00BE12F4
listen.WSOCK32(00000000,00000005), ref: 00BE1303
WSAGetLastError.WSOCK32 ref: 00BE130D
closesocket.WSOCK32(00000000), ref: 00BE133C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: d17324ca274b8626ad967931a48bbd4487c17ef4bcc3cb969f28caeb4e3cbe1c
Instruction ID: 3e8fce062dff851083819e4196f7a228e2af60742076ff7a326a35dda1ef8cf3
Opcode Fuzzy Hash: d17324ca274b8626ad967931a48bbd4487c17ef4bcc3cb969f28caeb4e3cbe1c
Instruction Fuzzy Hash: 2E41AF31600140AFD710DF69C988B69BBE5EF46318F2885D8E9569F292C771EC85CBA1

Function 00B9B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00B9B9D4
_free.LIBCMT ref: 00B9B9F8
_free.LIBCMT ref: 00B9BB7F
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00C03700), ref: 00B9BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,00C3121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B9BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,00C31270,000000FF,?,0000003F,00000000,?), ref: 00B9BC36
_free.LIBCMT ref: 00B9BD4B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 98b07bab7bc53755d0d32c7a2496ff034d1182870a6655d934a332c8fd802cd8
Instruction ID: 2dfe8db50a76067e8526078fd07417971615579742c85864e5e6aca9b6134221
Opcode Fuzzy Hash: 98b07bab7bc53755d0d32c7a2496ff034d1182870a6655d934a332c8fd802cd8
Instruction Fuzzy Hash: 63C1E571904209AFDF24DF69AA41FAE7BF9EF41310F1841FAE89497291EB319E41C790

Function 00BCD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B63A97,?,?,00B62E7F,?,?,?,00000000), ref: 00B63AC2

Part of subcall function 00BCE199: GetFileAttributesW.KERNEL32(?,00BCCF95), ref: 00BCE19A

FindFirstFileW.KERNEL32(?,?), ref: 00BCD420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00BCD470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00BCD481
FindClose.KERNEL32(00000000), ref: 00BCD498
FindClose.KERNEL32(00000000), ref: 00BCD4A1

Strings

\*.*, xrefs: 00BCD3F2

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: f5b92c669c34b2ef90edde96b91bc5cb7031018b8f50e207e9a313bbae6dfa6f
Instruction ID: b1f783e2c30c718a8c620bd41616648644d91c5edbb044200b0da55fa938b894
Opcode Fuzzy Hash: f5b92c669c34b2ef90edde96b91bc5cb7031018b8f50e207e9a313bbae6dfa6f
Instruction Fuzzy Hash: 45318E310083459BC304EF64D9919AFBBE8EE92304F444AADF4D593291EB34AA09DB63

Function 00B9E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00B9E645

Strings

1#IND, xrefs: 00B9F83D
1#SNAN, xrefs: 00B9F844
1#INF, xrefs: 00B9F852
1#QNAN, xrefs: 00B9F84B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 1f6c801120bc4068196bc4f341b3781c2bf94b493670789bbd9facb6a7258f06
Instruction ID: 02afb6e3410a8773bd34bb290138d20ae3f0a8f9b4045c9aaef4227ec5dd1c3f
Opcode Fuzzy Hash: 1f6c801120bc4068196bc4f341b3781c2bf94b493670789bbd9facb6a7258f06
Instruction Fuzzy Hash: 29C23771E086298BDF25CE289D807EAB7F5EB48315F1541FAD85DE7240E778AE818F40

Function 00BD648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00BD64DC
CoInitialize.OLE32(00000000), ref: 00BD6639
CoCreateInstance.OLE32(00BFFCF8,00000000,00000001,00BFFB68,?), ref: 00BD6650
CoUninitialize.OLE32 ref: 00BD68D4

Strings

.lnk, xrefs: 00BD64BA, 00BD6524, 00BD65E0

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: d97b45ed7f4cf8222e7fc2f071e79aea7633fa338d1480b31ef950b105641600
Instruction ID: 07a56de05b624f83f2ad96c9b11f03594df98d0e44711ade279a2f3ee5ec75e7
Opcode Fuzzy Hash: d97b45ed7f4cf8222e7fc2f071e79aea7633fa338d1480b31ef950b105641600
Instruction Fuzzy Hash: A9D14A71508205AFC304EF24C88196BB7E9FF94708F1049ADF5958B2A1EB71ED49CBA2

Function 00BE22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00BE22E8

Part of subcall function 00BDE4EC: GetWindowRect.USER32(?,?), ref: 00BDE504

GetDesktopWindow.USER32 ref: 00BE2312
GetWindowRect.USER32(00000000), ref: 00BE2319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00BE2355
GetCursorPos.USER32(?), ref: 00BE2381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00BE23DF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: f00da6cb8d2a56b6adc5fe803e1d1ac7bff0fba0b502da2a9a4e09db4d2a1700
Instruction ID: 96217207541fb0085d242e9517a1ce0bfddb6af096d6f299531065162ddbfde8
Opcode Fuzzy Hash: f00da6cb8d2a56b6adc5fe803e1d1ac7bff0fba0b502da2a9a4e09db4d2a1700
Instruction Fuzzy Hash: 0631DE72504345AFC720DF15C845B6BBBEAFB84310F000A1AF89497181DB34EA48CB92

Function 00BD9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00BD9B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00BD9C8B

Part of subcall function 00BD3874: GetInputState.USER32 ref: 00BD38CB
Part of subcall function 00BD3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BD3966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00BD9BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00BD9C75

Strings

*.*, xrefs: 00BD9B5D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 20a8891374eee40daff57cdb3dd22483a7a475f564d4561b99190d0105c85c5e
Instruction ID: e1001d0b5d2441cb800aa8c685cc667bc2df7401fd477690f0c80b33cfe5a64d
Opcode Fuzzy Hash: 20a8891374eee40daff57cdb3dd22483a7a475f564d4561b99190d0105c85c5e
Instruction Fuzzy Hash: 8841537194420EAFDF15DF64C985AEEBBF8EF05310F244196E405A32A1EB319E84DF60

Function 00B7997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00B79A4E
GetSysColor.USER32(0000000F), ref: 00B79B23
SetBkColor.GDI32(?,00000000), ref: 00B79B36

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 2f85edf201aefd4a0da9d3bbe58c7599857bc6eb50c97f8f61ffef9485ddabe4
Instruction ID: 450c7bb0fc26557edde3a87d9b36edff64e8fbdec65a79a283d1d9f94e9dd02d
Opcode Fuzzy Hash: 2f85edf201aefd4a0da9d3bbe58c7599857bc6eb50c97f8f61ffef9485ddabe4
Instruction Fuzzy Hash: 12A13570249508AFE728AA3D8C88FBF2ADDDB82300F2581C9F526C7695CE619D01D372

Function 00BE1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00BE304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00BE307A
Part of subcall function 00BE304E: _wcslen.LIBCMT ref: 00BE309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00BE185D
WSAGetLastError.WSOCK32 ref: 00BE1884
bind.WSOCK32(00000000,?,00000010), ref: 00BE18DB
WSAGetLastError.WSOCK32 ref: 00BE18E6
closesocket.WSOCK32(00000000), ref: 00BE1915

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 40028d8a7ab03d57c936cf25a997caa3ccf2324adac135e3cf27094c4cebb671
Instruction ID: 4107e7c7a7625050523983100a3cd2d36c6cfa52e82e956699904ca042a66d36
Opcode Fuzzy Hash: 40028d8a7ab03d57c936cf25a997caa3ccf2324adac135e3cf27094c4cebb671
Instruction Fuzzy Hash: 5851B275A002009FD710AF24C896F7A77E5EB44718F1884D8F95A9F393CB75AD41CBA1

Function 00BF1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00BF1CC0
IsWindowEnabled.USER32 ref: 00BF1CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00BF1CDB
IsIconic.USER32 ref: 00BF1CE9
IsZoomed.USER32 ref: 00BF1CF7

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 464157e8022ed47acf66a7b03d7f344a7865e97492522f1efd5a622927ee03e5
Instruction ID: a6149eaed73ab25ff5986cc59745079c4f4789642eec689b994b0aa696b0c797
Opcode Fuzzy Hash: 464157e8022ed47acf66a7b03d7f344a7865e97492522f1efd5a622927ee03e5
Instruction Fuzzy Hash: D72194317402189FD7208F1ED884B767BE5EF95314B1988A8E945CF351CB71DC4ACB90

Function 00B68060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00B683E8
ERCP, xrefs: 00B6813C
VUUU, xrefs: 00B6843C
VUUU, xrefs: 00BA5DF0
VUUU, xrefs: 00B683FA

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 17c3ea6eebff8612e6cecf1db8f813f6f2e80c99084de3e5d91d88ee75a14ef2
Instruction ID: c9ab7858ab5eb2e8573949feb7aec456f32d056d485054044b06adb50f09d949
Opcode Fuzzy Hash: 17c3ea6eebff8612e6cecf1db8f813f6f2e80c99084de3e5d91d88ee75a14ef2
Instruction Fuzzy Hash: D8A24C71A0461ACBDF34CF58C8807ADB7F1FB55314F2482EAE855A7285EB749E81CB90

Function 00BCAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00BCAAAC
SetKeyboardState.USER32(00000080), ref: 00BCAAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00BCAB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00BCAB88

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 21fefd155f87ce77fd2557b2d601db2afd205a2994bd974327cc63bd2b64fe1b
Instruction ID: 55e9f83f6b31eea4c4731c1872742fff2bb012893d2a26f3d76b51b04e5aab66
Opcode Fuzzy Hash: 21fefd155f87ce77fd2557b2d601db2afd205a2994bd974327cc63bd2b64fe1b
Instruction Fuzzy Hash: 62310370A8020CAEFB359A68CC49FFA7BF6EB44328F04429EF581961D1D7758D85C762

Function 00BDCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00BDCE89
GetLastError.KERNEL32(?,00000000), ref: 00BDCEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00BDCEFE

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: e87f2be227b45ffa17166b39c9826c647f2b0907be33afa5723e937478b68bad
Instruction ID: 21b0e008b684adf23f8426bb1e659623be42867440a3cea896a703b0d12c34e8
Opcode Fuzzy Hash: e87f2be227b45ffa17166b39c9826c647f2b0907be33afa5723e937478b68bad
Instruction Fuzzy Hash: 632190B15003069BD720DFA5C985BA7BBFCEB50354F1044AEE546D3251EB70ED48DB54

Function 00BC8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00BC82AA

Strings

|, xrefs: 00BC82DA
(, xrefs: 00BC82F0

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 9ec2cc479a2ad6ecb29e87930d75d9a4ca2c6938cee2a8cd15beb39edf582ada
Instruction ID: cd0937ec0e3f1f3286a2820bbc1b0a619a647fccecdb1b187942583335d17b91
Opcode Fuzzy Hash: 9ec2cc479a2ad6ecb29e87930d75d9a4ca2c6938cee2a8cd15beb39edf582ada
Instruction Fuzzy Hash: 8F322474A006059FCB28CF59C481E6AB7F0FF48710B15C5AEE49ADB7A1EB70E981CB54

Function 00BD5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00BD5CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00BD5D17
FindClose.KERNEL32(?), ref: 00BD5D5F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 22886eec9a8c9a2e7744bfdef65ba42fa8c38f75234cb281a8101377fa9d7b07
Instruction ID: ec3bddc853572c6aa82c59373408f77287ef1108d6e5fa641f619e49f32609ad
Opcode Fuzzy Hash: 22886eec9a8c9a2e7744bfdef65ba42fa8c38f75234cb281a8101377fa9d7b07
Instruction Fuzzy Hash: FD517A746046019FC724DF28C494EA6FBE5FF49314F1485AEE99A8B3A1DB30E944CBA1

Function 00B92622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00B9271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B92724
UnhandledExceptionFilter.KERNEL32(?), ref: 00B92731

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 2e67734d0c5f8905583287ec1a8b3a0d7881de191bfd74dfa6492463a3b61108
Instruction ID: e7ef3c6ae6936ef3fb0ba136dbb8ca79a1fdf124770022becde1f78f64052b17
Opcode Fuzzy Hash: 2e67734d0c5f8905583287ec1a8b3a0d7881de191bfd74dfa6492463a3b61108
Instruction Fuzzy Hash: 0D31C37491121CABCF21EF68D98879CBBF8AF08310F5041EAE41CA7260EB349F858F44

Function 00BD51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00BD51DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00BD5238
SetErrorMode.KERNEL32(00000000), ref: 00BD52A1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 9368520dde16f7e09904d6c840474d73db367784a7acdbfd7b66f90dab76bd01
Instruction ID: 45697b266bbed8c548c111d55dfade78b754bba9686d53372a7624593a33eacd
Opcode Fuzzy Hash: 9368520dde16f7e09904d6c840474d73db367784a7acdbfd7b66f90dab76bd01
Instruction Fuzzy Hash: E1314B75A10518DFDB00DF94D884EADBBF4FF48314F048099E849AB3A2DB35E85ACB90

Function 00BC16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00B7FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00B80668
Part of subcall function 00B7FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00B80685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00BC170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00BC173A
GetLastError.KERNEL32 ref: 00BC174A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 07a060bf57fcaecffbca7c2dd80310e6191831aba5ebe07f38c29b413efa86c3
Instruction ID: 161fc92f2faf2b536b94c7cbbe043c59d0eecc097bce01653f0e23be54544a4c
Opcode Fuzzy Hash: 07a060bf57fcaecffbca7c2dd80310e6191831aba5ebe07f38c29b413efa86c3
Instruction Fuzzy Hash: 7B11C1B2400309FFD7289F68DCC6E7ABBF9EB04714B20856EE05693241EB70BC41CA24

Function 00BCD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00BCD608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00BCD645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00BCD650

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: a5766de444cc56cd989766b8806b3c635839a49af4dd702b1f77664d45903e41
Instruction ID: 9e5570266ee72b423bb61c886a6d44300fa696df221290ef446ed8e4a9c2070c
Opcode Fuzzy Hash: a5766de444cc56cd989766b8806b3c635839a49af4dd702b1f77664d45903e41
Instruction Fuzzy Hash: B5113C75E05228BBDB108F999D45FAFBFBCEB45B50F108166F904E7290D6704A05CBA1

Function 00BC1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00BC168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00BC16A1
FreeSid.ADVAPI32(?), ref: 00BC16B1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 6510ad21920b25c17a3586966737dd971d5461c647443d29eee9412f7fba026d
Instruction ID: 3f232d9a7ff76cb14c4eb3fc5a25eede0e6d63e213c429471962b5bf17516cad
Opcode Fuzzy Hash: 6510ad21920b25c17a3586966737dd971d5461c647443d29eee9412f7fba026d
Instruction Fuzzy Hash: F5F0F47195030DFBDB00DFF49D89EAEBBBCEB08604F5049A5E501E3181EB74AA449A54

Function 00B84CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00B928E9,?,00B84CBE,00B928E9,00C288B8,0000000C,00B84E15,00B928E9,00000002,00000000,?,00B928E9), ref: 00B84D09
TerminateProcess.KERNEL32(00000000,?,00B84CBE,00B928E9,00C288B8,0000000C,00B84E15,00B928E9,00000002,00000000,?,00B928E9), ref: 00B84D10
ExitProcess.KERNEL32 ref: 00B84D22

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: ff4239efee954a8fc0e64c657ab7238aa7335141b341bfb3e11b0af841b1216d
Instruction ID: c7544d572e245b2563579628f0ef3d932c1a3500df1d4fda6ea8bec8bf7305d5
Opcode Fuzzy Hash: ff4239efee954a8fc0e64c657ab7238aa7335141b341bfb3e11b0af841b1216d
Instruction Fuzzy Hash: C4E0B631004149ABCF12BF54DE09A687FA9EB42781B104064FC059B132CB35EE92DB84

Function 00B9C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

/, xrefs: 00B9C36C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: b709e1696229b0e815da9bdf89f43e93a15e4ef76ac5c53e56edf8db498fe773
Instruction ID: bae05c5bba825962a38c4b59ea0ea54665b9c29a2f83c7c3814354623f389113
Opcode Fuzzy Hash: b709e1696229b0e815da9bdf89f43e93a15e4ef76ac5c53e56edf8db498fe773
Instruction Fuzzy Hash: F3411572900219AFCF249FB9DC89EBB7BF8EB84354F5042B9F905D7281E6709D818B54

Function 00BBD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00BBD28C

Strings

X64, xrefs: 00BBD2A8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 8e166ed3641cfb796d2ae91aec90655be7f4013e63f9c9453c1f31c288fa8536
Instruction ID: e40e4ccba7fb3e70d5935cd327355c7e068567a092ce9623ef601e640cc7dc07
Opcode Fuzzy Hash: 8e166ed3641cfb796d2ae91aec90655be7f4013e63f9c9453c1f31c288fa8536
Instruction Fuzzy Hash: 4AD0C9B480111DEBCB94CBA0DCC8DE9B7BCBF04345F104195F106A2000DB7495498F10

Function 00B8CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 4721ac9dbf9fea738e2bb59410ca960eb5300eeea12fc41919ea2b5993f36347
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: B9022CB1E002199BDF14DFA9C8806ADBBF1FF48314F2581AAD919E7390D730AE45CB94

Function 00BD68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00BD6918
FindClose.KERNEL32(00000000), ref: 00BD6961

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 80779c5cb204b44458d96e91ab2edaa95eb58ac5323192d59903469c3f739b81
Instruction ID: d47419fe1dfd89771b89c43f2edfd6683c0b0f06145a76083391112eff65c1aa
Opcode Fuzzy Hash: 80779c5cb204b44458d96e91ab2edaa95eb58ac5323192d59903469c3f739b81
Instruction Fuzzy Hash: AE1190316142019FC710DF69D498A26FBE5FF89328F14C69AE4698F3A2DB34EC45CB91

Function 00BD37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00BE4891,?,?,00000035,?), ref: 00BD37E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00BE4891,?,?,00000035,?), ref: 00BD37F4

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 9537781985b58d9603cca919668b029517a6def4bfdcca04c1f9b53a73e3751b
Instruction ID: f7dd40965790d0438766163b78336542935fb23030463a7b24e35a2fb23e8598
Opcode Fuzzy Hash: 9537781985b58d9603cca919668b029517a6def4bfdcca04c1f9b53a73e3751b
Instruction Fuzzy Hash: 54F0E5B06052296AE72017668C4DFEB7AEEEFC5B61F0001A6F509E3281D9709D44C6B1

Function 00BCB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00BCB25D
keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00BCB270

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 43d0719f3b449608d8a51df73ebe5ac92bc84e0ff85bb18f9bbf62eb95cd17c2
Instruction ID: 0ae93a5626d214616b734dc8bc388fe724c16cd31942d97eb3047aa6f584c9c1
Opcode Fuzzy Hash: 43d0719f3b449608d8a51df73ebe5ac92bc84e0ff85bb18f9bbf62eb95cd17c2
Instruction Fuzzy Hash: 07F01D7180424DABDB059FA0C806BBE7FB4FF04305F008449F965AA191C7799655DF94

Function 00BC10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00BC11FC), ref: 00BC10D4
CloseHandle.KERNEL32(?,?,00BC11FC), ref: 00BC10E9

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 69670cb9cd76e6f5206b961980a3673849d857ad792c99eebe4500d7fbfb8fa5
Instruction ID: 7d6c8ec21f93348cc5946b43f2e306c4a6eea0ffd5469ed64d777cbc0286bbf9
Opcode Fuzzy Hash: 69670cb9cd76e6f5206b961980a3673849d857ad792c99eebe4500d7fbfb8fa5
Instruction Fuzzy Hash: 75E04F32008601AEE7252B21FC05E737BE9EF04310F10C86DF4A5814B1DF626CE0DB18

Function 00B6CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00BB0C40

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: e0f1e4703b74554d391302c3dde85a6887cb8e825e431b276ec97a3328bfe8fb
Instruction ID: 8edb92843887b353c4df61863509edfd3f544504acb670ef815904ad75bec719
Opcode Fuzzy Hash: e0f1e4703b74554d391302c3dde85a6887cb8e825e431b276ec97a3328bfe8fb
Instruction Fuzzy Hash: D9326C70910218DBCF14EF94C895AFEBBF5FF04304F1480A9E846AB292D779AD49CB60

Function 00B9676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00B96766,?,?,00000008,?,?,00B9FEFE,00000000), ref: 00B96998

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: fc83978f4e01ac5b52c6acc852b88ac933473bedf58aada1dc2b9b8436b7e6d2
Instruction ID: f65479bcdbb78743831e29474c54f0773bfd80066aef1ccd05e3da0d7066a8af
Opcode Fuzzy Hash: fc83978f4e01ac5b52c6acc852b88ac933473bedf58aada1dc2b9b8436b7e6d2
Instruction Fuzzy Hash: ACB12A316106099FDB19CF28C48AB657BE0FF45364F2586A9E899CF2A2C735E991CB40

Function 00B7B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00BB851F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: e9776c3998b694a09e8fdeaca5719c9fadbc8b6e6296276e6d12121792e32185
Instruction ID: 99e1a7ad360c0980c2858703d081952b4b75072a5b127634aeb6048db449e968
Opcode Fuzzy Hash: e9776c3998b694a09e8fdeaca5719c9fadbc8b6e6296276e6d12121792e32185
Instruction Fuzzy Hash: 1D124D759002299BCB24CF58C880BFEB7F9FF48710F14819AE859EB255DB749A81CF94

Function 00BDEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00BDEABD

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 7417da719dc58e48402b8693fb79a68008ac890cf133fba011e17ae43278f7c7
Instruction ID: 4c8b3fe6e137eb95ac62165c05e32162644877b717a3381ee5248a37a609ee35
Opcode Fuzzy Hash: 7417da719dc58e48402b8693fb79a68008ac890cf133fba011e17ae43278f7c7
Instruction Fuzzy Hash: 64E048312102059FC710EF59D444D9AFBE9EF58760F008457FC49CB351DB74E8448B90

Function 00B809D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00B803EE), ref: 00B809DA

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 5a6572cd282b2e93488ca2bd0e7d4765ec021ab5c177012a07edf983bdc518da
Instruction ID: def020990cbccbadfad65955ebe5339d95faa1ba63fa53974f77520b3abc1cf9
Opcode Fuzzy Hash: 5a6572cd282b2e93488ca2bd0e7d4765ec021ab5c177012a07edf983bdc518da
Instruction Fuzzy Hash:

Function 00B8781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00B8798B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 604f760ad32741bf505ba461c7c7bc7f6228d3acbf347af20f6fff4c172bb15b
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 4F518A616CC605A7DB38B52A889DBBE27C9DB1234CF3805C9D886C72B2DE11DE01D352

Function 00B96DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b44fd09c448c81afafb33fff2e3039d7b3a0cf142eacb3370665ec6a3e404a39
Instruction ID: 5a13b5ddf974f91503e75dd440b02b21623b00ea61894b510d65c8584e11fde2
Opcode Fuzzy Hash: b44fd09c448c81afafb33fff2e3039d7b3a0cf142eacb3370665ec6a3e404a39
Instruction Fuzzy Hash: D232F421D79F014DDB239634CC663396689AFB73C5F16D737E81AB5AA6EF29C4838100

Function 00B7CC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f150253a4e41588b0850ca66d8436c7da024ee4c05e0ac20131962c7e3d9dbba
Instruction ID: 2bde3b97f17b8ea0c93448b7ee7501e1a4b22614d886172aec9aa2b28c45c5fa
Opcode Fuzzy Hash: f150253a4e41588b0850ca66d8436c7da024ee4c05e0ac20131962c7e3d9dbba
Instruction Fuzzy Hash: 9C32F231A001498BDF39CE29C4D06FD7FE1EB45300F2885EED4AA9B696D6B4DD81DB81

Function 00B67920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2545ef774d7c6ceecc8dc03b87306a214702f0653821d8c1d615b7d714a27836
Instruction ID: eecbcce771ee25419d8881cf7a261f61acaef317015b5abd9a2aba0ecd1c1405
Opcode Fuzzy Hash: 2545ef774d7c6ceecc8dc03b87306a214702f0653821d8c1d615b7d714a27836
Instruction Fuzzy Hash: 8922C470A0460ADFDF14CFA4C881BAEB3F5FF49304F2445A9E816A7291EB399E15CB54

Function 00B691C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b9a075b12605cfb8ceb98708a527e5cd0c1a1dea794984ed0a496beed69a801
Instruction ID: 466ee13c983ec448c551b236999d771c207dbcf06ef7b9afba4681c5635c25ca
Opcode Fuzzy Hash: 7b9a075b12605cfb8ceb98708a527e5cd0c1a1dea794984ed0a496beed69a801
Instruction Fuzzy Hash: 7602B5B0E04206EBDB14DF54D881BAEB7F5FF45300F1081A9E816DB291EB35EA15CB95

Function 00B99EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e925e682e42c0db982995cd9d2316f673c0b809f3b4da5a23b661c4049a7a734
Instruction ID: 5046e8efa85e9bfbc4ce4a479d7d6993edbfa50ad49c7190dfd43a3d23f8a020
Opcode Fuzzy Hash: e925e682e42c0db982995cd9d2316f673c0b809f3b4da5a23b661c4049a7a734
Instruction Fuzzy Hash: EBB10520D2AF904DD7239639887133AB69CAFBB6D5F92D71BFC1674D72EB2185838140

Function 00B81C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 4b3f423485deba2eebd47f18c1bf825fc4af16a122c4a586f63b08f7aad1a92b
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 5791A97210A0A34ADB29563E847417DFFE5DA523A231A0FEDD4F2CA1E5FE10C956D720

Function 00B81F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 001e13c70ac2c54668ffe992fe6020efb3fd3e63435ce930e71acbe4f458df78
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: F79175722090A34EEB69633D847803EFFE19A923A131A07DDD4F2DB1E5EE24C555E720

Function 00B819B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: 07a9b698cfb56c44e8ffe69022fd542ad59dc8afed20e1310dba686c93151962
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: 2E91737220B0A34ADB2D567E857403DFFE99A923A131A0BDED4F2CA1E1FD24C556D720

Function 00B87A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ed6ff0d3cd0f8e333a91cfe5c1f53391dade4d23e868ead03dc7b92c620f927
Instruction ID: 11e3f5d73547f9a1074e6ce5af8e18877ffdba934b1a2aca47af071af0a76c5b
Opcode Fuzzy Hash: 7ed6ff0d3cd0f8e333a91cfe5c1f53391dade4d23e868ead03dc7b92c620f927
Instruction Fuzzy Hash: AF6168212C830997DA38BA2889E5BBE63D6DF5170CF3409D9E842DB2B1DE21DE42C755

Function 00B87CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96350a68e69f0eddea575a7d9c68ad78eb9792f9b4b87a66244969c71e4124a4
Instruction ID: 7005ca1d47976b202de1766167191e09ddc0f15bbbd0a57e0944d4a0e770b88a
Opcode Fuzzy Hash: 96350a68e69f0eddea575a7d9c68ad78eb9792f9b4b87a66244969c71e4124a4
Instruction Fuzzy Hash: 36615BB16C870997DA38B9288895BBE23C8DF5274CF3419E9E842DB2B1DE11DD41C355

Function 00B81706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: bf8dad1d7f97ef9aaf2f9ac9583bc0cfb09003e8f939591053aadc98d047b5ee
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 2581C87660A0A309DB2D523E847443EFFE59A923A131A0FDDD4F2CB1E1EE24C956D720

Function 00BD2046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44208767a20d661adcb41b1e684fbc2e4b04c3c6e4811ee1f01e9ab9631e8ff7
Instruction ID: c29b38aafecd6e2ea1d4a80c6955f4f5108efe1755982a229d4796361fa04613
Opcode Fuzzy Hash: 44208767a20d661adcb41b1e684fbc2e4b04c3c6e4811ee1f01e9ab9631e8ff7
Instruction Fuzzy Hash: 5B21A8326205118BDB28CF79C92377EB3E5A764310F15866EE4A7C37D0DE35A904C740

Function 00BE2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00BE2B30
DeleteObject.GDI32(00000000), ref: 00BE2B43
DestroyWindow.USER32 ref: 00BE2B52
GetDesktopWindow.USER32 ref: 00BE2B6D
GetWindowRect.USER32(00000000), ref: 00BE2B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00BE2CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00BE2CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE2CF8
GetClientRect.USER32(00000000,?), ref: 00BE2D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00BE2D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE2D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE2D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE2D80
GlobalLock.KERNEL32(00000000), ref: 00BE2D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE2D98
GlobalUnlock.KERNEL32(00000000), ref: 00BE2DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE2DA8
GlobalFree.KERNEL32(00000000), ref: 00BE2DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE2DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00BFFC38,00000000), ref: 00BE2DDB
GlobalFree.KERNEL32(00000000), ref: 00BE2DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00BE2E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00BE2E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE2E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BE303F

Strings

AutoIt v3, xrefs: 00BE2CF2
, xrefs: 00BE2FC5
DISPLAY, xrefs: 00BE2EA2
static, xrefs: 00BE2D3A, 00BE2E91

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 89d3d04d02b1e00ef6e8decc58f304c69c1fc6bb808d5b07acbd9ac0226c7a0d
Instruction ID: 1b438a38889c78148e88a17f93639f4ca3d1348b2382b67763b4f26f061333d0
Opcode Fuzzy Hash: 89d3d04d02b1e00ef6e8decc58f304c69c1fc6bb808d5b07acbd9ac0226c7a0d
Instruction Fuzzy Hash: 2F028A71910209AFDB14DFA4CD89EAE7BF9EF48710F048198F915AB2A1DB74ED41CB60

Function 00BF70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00BF712F
GetSysColorBrush.USER32(0000000F), ref: 00BF7160
GetSysColor.USER32(0000000F), ref: 00BF716C
SetBkColor.GDI32(?,000000FF), ref: 00BF7186
SelectObject.GDI32(?,?), ref: 00BF7195
InflateRect.USER32(?,000000FF,000000FF), ref: 00BF71C0
GetSysColor.USER32(00000010), ref: 00BF71C8
CreateSolidBrush.GDI32(00000000), ref: 00BF71CF
FrameRect.USER32(?,?,00000000), ref: 00BF71DE
DeleteObject.GDI32(00000000), ref: 00BF71E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00BF7230
FillRect.USER32(?,?,?), ref: 00BF7262
GetWindowLongW.USER32(?,000000F0), ref: 00BF7284

Part of subcall function 00BF73E8: GetSysColor.USER32(00000012), ref: 00BF7421
Part of subcall function 00BF73E8: SetTextColor.GDI32(?,?), ref: 00BF7425
Part of subcall function 00BF73E8: GetSysColorBrush.USER32(0000000F), ref: 00BF743B
Part of subcall function 00BF73E8: GetSysColor.USER32(0000000F), ref: 00BF7446
Part of subcall function 00BF73E8: GetSysColor.USER32(00000011), ref: 00BF7463
Part of subcall function 00BF73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00BF7471
Part of subcall function 00BF73E8: SelectObject.GDI32(?,00000000), ref: 00BF7482
Part of subcall function 00BF73E8: SetBkColor.GDI32(?,00000000), ref: 00BF748B
Part of subcall function 00BF73E8: SelectObject.GDI32(?,?), ref: 00BF7498
Part of subcall function 00BF73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00BF74B7
Part of subcall function 00BF73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00BF74CE
Part of subcall function 00BF73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00BF74DB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: f862b62f59b88c4f4f1ed21068ad61a2d9ea77997d003952e78245b664d2bc9a
Instruction ID: 49fbb7c9ae34901ee1dcfd7f4c2abcfe8a998779082d7de587ac5428db4a6278
Opcode Fuzzy Hash: f862b62f59b88c4f4f1ed21068ad61a2d9ea77997d003952e78245b664d2bc9a
Instruction Fuzzy Hash: F3A18F72008309AFD7009F64DD49E7A7BE9FB49320F100A59FA62A71A1DB71E989CB51

Function 00B78D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00B78E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00BB6AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00BB6AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00BB6F43

Part of subcall function 00B78F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B78BE8,?,00000000,?,?,?,?,00B78BBA,00000000,?), ref: 00B78FC5

SendMessageW.USER32(?,00001053), ref: 00BB6F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00BB6F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00BB6FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00BB6FB7

Strings

0, xrefs: 00BB6DCF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: f0dcaa88e47453d8e7726ec0ab2ccb31165e961e7636bc1ccf19d66fb19c7f8c
Instruction ID: ea83692bbbb5e1444c95a915b3b254eff2d659dcf1b492109011a1ce34e96c4c
Opcode Fuzzy Hash: f0dcaa88e47453d8e7726ec0ab2ccb31165e961e7636bc1ccf19d66fb19c7f8c
Instruction Fuzzy Hash: 54129C30605201EFDB25CF24C998BB9BBE5FB44310F1884A9E499CB261CB75EC92DB51

Function 00BE2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00BE273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00BE286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00BE28A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00BE28B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00BE2900
GetClientRect.USER32(00000000,?), ref: 00BE290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00BE2955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00BE2964
GetStockObject.GDI32(00000011), ref: 00BE2974
SelectObject.GDI32(00000000,00000000), ref: 00BE2978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00BE2988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BE2991
DeleteDC.GDI32(00000000), ref: 00BE299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00BE29C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00BE29DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00BE2A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00BE2A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00BE2A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00BE2A77
GetStockObject.GDI32(00000011), ref: 00BE2A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00BE2A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00BE2A97

Strings

AutoIt v3, xrefs: 00BE28F8
DISPLAY, xrefs: 00BE295A
msctls_progress32, xrefs: 00BE2A13
static, xrefs: 00BE294F, 00BE2A71

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 71ec643c22d8c21b1fd7f63c1c18ad8ca0b8b6afb18140050e49b7706ef0e5e8
Instruction ID: 4ac21d7c651fd518bf3c08487b9a7635407a995dfc0b80e9eb73b99a156367a1
Opcode Fuzzy Hash: 71ec643c22d8c21b1fd7f63c1c18ad8ca0b8b6afb18140050e49b7706ef0e5e8
Instruction Fuzzy Hash: AFB16E71A50219AFEB14DF68CD89FAE7BB9EB08710F004155F915E72A0DB74ED40CBA0

Function 00BD4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00BD4AED
GetDriveTypeW.KERNEL32(?,00BFCB68,?,\\.\,00BFCC08), ref: 00BD4BCA
SetErrorMode.KERNEL32(00000000,00BFCB68,?,\\.\,00BFCC08), ref: 00BD4D36

Strings

Virtual, xrefs: 00BD4CE5
ATA, xrefs: 00BD4C98
Unknown, xrefs: 00BD4BED, 00BD4C83
Fixed, xrefs: 00BD4C09
SATA, xrefs: 00BD4CD0
ATAPI, xrefs: 00BD4C91
FileBackedVirtual, xrefs: 00BD4CEC
SSA, xrefs: 00BD4CA6
Fibre, xrefs: 00BD4CAD
Removable, xrefs: 00BD4C10, 00BD4C15
RAMDisk, xrefs: 00BD4BF4
\\.\, xrefs: 00BD4B3F
SAS, xrefs: 00BD4CC9
USB, xrefs: 00BD4CB4
SCSI, xrefs: 00BD4C8A
Network, xrefs: 00BD4C02
MMC, xrefs: 00BD4CDE
RAID, xrefs: 00BD4CBB
1394, xrefs: 00BD4C9F
PhysicalDrive, xrefs: 00BD4B76
iSCSI, xrefs: 00BD4CC2
SSD, xrefs: 00BD4C4A
CDROM, xrefs: 00BD4BFB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 5bc4a12107a534d784fe816151d3706052793618261a6d90674fe61d7100e8d8
Instruction ID: 9db6e8ab3eb797e380fe12a45fa931bcad339738035de1ee020b085145006a47
Opcode Fuzzy Hash: 5bc4a12107a534d784fe816151d3706052793618261a6d90674fe61d7100e8d8
Instruction Fuzzy Hash: A561AF30616109ABCB04DF24DAC1978F7F1EB44304B2884E7F806ABB91EB35ED41DB51

Function 00BF73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00BF7421
SetTextColor.GDI32(?,?), ref: 00BF7425
GetSysColorBrush.USER32(0000000F), ref: 00BF743B
GetSysColor.USER32(0000000F), ref: 00BF7446
CreateSolidBrush.GDI32(?), ref: 00BF744B
GetSysColor.USER32(00000011), ref: 00BF7463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00BF7471
SelectObject.GDI32(?,00000000), ref: 00BF7482
SetBkColor.GDI32(?,00000000), ref: 00BF748B
SelectObject.GDI32(?,?), ref: 00BF7498
InflateRect.USER32(?,000000FF,000000FF), ref: 00BF74B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00BF74CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00BF74DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00BF752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00BF7554
InflateRect.USER32(?,000000FD,000000FD), ref: 00BF7572
DrawFocusRect.USER32(?,?), ref: 00BF757D
GetSysColor.USER32(00000011), ref: 00BF758E
SetTextColor.GDI32(?,00000000), ref: 00BF7596
DrawTextW.USER32(?,00BF70F5,000000FF,?,00000000), ref: 00BF75A8
SelectObject.GDI32(?,?), ref: 00BF75BF
DeleteObject.GDI32(?), ref: 00BF75CA
SelectObject.GDI32(?,?), ref: 00BF75D0
DeleteObject.GDI32(?), ref: 00BF75D5
SetTextColor.GDI32(?,?), ref: 00BF75DB
SetBkColor.GDI32(?,?), ref: 00BF75E5

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: ac73cb3ba9f137d5eeabbd0ad279440091a8596f017782887b91a42bd67cb48f
Instruction ID: c76f206bd528cd12ae29fb2638edbaa5cfd9196399fd904d37605b2b543f0ed1
Opcode Fuzzy Hash: ac73cb3ba9f137d5eeabbd0ad279440091a8596f017782887b91a42bd67cb48f
Instruction Fuzzy Hash: 01615C7290421CAFDB019FA4DD49EEEBFB9EB08320F114155FA15BB2A1DB709980CB90

Function 00BF0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00BF1128
GetDesktopWindow.USER32 ref: 00BF113D
GetWindowRect.USER32(00000000), ref: 00BF1144
GetWindowLongW.USER32(?,000000F0), ref: 00BF1199
DestroyWindow.USER32(?), ref: 00BF11B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00BF11ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BF120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00BF121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00BF1232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00BF1245
IsWindowVisible.USER32(00000000), ref: 00BF12A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00BF12BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00BF12D0
GetWindowRect.USER32(00000000,?), ref: 00BF12E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00BF130E
GetMonitorInfoW.USER32(00000000,?), ref: 00BF1328
CopyRect.USER32(?,?), ref: 00BF133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00BF13AA

Strings

0, xrefs: 00BF10D3
(, xrefs: 00BF131B
tooltips_class32, xrefs: 00BF11E6

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 090093980d1167743b301287aa3c8d20d0fffd08811173beed319fe61046f6fc
Instruction ID: f7c5db6dd904ab3d7eb41b8dd0d7962df1a5fc0471954f771a5abce72e38f9fc
Opcode Fuzzy Hash: 090093980d1167743b301287aa3c8d20d0fffd08811173beed319fe61046f6fc
Instruction Fuzzy Hash: C0B16A71608345EFD704DF68C984B6ABBE4EF84750F008D5CFA99AB261DB71E848CB91

Function 00BF0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00BF02E5
_wcslen.LIBCMT ref: 00BF031F
_wcslen.LIBCMT ref: 00BF0389
_wcslen.LIBCMT ref: 00BF03F1
_wcslen.LIBCMT ref: 00BF0475
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00BF04C5
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00BF0504

Part of subcall function 00B7F9F2: _wcslen.LIBCMT ref: 00B7F9FD

Part of subcall function 00BC223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00BC2258
Part of subcall function 00BC223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00BC228A

Strings

VIEWCHANGE, xrefs: 00BF0675
SELECTALL, xrefs: 00BF0515
ISSELECTED, xrefs: 00BF04DD
GETTEXT, xrefs: 00BF03EC, 00BF0407
DESELECT, xrefs: 00BF059C
FINDITEM, xrefs: 00BF0627
GETSELECTED, xrefs: 00BF05E1
SELECTCLEAR, xrefs: 00BF052D
GETSUBITEMCOUNT, xrefs: 00BF0384, 00BF039F
SELECTINVERT, xrefs: 00BF057E
SELECT, xrefs: 00BF0548
GETSELECTEDCOUNT, xrefs: 00BF0470, 00BF048B
GETITEMCOUNT, xrefs: 00BF0316, 00BF0337

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 1103490817-719923060
Opcode ID: 021274a3ac8b856c91ebbada0bcc08ffb1e50210b7f8ff459f316f6f2e9baaa9
Instruction ID: dc5822af7e73e2b60c7665af73607aedaa56ad8c5222b232f10bf309008eaec5
Opcode Fuzzy Hash: 021274a3ac8b856c91ebbada0bcc08ffb1e50210b7f8ff459f316f6f2e9baaa9
Instruction Fuzzy Hash: A9E1B1312282059FCB14EF24C59093AB7E6FF98314B1446ADF9969B7B2DB30ED49CB41

Function 00B78891 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B78968
GetSystemMetrics.USER32(00000007), ref: 00B78970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B7899B
GetSystemMetrics.USER32(00000008), ref: 00B789A3
GetSystemMetrics.USER32(00000004), ref: 00B789C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00B789E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00B789F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00B78A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00B78A3C
GetClientRect.USER32(00000000,000000FF), ref: 00B78A5A
GetStockObject.GDI32(00000011), ref: 00B78A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00B78A81

Part of subcall function 00B7912D: GetCursorPos.USER32(?), ref: 00B79141
Part of subcall function 00B7912D: ScreenToClient.USER32(00000000,?), ref: 00B7915E
Part of subcall function 00B7912D: GetAsyncKeyState.USER32(00000001), ref: 00B79183
Part of subcall function 00B7912D: GetAsyncKeyState.USER32(00000002), ref: 00B7919D

SetTimer.USER32(00000000,00000000,00000028,00B790FC), ref: 00B78AA8

Strings

InitializeCriticalSectionEx, xrefs: 00BB67BA
AutoIt v3 GUI, xrefs: 00B78A20

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI$InitializeCriticalSectionEx
API String ID: 1458621304-260769550
Opcode ID: 9a3517a41e1fb00fe4d0d1e1a282af96af096d69a5611876325daeda957a7ff7
Instruction ID: 52d852041fc21f473dfb0a22a678a7ca8fed55448d428f3e5a61b9741d040ecd
Opcode Fuzzy Hash: 9a3517a41e1fb00fe4d0d1e1a282af96af096d69a5611876325daeda957a7ff7
Instruction Fuzzy Hash: DDB16B71A00209AFDB14DFA8CD89BFE3BF5FB48314F158169FA19A7290DB74A840CB51

Function 00BC0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00BC10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BC1114
Part of subcall function 00BC10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC1120
Part of subcall function 00BC10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC112F
Part of subcall function 00BC10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC1136
Part of subcall function 00BC10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BC114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00BC0DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00BC0E29
GetLengthSid.ADVAPI32(?), ref: 00BC0E40
GetAce.ADVAPI32(?,00000000,?), ref: 00BC0E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00BC0E96
GetLengthSid.ADVAPI32(?), ref: 00BC0EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00BC0EB5
HeapAlloc.KERNEL32(00000000), ref: 00BC0EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00BC0EDD
CopySid.ADVAPI32(00000000), ref: 00BC0EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00BC0F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00BC0F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00BC0F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BC0F6E
HeapFree.KERNEL32(00000000), ref: 00BC0F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BC0F7E
HeapFree.KERNEL32(00000000), ref: 00BC0F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BC0F8E
HeapFree.KERNEL32(00000000), ref: 00BC0F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00BC0FA1
HeapFree.KERNEL32(00000000), ref: 00BC0FA8

Part of subcall function 00BC1193: GetProcessHeap.KERNEL32(00000008,00BC0BB1,?,00000000,?,00BC0BB1,?), ref: 00BC11A1
Part of subcall function 00BC1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00BC0BB1,?), ref: 00BC11A8
Part of subcall function 00BC1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00BC0BB1,?), ref: 00BC11B7

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 98cf8f45d0ef1077563c95b4a98f4ed6ab9b33ae5ea1dadbbb3e7e0b948ad4e3
Instruction ID: 7a20f3b2ac873d0bc491dfa7fc784f56200633f1154fb1feef9224be3ee7a670
Opcode Fuzzy Hash: 98cf8f45d0ef1077563c95b4a98f4ed6ab9b33ae5ea1dadbbb3e7e0b948ad4e3
Instruction Fuzzy Hash: C5715A7290020AEBDF20AFA4DD48FAEBBB8FF05300F144199F919E7191DB319A55CB60

Function 00BEC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BEC4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00BFCC08,00000000,?,00000000,?,?), ref: 00BEC544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00BEC5A4
_wcslen.LIBCMT ref: 00BEC5F4
_wcslen.LIBCMT ref: 00BEC66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00BEC6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00BEC7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00BEC84D
RegCloseKey.ADVAPI32(?), ref: 00BEC881
RegCloseKey.ADVAPI32(00000000), ref: 00BEC88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00BEC960

Strings

REG_DWORD, xrefs: 00BEC804
REG_SZ, xrefs: 00BEC644
REG_MULTI_SZ, xrefs: 00BEC6F5
REG_BINARY, xrefs: 00BEC913
REG_QWORD, xrefs: 00BEC8C3
REG_EXPAND_SZ, xrefs: 00BEC5CD

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 40f4734bedf250900e2b994bcdf894f147f8da2435da52772c65078675adbb1d
Instruction ID: 8a9d08f2768952418015cc9c743438067ebfff396f8616379787dd996bcf813c
Opcode Fuzzy Hash: 40f4734bedf250900e2b994bcdf894f147f8da2435da52772c65078675adbb1d
Instruction Fuzzy Hash: 25127A356042419FD714DF25C891A2ABBE5FF88714F14889DF88A9B3A2DB35FD42CB81

Function 00BF091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00BF09C6
_wcslen.LIBCMT ref: 00BF0A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00BF0A54
_wcslen.LIBCMT ref: 00BF0A8A
_wcslen.LIBCMT ref: 00BF0B06
_wcslen.LIBCMT ref: 00BF0B81

Part of subcall function 00B7F9F2: _wcslen.LIBCMT ref: 00B7F9FD

Part of subcall function 00BC2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BC2BFA

Strings

COLLAPSE, xrefs: 00BF0B01, 00BF0B1C
UNCHECK, xrefs: 00BF0D3E
GETTEXT, xrefs: 00BF0C97
EXISTS, xrefs: 00BF0B7C, 00BF0B97
ISCHECKED, xrefs: 00BF0CE1
CHECK, xrefs: 00BF0A85, 00BF0AA0
SELECT, xrefs: 00BF0D11
GETTOTALCOUNT, xrefs: 00BF09F2, 00BF0A17
EXPAND, xrefs: 00BF0BF8
GETITEMCOUNT, xrefs: 00BF0C1E
GETSELECTED, xrefs: 00BF0C4E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 4e15270eccbe3f0fa94402fc30cab8318d735c1ba942c9d519daf50e24400053
Instruction ID: f490d7ab301cce3437eb8fd7ac08333ec8b17bec0a3aee3979abfe7d53d3c590
Opcode Fuzzy Hash: 4e15270eccbe3f0fa94402fc30cab8318d735c1ba942c9d519daf50e24400053
Instruction Fuzzy Hash: C8E17B352183058FCB14EF24C49093AB7E1FF98314B14899DF99A9B762DB30ED49CB81

Function 00BEC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BEB6AE,?,?), ref: 00BEC9B5
_wcslen.LIBCMT ref: 00BEC9F1
_wcslen.LIBCMT ref: 00BECA68
_wcslen.LIBCMT ref: 00BECA9E
_wcslen.LIBCMT ref: 00BECAF9
_wcslen.LIBCMT ref: 00BECB2F
_wcslen.LIBCMT ref: 00BECB7F

Strings

HKLM, xrefs: 00BECA98, 00BECA9D
HKCC, xrefs: 00BECBAC
HKEY_USERS, xrefs: 00BECBDF
HKCU, xrefs: 00BECBCE
HKEY_LOCAL_MACHINE, xrefs: 00BECA62, 00BECA67
HKEY_CLASSES_ROOT, xrefs: 00BECAF3, 00BECAF8
HKCR, xrefs: 00BECB29, 00BECB2E
HKU, xrefs: 00BECBF0
HKEY_CURRENT_USER, xrefs: 00BECBBD
HKEY_CURRENT_CONFIG, xrefs: 00BECB79, 00BECB7E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 2bc31d8413435a1fd8d8b191700c593ab2944a44dae209574e88ed9d509e6d3d
Instruction ID: bc92e83746bbf64929cedc6a4046ffa3949817970c9f381fe283d88a96c409cf
Opcode Fuzzy Hash: 2bc31d8413435a1fd8d8b191700c593ab2944a44dae209574e88ed9d509e6d3d
Instruction Fuzzy Hash: 707108326001AA8BCF20DE7ED9815BE3BE5EF60754B2512B4F86697294E735CD46C390

Function 00BF833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00BF835A
_wcslen.LIBCMT ref: 00BF836E
_wcslen.LIBCMT ref: 00BF8391
_wcslen.LIBCMT ref: 00BF83B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00BF83F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00BF5BF2), ref: 00BF844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00BF8487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00BF84CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00BF8501
FreeLibrary.KERNEL32(?), ref: 00BF850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00BF851D
DestroyIcon.USER32(?,?,?,?,?,00BF5BF2), ref: 00BF852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00BF8549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00BF8555

Strings

.icl, xrefs: 00BF8368
.dll, xrefs: 00BF83AB
.exe, xrefs: 00BF8388

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: f040236962922eca4da5667498301e0a72ff1c61973bff19965b731efa8aca1d
Instruction ID: 5e4449e03b03f5067fc948f130650cf302e73759625b37c598727ca7338a54b1
Opcode Fuzzy Hash: f040236962922eca4da5667498301e0a72ff1c61973bff19965b731efa8aca1d
Instruction Fuzzy Hash: 9561DE7150021ABEEB14DF64CC82BBE7BA8FB14710F10468AF915DB1E1DF74A994CBA0

Function 00B67778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

", xrefs: 00BA5153
#requireadmin, xrefs: 00B677FF
Unterminated group of comments, xrefs: 00BA528C
#cs, xrefs: 00B67873, 00B678C5
#OnAutoItStartRegister, xrefs: 00B67817
Bad directive syntax error, xrefs: 00BA519A
#comments-end, xrefs: 00B678D9
#include-once, xrefs: 00B6782F
#notrayicon, xrefs: 00B677E7
#include, xrefs: 00B67847
#pragma compile, xrefs: 00B677D3
Cannot parse #include, xrefs: 00BA5279
#comments-start, xrefs: 00B6785F, 00B678B1
#ce, xrefs: 00B678ED
', xrefs: 00BA5169

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 468f9fbde39d3770a44b47f9b5583e6f96c7906484d12c3a755f896116e00716
Instruction ID: cc20e234a9ea55484877ed2fb71a39c5150e8d31881617ab6e667514f6f7cfa1
Opcode Fuzzy Hash: 468f9fbde39d3770a44b47f9b5583e6f96c7906484d12c3a755f896116e00716
Instruction Fuzzy Hash: 7381C171684209ABDB20AF64CC82FBE37E8EF15304F1440E4F905AB1A6EB749A45C7A5

Function 00BD3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00BD3EF8
_wcslen.LIBCMT ref: 00BD3F03
_wcslen.LIBCMT ref: 00BD3F5A
_wcslen.LIBCMT ref: 00BD3F98
GetDriveTypeW.KERNEL32(?), ref: 00BD3FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BD401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BD4059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BD4087

Strings

closed, xrefs: 00BD3F08, 00BD3F2D, 00BD3F46, 00BD3F7E, 00BD3F97
open, xrefs: 00BD3F54, 00BD3F59
wait, xrefs: 00BD4044
close cd wait, xrefs: 00BD4072
type cdaudio alias cd wait, xrefs: 00BD4001
close, xrefs: 00BD3EFE, 00BD3F18
open , xrefs: 00BD3FE5
set cd door , xrefs: 00BD4028

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 4e143887ea77a20b2506532a14e4898c69dc371f88f4a46f7d8ed4f00a99f0d5
Instruction ID: 38a2c30cc63a4c4a2696494c8c6b8f906050ee792b0a530e82f39f569406c329
Opcode Fuzzy Hash: 4e143887ea77a20b2506532a14e4898c69dc371f88f4a46f7d8ed4f00a99f0d5
Instruction Fuzzy Hash: 6B71F2726042169FC710EF24C88186AF7F4EF94758F1049AEF89697351EB34ED45CB92

Function 00BC5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00BC5A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00BC5A40
SetWindowTextW.USER32(?,?), ref: 00BC5A57
GetDlgItem.USER32(?,000003EA), ref: 00BC5A6C
SetWindowTextW.USER32(00000000,?), ref: 00BC5A72
GetDlgItem.USER32(?,000003E9), ref: 00BC5A82
SetWindowTextW.USER32(00000000,?), ref: 00BC5A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00BC5AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00BC5AC3
GetWindowRect.USER32(?,?), ref: 00BC5ACC
_wcslen.LIBCMT ref: 00BC5B33
SetWindowTextW.USER32(?,?), ref: 00BC5B6F
GetDesktopWindow.USER32 ref: 00BC5B75
GetWindowRect.USER32(00000000), ref: 00BC5B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00BC5BD3
GetClientRect.USER32(?,?), ref: 00BC5BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00BC5C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00BC5C2F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: f09551332adb77909ce0735343e5b1b93c8d9e7fd68cb77d35e1ba2e81b418bb
Instruction ID: dcb54ff35199f2f16dffb254b4a92b8fc6a62a5c6702f7f767401f369ed094bc
Opcode Fuzzy Hash: f09551332adb77909ce0735343e5b1b93c8d9e7fd68cb77d35e1ba2e81b418bb
Instruction Fuzzy Hash: 22711A31900A09AFDB20DFA9CE85FAEBBF5EB48704F10455CE546A35A0DB75BD84CB50

Function 00BDFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00BDFE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00BDFE32
LoadCursorW.USER32(00000000,00007F00), ref: 00BDFE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00BDFE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00BDFE53
LoadCursorW.USER32(00000000,00007F01), ref: 00BDFE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00BDFE69
LoadCursorW.USER32(00000000,00007F88), ref: 00BDFE74
LoadCursorW.USER32(00000000,00007F80), ref: 00BDFE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00BDFE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00BDFE95
LoadCursorW.USER32(00000000,00007F85), ref: 00BDFEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00BDFEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00BDFEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00BDFEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00BDFECC
GetCursorInfo.USER32(?), ref: 00BDFEDC
GetLastError.KERNEL32 ref: 00BDFF1E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 020fc3d61c2affb9231b430f24c66a80d8dbb4a6a032da22efe82647f6f313de
Instruction ID: 56c9844f893bb87033c82da5311713e574005a04de0079d135737e5f99e25a49
Opcode Fuzzy Hash: 020fc3d61c2affb9231b430f24c66a80d8dbb4a6a032da22efe82647f6f313de
Instruction Fuzzy Hash: 644124B0D0931AAADB109FBA8C8586EBFE8FF04754B50456AE11DE7281DB789901CF91

Function 00B800C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00B800C6

Part of subcall function 00B800ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00C3070C,00000FA0,A677A259,?,?,?,?,00BA23B3,000000FF), ref: 00B8011C
Part of subcall function 00B800ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00BA23B3,000000FF), ref: 00B80127
Part of subcall function 00B800ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00BA23B3,000000FF), ref: 00B80138
Part of subcall function 00B800ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00B8014E
Part of subcall function 00B800ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00B8015C
Part of subcall function 00B800ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00B8016A
Part of subcall function 00B800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B80195
Part of subcall function 00B800ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B801A0

___scrt_fastfail.LIBCMT ref: 00B800E7

Part of subcall function 00B800A3: __onexit.LIBCMT ref: 00B800A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00B80122
SleepConditionVariableCS, xrefs: 00B80154
WakeAllConditionVariable, xrefs: 00B80162
InitializeConditionVariable, xrefs: 00B80148
kernel32.dll, xrefs: 00B80133

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: c21aaf78ce44e191dcbc0a2b737ce8746933ad68c9e349c73c79cdc054c20432
Instruction ID: 97a3f3e0a058ea0c0185dbb1f912e6f3a4c54a10533cd9c54530bc026c974fd9
Opcode Fuzzy Hash: c21aaf78ce44e191dcbc0a2b737ce8746933ad68c9e349c73c79cdc054c20432
Instruction Fuzzy Hash: 5521F53365470A6BE7507B64AC49B3D76D4DF06BA0F1001B9F905B32B1DF609844CB94

Function 00BC30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00BC318D
_wcslen.LIBCMT ref: 00BC31F8

Strings

TEXT, xrefs: 00BC347C
CLASSNN, xrefs: 00BC31F3, 00BC3204
REGEXPCLASS, xrefs: 00BC3255, 00BC3266
NAME, xrefs: 00BC3335, 00BC3346
CLASS, xrefs: 00BC3188, 00BC31A5
INSTANCE, xrefs: 00BC3453

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 1a7770dac8fb02493774def20a0ca9ef1f7690b2ba329a5c8ffaecf756ea31f8
Instruction ID: c728bf71f633bb521140366b49d2d2fff210435b034310894740503f688535df
Opcode Fuzzy Hash: 1a7770dac8fb02493774def20a0ca9ef1f7690b2ba329a5c8ffaecf756ea31f8
Instruction Fuzzy Hash: BCE18331A005169BCF189FA8C491BEEBBE4FF54B10F94C1ADE456F7250DB30AE859790

Function 00BD44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00BFCC08), ref: 00BD4527
_wcslen.LIBCMT ref: 00BD453B
_wcslen.LIBCMT ref: 00BD4599
_wcslen.LIBCMT ref: 00BD45F4
_wcslen.LIBCMT ref: 00BD463F
_wcslen.LIBCMT ref: 00BD46A7

Part of subcall function 00B7F9F2: _wcslen.LIBCMT ref: 00B7F9FD

GetDriveTypeW.KERNEL32(?,00C26BF0,00000061), ref: 00BD4743

Strings

cdrom, xrefs: 00BD458F, 00BD4594
removable, xrefs: 00BD45EA, 00BD45EF
unknown, xrefs: 00BD4708
fixed, xrefs: 00BD4635, 00BD463A
network, xrefs: 00BD469D, 00BD46A2
all, xrefs: 00BD4531, 00BD4536
ramdisk, xrefs: 00BD46F1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 39ebfdd4f920b1277b2f9568e87173ab5401172b1ae70dd98311046e38617c37
Instruction ID: d8e071243d06fe6be01191e69bbe35beeb4de87875279bc18ddfdf595d76c00d
Opcode Fuzzy Hash: 39ebfdd4f920b1277b2f9568e87173ab5401172b1ae70dd98311046e38617c37
Instruction Fuzzy Hash: 2FB1AD716083029FC710DF28D890A6AF7E5EFA5764F5049AEF49A87391E730D844CBA2

Function 00BE3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00BFCC08), ref: 00BE40BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00BE40CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00BFCC08), ref: 00BE40F2
FreeLibrary.KERNEL32(00000000,?,00BFCC08), ref: 00BE413E
StringFromGUID2.OLE32(?,?,00000028,?,00BFCC08), ref: 00BE41A8
SysFreeString.OLEAUT32(00000009), ref: 00BE4262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00BE42C8
SysFreeString.OLEAUT32(?), ref: 00BE42F2

Strings

GetModuleHandleExW, xrefs: 00BE40C7
kernel32.dll, xrefs: 00BE40B6

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 5dbe3c29196f607b1131e1916d34aa9e2b48ca3d4f0e35f6b65e62a977bb289b
Instruction ID: d750eceddc63f7eb2de1589928ddef5f12008970e75d3c534a8b935574038afb
Opcode Fuzzy Hash: 5dbe3c29196f607b1131e1916d34aa9e2b48ca3d4f0e35f6b65e62a977bb289b
Instruction Fuzzy Hash: 98125C75A00159EFDB14DF95C884EAEBBF9FF45314F248098E905AB251CB31ED86CBA0

Function 00B6326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00C31990), ref: 00BA2F8D
GetMenuItemCount.USER32(00C31990), ref: 00BA303D
GetCursorPos.USER32(?), ref: 00BA3081
SetForegroundWindow.USER32(00000000), ref: 00BA308A
TrackPopupMenuEx.USER32(00C31990,00000000,?,00000000,00000000,00000000), ref: 00BA309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00BA30A9

Strings

0, xrefs: 00B6327D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 537696858a3312442109e1f456c718f6dbd4d4911bc856630c932233fc2443df
Instruction ID: 4c277ed7251c99af30be6711ad1839dccce98079379d6e21d775da293be8a8c1
Opcode Fuzzy Hash: 537696858a3312442109e1f456c718f6dbd4d4911bc856630c932233fc2443df
Instruction Fuzzy Hash: 39711970648205BEEB258F28CC89FAABFE4FF05724F204296F5156B1E0C7B5A954DB90

Function 00BF6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00BF6DEB

Part of subcall function 00B66B57: _wcslen.LIBCMT ref: 00B66B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00BF6E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00BF6E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BF6E94
DestroyWindow.USER32(?), ref: 00BF6EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00B60000,00000000), ref: 00BF6EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BF6EFD
GetDesktopWindow.USER32 ref: 00BF6F16
GetWindowRect.USER32(00000000), ref: 00BF6F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00BF6F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00BF6F4D

Part of subcall function 00B79944: GetWindowLongW.USER32(?,000000EB), ref: 00B79952

Strings

0, xrefs: 00BF6D98
tooltips_class32, xrefs: 00BF6E58, 00BF6EDD

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 5825ca4e6dc1906f70b43e1e0cc19739df25e43491880eb0448800ff752a4a35
Instruction ID: b36a28470a82cccfd5bbdafd4fae0b6cc43c1dfe2d9774cff19ca81e3649ed62
Opcode Fuzzy Hash: 5825ca4e6dc1906f70b43e1e0cc19739df25e43491880eb0448800ff752a4a35
Instruction Fuzzy Hash: 8F715675104348AFDB21CF18D844BBABBE9FB89304F08495DFA9987261CB70AD4ADB11

Function 00BF911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

DragQueryPoint.SHELL32(?,?), ref: 00BF9147

Part of subcall function 00BF7674: ClientToScreen.USER32(?,?), ref: 00BF769A
Part of subcall function 00BF7674: GetWindowRect.USER32(?,?), ref: 00BF7710
Part of subcall function 00BF7674: PtInRect.USER32(?,?,00BF8B89), ref: 00BF7720

SendMessageW.USER32(?,000000B0,?,?), ref: 00BF91B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00BF91BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00BF91DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00BF9225
SendMessageW.USER32(?,000000B0,?,?), ref: 00BF923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00BF9255
SendMessageW.USER32(?,000000B1,?,?), ref: 00BF9277
DragFinish.SHELL32(?), ref: 00BF927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00BF9371

Strings

@GUI_DRAGFILE, xrefs: 00BF9320
@GUI_DRAGID, xrefs: 00BF92E9
@GUI_DROPID, xrefs: 00BF929E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 86145720abbf3c85a2524ea132f1030ee2a0606ade79eb18700002888b75b028
Instruction ID: 5f5594649756cc1d1396499d132d371f2fee20a2ee0116df104b3d3219a25de2
Opcode Fuzzy Hash: 86145720abbf3c85a2524ea132f1030ee2a0606ade79eb18700002888b75b028
Instruction Fuzzy Hash: 06617B71108305AFD701DF64DD85EAFBBE8EF88750F00096EF695931A1DB709A49CB52

Function 00BDC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00BDC4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00BDC4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00BDC4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00BDC4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00BDC533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00BDC549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BDC554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00BDC584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00BDC5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00BDC5F0
InternetCloseHandle.WININET(00000000), ref: 00BDC5FB

Strings

, xrefs: 00BDC575

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 24f5551f418558914bec63cf352f7d6a182e3702bf5d553c08a59fba3a57b094
Instruction ID: bdde50084b292b0f1f387848384df2a3f0bfe00ac6dbbc5476fd8b5518f0c1e9
Opcode Fuzzy Hash: 24f5551f418558914bec63cf352f7d6a182e3702bf5d553c08a59fba3a57b094
Instruction Fuzzy Hash: EF515AB150020ABFDB219F60D989ABBBFFCFB18744F00445AF94697210EB30E944DB60

Function 00BF856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00BF8592
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BF85A2
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BF85AD
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BF85BA
GlobalLock.KERNEL32(00000000), ref: 00BF85C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BF85D7
GlobalUnlock.KERNEL32(00000000), ref: 00BF85E0
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BF85E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00BF85F8
OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00BFFC38,?), ref: 00BF8611
GlobalFree.KERNEL32(00000000), ref: 00BF8621
GetObjectW.GDI32(?,00000018,?), ref: 00BF8641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00BF8671
DeleteObject.GDI32(?), ref: 00BF8699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00BF86AF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: cab483ad0dccfbf5e499a7dfdc73b44ddb55e0287f320b009edf86d2459080f7
Instruction ID: cf8d626c54c4239c89a7fe56677ce23052ba4648d55510651f6377527985e75a
Opcode Fuzzy Hash: cab483ad0dccfbf5e499a7dfdc73b44ddb55e0287f320b009edf86d2459080f7
Instruction Fuzzy Hash: FC41F875600208BFDB11DFA5DD88EBA7BB8EF89B55F104058F905EB260DB309D45DB60

Function 00BD14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00BD1502
VariantCopy.OLEAUT32(?,?), ref: 00BD150B
VariantClear.OLEAUT32(?), ref: 00BD1517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00BD15FB
VarR8FromDec.OLEAUT32(?,?), ref: 00BD1657
VariantInit.OLEAUT32(?), ref: 00BD1708
SysFreeString.OLEAUT32(?), ref: 00BD178C
VariantClear.OLEAUT32(?), ref: 00BD17D8
VariantClear.OLEAUT32(?), ref: 00BD17E7
VariantInit.OLEAUT32(00000000), ref: 00BD1823

Strings

Default, xrefs: 00BD16AF
%4d%02d%02d%02d%02d%02d, xrefs: 00BD1625

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 7a6667ffff728fbf15160877e4956fa941f4e7a8af240440e12d73c11dfdbef1
Instruction ID: b010d487acfb64268e93db804ca526d8e3279e9cc726d059d92d5c4802d7b0a7
Opcode Fuzzy Hash: 7a6667ffff728fbf15160877e4956fa941f4e7a8af240440e12d73c11dfdbef1
Instruction Fuzzy Hash: B6D1CC71A00505EBDB109F69E885B79F7F5FF45704F1088E6E406AB290EB38EC45DB62

Function 00BEB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BEB6AE,?,?), ref: 00BEC9B5
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BEC9F1
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BECA68
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BEB6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00BEB772
RegDeleteValueW.ADVAPI32(?,?), ref: 00BEB80A
RegCloseKey.ADVAPI32(?), ref: 00BEB87E
RegCloseKey.ADVAPI32(?), ref: 00BEB89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00BEB8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00BEB904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00BEB922
FreeLibrary.KERNEL32(00000000), ref: 00BEB983
RegCloseKey.ADVAPI32(00000000), ref: 00BEB994

Strings

RegDeleteKeyExW, xrefs: 00BEB8FE
advapi32.dll, xrefs: 00BEB8ED

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 15ba3e19a02d7609fad9156b64b3f549bc9349fe3ae5c2ce534c98ff53ca5434
Instruction ID: 6703167818452e5f8b681d648ccc242fded752a270b92f630bd77d2be05a0bb3
Opcode Fuzzy Hash: 15ba3e19a02d7609fad9156b64b3f549bc9349fe3ae5c2ce534c98ff53ca5434
Instruction Fuzzy Hash: 52C18934208281AFD710DF25C495F2ABBE5FF84308F14859CE49A8B7A2CB75ED46CB91

Function 00BE255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00BE25D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00BE25E8
CreateCompatibleDC.GDI32(?), ref: 00BE25F4
SelectObject.GDI32(00000000,?), ref: 00BE2601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00BE266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00BE26AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00BE26D0
SelectObject.GDI32(?,?), ref: 00BE26D8
DeleteObject.GDI32(?), ref: 00BE26E1
DeleteDC.GDI32(?), ref: 00BE26E8
ReleaseDC.USER32(00000000,?), ref: 00BE26F3

Strings

(, xrefs: 00BE268D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 34a8e8d94e61a2bcc34b4d1b3cb9ff91c708cb6925386a7fea1bf6d85dd8edd2
Instruction ID: 6a41e0af216bcd2845d06204222d27b7b5ae54753f2e26e065b2969cbe6eaa99
Opcode Fuzzy Hash: 34a8e8d94e61a2bcc34b4d1b3cb9ff91c708cb6925386a7fea1bf6d85dd8edd2
Instruction Fuzzy Hash: 5A61C075D00219EFCF04CFA8D984AAEBBF9FF48310F248569E955A7250D770A951CF50

Function 00B9DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00B9DAA1

Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D659
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D66B
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D67D
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D68F
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D6A1
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D6B3
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D6C5
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D6D7
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D6E9
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D6FB
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D70D
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D71F
Part of subcall function 00B9D63C: _free.LIBCMT ref: 00B9D731

_free.LIBCMT ref: 00B9DA96

Part of subcall function 00B929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000), ref: 00B929DE
Part of subcall function 00B929C8: GetLastError.KERNEL32(00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000,00000000), ref: 00B929F0

_free.LIBCMT ref: 00B9DAB8
_free.LIBCMT ref: 00B9DACD
_free.LIBCMT ref: 00B9DAD8
_free.LIBCMT ref: 00B9DAFA
_free.LIBCMT ref: 00B9DB0D
_free.LIBCMT ref: 00B9DB1B
_free.LIBCMT ref: 00B9DB26
_free.LIBCMT ref: 00B9DB5E
_free.LIBCMT ref: 00B9DB65
_free.LIBCMT ref: 00B9DB82
_free.LIBCMT ref: 00B9DB9A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 4bd014ba321d88124a7dbdd45b642f2899972074cdc682dac13b78eb384d3a7a
Instruction ID: 57a75b513357fd144cf34a461a6d2d62a15299e3d09b27498330ce3485c1d5ba
Opcode Fuzzy Hash: 4bd014ba321d88124a7dbdd45b642f2899972074cdc682dac13b78eb384d3a7a
Instruction Fuzzy Hash: 84314971A04305AFEF21AB3AE845B5AB7E9FF10320F5544B9E549D7291DF31AC90CB60

Function 00BC365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00BC369C
_wcslen.LIBCMT ref: 00BC36A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00BC3797
GetClassNameW.USER32(?,?,00000400), ref: 00BC380C
GetDlgCtrlID.USER32(?), ref: 00BC385D
GetWindowRect.USER32(?,?), ref: 00BC3882
GetParent.USER32(?), ref: 00BC38A0
ScreenToClient.USER32(00000000), ref: 00BC38A7
GetClassNameW.USER32(?,?,00000100), ref: 00BC3921
GetWindowTextW.USER32(?,?,00000400), ref: 00BC395D

Strings

%s%u, xrefs: 00BC3734

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 790a6a4450617e511a34203c7c6fa63763b167877bd9ecad1f1f3115deda026e
Instruction ID: 0a662418cb9910609298a9c48058cbcb8780fd87313954375e2a878c4f0ce010
Opcode Fuzzy Hash: 790a6a4450617e511a34203c7c6fa63763b167877bd9ecad1f1f3115deda026e
Instruction Fuzzy Hash: 6491AF71204606AFDB18DF24C885FAAF7E8FF44750F40856DF99AD3190DB70AA45CB91

Function 00BC4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00BC4994
GetWindowTextW.USER32(?,?,00000400), ref: 00BC49DA
_wcslen.LIBCMT ref: 00BC49EB
CharUpperBuffW.USER32(?,00000000), ref: 00BC49F7
_wcsstr.LIBVCRUNTIME ref: 00BC4A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00BC4A64
GetWindowTextW.USER32(?,?,00000400), ref: 00BC4A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00BC4AE6
GetClassNameW.USER32(?,?,00000400), ref: 00BC4B20
GetWindowRect.USER32(?,?), ref: 00BC4B8B

Strings

ThumbnailClass, xrefs: 00BC4A6F, 00BC4AF1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: e12977a9eaa9ad212d57a7c8f696c00e4125d8825f3dbc0e7e7e14163e7b65ad
Instruction ID: 37c9ef074b078e9307f6b2a8dc1c1c3c36836a7c4ed69cdb2fe3d8dc6515a5cf
Opcode Fuzzy Hash: e12977a9eaa9ad212d57a7c8f696c00e4125d8825f3dbc0e7e7e14163e7b65ad
Instruction Fuzzy Hash: 72919D71108209AFDB14DF14C995FAA7BE8EF44314F0484ADFD859B1A6DB30EE45CBA1

Function 00BF8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00BF8D5A
GetFocus.USER32 ref: 00BF8D6A
GetDlgCtrlID.USER32(00000000), ref: 00BF8D75
DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00BF8E1D
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00BF8ECF
GetMenuItemCount.USER32(?), ref: 00BF8EEC
GetMenuItemID.USER32(?,00000000), ref: 00BF8EFC
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00BF8F2E
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00BF8F70
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00BF8FA1

Strings

0, xrefs: 00BF8E9F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
String ID: 0
API String ID: 1026556194-4108050209
Opcode ID: bab492832c5423bce2e11d390c851e97e0bdab135d079bf602595b59cb291701
Instruction ID: 8f377a3e8a9800d634c1b23e83fcf655d1b6cf7693768c2d9d08f288891e7fe0
Opcode Fuzzy Hash: bab492832c5423bce2e11d390c851e97e0bdab135d079bf602595b59cb291701
Instruction Fuzzy Hash: DC81AF71508309AFDB10CF14D885ABB7BE9FF98314F1409ADFA9497291DB30D948CBA1

Function 00BCBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00C31990,000000FF,00000000,00000030), ref: 00BCBFAC
SetMenuItemInfoW.USER32(00C31990,00000004,00000000,00000030), ref: 00BCBFE1
Sleep.KERNEL32(000001F4), ref: 00BCBFF3
GetMenuItemCount.USER32(?), ref: 00BCC039
GetMenuItemID.USER32(?,00000000), ref: 00BCC056
GetMenuItemID.USER32(?,-00000001), ref: 00BCC082
GetMenuItemID.USER32(?,?), ref: 00BCC0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00BCC10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BCC124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BCC145

Strings

0, xrefs: 00BCBF3D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: 0291c6ebd69301935fc82ca6e9be97df136015b77617263742dd4c7ef345b1d5
Instruction ID: 28c0d7886eb05e668a3ea4087a510ee2bcf8daa64c02a8cf68daa55645b942d4
Opcode Fuzzy Hash: 0291c6ebd69301935fc82ca6e9be97df136015b77617263742dd4c7ef345b1d5
Instruction Fuzzy Hash: 44617BB090024AAFDF11CF64DD89FBE7FE8EB25344F144099E859A3291CB35AD45CB60

Function 00BCDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 00BCDC20
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00BCDC46
_wcslen.LIBCMT ref: 00BCDC50
_wcsstr.LIBVCRUNTIME ref: 00BCDCA0
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00BCDCBC

Strings

\VarFileInfo\Translation, xrefs: 00BCDCB4
DefaultLangCodepage, xrefs: 00BCDD1F
04090000, xrefs: 00BCDCF2
StringFileInfo\, xrefs: 00BCDC8F
%u.%u.%u.%u, xrefs: 00BCDD9A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 1939486746-1459072770
Opcode ID: 815f5f9ca501a44a5bd5774efa2058e60a600b0abcd50968ca6c706666f15c3c
Instruction ID: a7cbc4b78683386f6db56293fedd3c2e7ec8487f2b05c70fed5d813b481da3ca
Opcode Fuzzy Hash: 815f5f9ca501a44a5bd5774efa2058e60a600b0abcd50968ca6c706666f15c3c
Instruction Fuzzy Hash: 5241EE369402197ADB10BB649C43EBF7BECEF41710F1440FAF905A71A2EA649901E7A9

Function 00BECC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00BECC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00BECC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00BECD48

Part of subcall function 00BECC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00BECCAA
Part of subcall function 00BECC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00BECCBD
Part of subcall function 00BECC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00BECCCF
Part of subcall function 00BECC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00BECD05
Part of subcall function 00BECC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00BECD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00BECCF3

Strings

RegDeleteKeyExW, xrefs: 00BECCC9
advapi32.dll, xrefs: 00BECCB8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: d3124abdd6ea17dffa7763f1a39bba5687e4cc0940e5914d5ea29e26156cbdd7
Instruction ID: 27e5ab802335025db3c95aba6cad8122f5cc05c2737dbfe5d13e6fae390e326f
Opcode Fuzzy Hash: d3124abdd6ea17dffa7763f1a39bba5687e4cc0940e5914d5ea29e26156cbdd7
Instruction Fuzzy Hash: F9316E7190112DBBDB208B65DC88EFFBFBCEF55750F1041B5A906E3240DB349A86DAA0

Function 00BD3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00BD3D40
_wcslen.LIBCMT ref: 00BD3D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00BD3D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00BD3DBE
RemoveDirectoryW.KERNEL32(?), ref: 00BD3DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00BD3E55
CloseHandle.KERNEL32(00000000), ref: 00BD3E60
CloseHandle.KERNEL32(00000000), ref: 00BD3E6B

Strings

\, xrefs: 00BD3D77
\??\%s, xrefs: 00BD3D5B
:, xrefs: 00BD3D82

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: 7104db0bb2e9958d92563cee96f0c5dbcc7d5f8996ff6f133fbe657f48d00d71
Instruction ID: bcaf2bba3ea48977bd45f4e33fee99229993a83f452359c4b44add3dc6192e28
Opcode Fuzzy Hash: 7104db0bb2e9958d92563cee96f0c5dbcc7d5f8996ff6f133fbe657f48d00d71
Instruction Fuzzy Hash: 35318C7290020AAADB209FA0DC49FEB77F9EF88B40F1040B6F50997161EB709784CB25

Function 00BCE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00BCE6B4

Part of subcall function 00B7E551: timeGetTime.WINMM(?,?,00BCE6D4), ref: 00B7E555

Sleep.KERNEL32(0000000A), ref: 00BCE6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00BCE705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00BCE727
SetActiveWindow.USER32 ref: 00BCE746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00BCE754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00BCE773
Sleep.KERNEL32(000000FA), ref: 00BCE77E
IsWindow.USER32 ref: 00BCE78A
EndDialog.USER32(00000000), ref: 00BCE79B

Strings

BUTTON, xrefs: 00BCE719

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 0b4a14146a00afacf17ba9b289493d3e64045bf247d44c7a0484eb4fbfc0a380
Instruction ID: dc28bba8e1343ebfa98157170e139c23c78aa59cf18839b2481e3e4fd162253f
Opcode Fuzzy Hash: 0b4a14146a00afacf17ba9b289493d3e64045bf247d44c7a0484eb4fbfc0a380
Instruction Fuzzy Hash: BE216DB1210A08EFEB005F21ED8AF3A3FA9EB54748B105469F925C31B1DF71EC50CA64

Function 00BCE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00BCEA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00BCEA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BCEA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00BCEA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00BCEAA7

Strings

status PlayMe mode, xrefs: 00BCEA58
play PlayMe, xrefs: 00BCEAA2
close PlayMe, xrefs: 00BCEA6E, 00BCEA9B
alias PlayMe, xrefs: 00BCEA36
open , xrefs: 00BCEA0C
play PlayMe wait, xrefs: 00BCEA91

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: ff0d345cef54acdce3586803bf630d89c417ccb6db8489065df14ad319cdc079
Instruction ID: f7e86c7d370909a048b63aaabd87f79ceaf36342c84149c50ada864687ac4a4d
Opcode Fuzzy Hash: ff0d345cef54acdce3586803bf630d89c417ccb6db8489065df14ad319cdc079
Instruction Fuzzy Hash: 54112131A90269BDD720B7A5ED4AEFF6AFCEBD2B40F440479B411A20D1EEB05945C9B0

Function 00BC9F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00BCA012
SetKeyboardState.USER32(?), ref: 00BCA07D
GetAsyncKeyState.USER32(000000A0), ref: 00BCA09D
GetKeyState.USER32(000000A0), ref: 00BCA0B4
GetAsyncKeyState.USER32(000000A1), ref: 00BCA0E3
GetKeyState.USER32(000000A1), ref: 00BCA0F4
GetAsyncKeyState.USER32(00000011), ref: 00BCA120
GetKeyState.USER32(00000011), ref: 00BCA12E
GetAsyncKeyState.USER32(00000012), ref: 00BCA157
GetKeyState.USER32(00000012), ref: 00BCA165
GetAsyncKeyState.USER32(0000005B), ref: 00BCA18E
GetKeyState.USER32(0000005B), ref: 00BCA19C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 4ec21a27239eb749155da2cf4239256efb1002a474e6b8eae0f37846f4518810
Instruction ID: 5f3a675c79d6195c5f591beb2b72937045cc51d1649982671cc1cd5ad63e1d88
Opcode Fuzzy Hash: 4ec21a27239eb749155da2cf4239256efb1002a474e6b8eae0f37846f4518810
Instruction Fuzzy Hash: 3E51672090478C29FB35DBB08955FEAAFF5DF12384F0845DDD5C25B1C2DA54AA4CC762

Function 00BC5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00BC5CE2
GetWindowRect.USER32(00000000,?), ref: 00BC5CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00BC5D59
GetDlgItem.USER32(?,00000002), ref: 00BC5D69
GetWindowRect.USER32(00000000,?), ref: 00BC5D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00BC5DCF
GetDlgItem.USER32(?,000003E9), ref: 00BC5DDD
GetWindowRect.USER32(00000000,?), ref: 00BC5DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00BC5E31
GetDlgItem.USER32(?,000003EA), ref: 00BC5E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00BC5E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00BC5E67

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 1e493fa428e2224faba850f9c3cae1a5d4038f258812ca2414ae799ad6d41dc7
Instruction ID: 891c7065b1ae8d8cf97da349696c03a5058da28a989064e055eac45085f62604
Opcode Fuzzy Hash: 1e493fa428e2224faba850f9c3cae1a5d4038f258812ca2414ae799ad6d41dc7
Instruction Fuzzy Hash: 0151FF71A00609AFDF18DF68DD89EAEBBF5EB48310F148169F516E7290DB70AE44CB50

Function 00B78BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00B78F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B78BE8,?,00000000,?,?,?,?,00B78BBA,00000000,?), ref: 00B78FC5

DestroyWindow.USER32(?), ref: 00B78C81
KillTimer.USER32(00000000,?,?,?,?,00B78BBA,00000000,?), ref: 00B78D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00BB6973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00B78BBA,00000000,?), ref: 00BB69A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00B78BBA,00000000,?), ref: 00BB69B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00B78BBA,00000000), ref: 00BB69D4
DeleteObject.GDI32(00000000), ref: 00BB69E6

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: f820765fa0d69c0082d3d76d4636a2b1de96791a85b5ebad4dae3e37e8c4b396
Instruction ID: 1d58fb3908dd22fbbf287fc3437e0c1efd649b0c3320c94e03221350a25c6554
Opcode Fuzzy Hash: f820765fa0d69c0082d3d76d4636a2b1de96791a85b5ebad4dae3e37e8c4b396
Instruction Fuzzy Hash: 78618C30511704DFCB269F24DA48B79BBF1FB44322F1885A8E45A9B5A0CB75AD80CF90

Function 00B79838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00B79944: GetWindowLongW.USER32(?,000000EB), ref: 00B79952

GetSysColor.USER32(0000000F), ref: 00B79862

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 23463b65e64f6aecd5b9fd0479f3527a8e9a09d6eabc6e3ffbcfcadf894bb5a2
Instruction ID: 7afd25e9c8058e520969a49217bcdd0378fc6e7d2a2ff5f3215eaf09e80250dd
Opcode Fuzzy Hash: 23463b65e64f6aecd5b9fd0479f3527a8e9a09d6eabc6e3ffbcfcadf894bb5a2
Instruction Fuzzy Hash: 9B41F331104604AFDB209F389C84BB93BE5EB57370F148685F9B69B2E1CB709D82DB11

Function 00BC96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00BAF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00BC9717
LoadStringW.USER32(00000000,?,00BAF7F8,00000001), ref: 00BC9720

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00BAF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00BC9742
LoadStringW.USER32(00000000,?,00BAF7F8,00000001), ref: 00BC9745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00BC9866

Strings

Line %d (File "%s"):, xrefs: 00BC978F
%s (%d) : ==> %s: %s %s, xrefs: 00BC984A
Line %d:, xrefs: 00BC97A0
^ ERROR, xrefs: 00BC97FB
Error: , xrefs: 00BC981D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: fb209b2ad537a4242fbb015c1517c1e5cbb35a7454d38f9070d214e57f8f0308
Instruction ID: 5b177e8965de2d9531b11a0e3b4f725bf0c3118af132cfaffa8970d88fba2e9e
Opcode Fuzzy Hash: fb209b2ad537a4242fbb015c1517c1e5cbb35a7454d38f9070d214e57f8f0308
Instruction Fuzzy Hash: DE412B72800219AADF04EBE0DE86EEE77BCAF55740F1400A5F60573192EB396F48CB61

Function 00BC06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00B66B57: _wcslen.LIBCMT ref: 00B66B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00BC07A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00BC07BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00BC07DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00BC0804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00BC082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00BC0837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00BC083C

Strings

SOFTWARE\Classes\, xrefs: 00BC070E
\CLSID, xrefs: 00BC0724
\IPC$, xrefs: 00BC0784

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 253b4144dd9bc3aa79c8370a7379ac7ab5a96b0c0ee67f866b8c460c1fe32909
Instruction ID: 765cd345092acfeac217650a872825a334d4bca824c32c65d4658395a2d91791
Opcode Fuzzy Hash: 253b4144dd9bc3aa79c8370a7379ac7ab5a96b0c0ee67f866b8c460c1fe32909
Instruction Fuzzy Hash: 8C41F572C10229EBDF15EFA4DC95DEEB7B8FF04750B1441A9E901A31A1EB349E45CBA0

Function 00BF3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00BF403B
CreateCompatibleDC.GDI32(00000000), ref: 00BF4042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00BF4055
SelectObject.GDI32(00000000,00000000), ref: 00BF405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00BF4068
DeleteDC.GDI32(00000000), ref: 00BF4072
GetWindowLongW.USER32(?,000000EC), ref: 00BF407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00BF4092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00BF409E

Strings

static, xrefs: 00BF3FD3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 687d4875809292c7edbd8f8d222877d13b4be48b37f2efa147051cbaf0afadae
Instruction ID: 620c669df98aa99a98119690d6054aaa41760c629b2d1a283296b8550bf1a02b
Opcode Fuzzy Hash: 687d4875809292c7edbd8f8d222877d13b4be48b37f2efa147051cbaf0afadae
Instruction Fuzzy Hash: 9C313832501219ABDF219FA8CD49FEA3FA8EF09720F110251FA14A71A0CB75D864DB54

Function 00BE3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00BE3C5C
CoInitialize.OLE32(00000000), ref: 00BE3C8A
CoUninitialize.OLE32 ref: 00BE3C94
_wcslen.LIBCMT ref: 00BE3D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00BE3DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00BE3ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00BE3F0E
CoGetObject.OLE32(?,00000000,00BFFB98,?), ref: 00BE3F2D
SetErrorMode.KERNEL32(00000000), ref: 00BE3F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00BE3FC4
VariantClear.OLEAUT32(?), ref: 00BE3FD8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 91a03ca3e12774f30e65a3ef3cd89c2a5bee6bc5c0a41b3d64d73ef449e2e553
Instruction ID: 216e34a8160e0a9b40aa2056b066288e5848fdb8d5656ac16159a470928ead39
Opcode Fuzzy Hash: 91a03ca3e12774f30e65a3ef3cd89c2a5bee6bc5c0a41b3d64d73ef449e2e553
Instruction Fuzzy Hash: 9CC159716043459FC700DF65C88892BBBE9FF89B44F1049ADF98A9B210DB31ED45CB92

Function 00BD7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00BD7AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00BD7B8F
SHGetDesktopFolder.SHELL32(?), ref: 00BD7BA3
CoCreateInstance.OLE32(00BFFD08,00000000,00000001,00C26E6C,?), ref: 00BD7BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00BD7C74
CoTaskMemFree.OLE32(?,?), ref: 00BD7CCC
SHBrowseForFolderW.SHELL32(?), ref: 00BD7D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00BD7D7A
CoTaskMemFree.OLE32(00000000), ref: 00BD7D81
CoTaskMemFree.OLE32(00000000), ref: 00BD7DD6
CoUninitialize.OLE32 ref: 00BD7DDC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: a94205fa30c93c3e87cb2a2ba26b0b3f884399069dc16d425021039bddabe632
Instruction ID: 9f08d36b25f48149c1256ff8b8dec8f91dce544d6d1a6abef0ab97c70d2ccbc3
Opcode Fuzzy Hash: a94205fa30c93c3e87cb2a2ba26b0b3f884399069dc16d425021039bddabe632
Instruction Fuzzy Hash: 64C10C75A04109AFCB14DF64C894DAEBBF9FF48314B1484A9E91ADB361EB30ED45CB90

Function 00BF541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00BF5504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BF5515
CharNextW.USER32(00000158), ref: 00BF5544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00BF5585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00BF559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BF55AC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 1d8a1de4e893f2ca7fbf5dce260fdc2a6c7de5778b149ed5036e003fb64a1bf6
Instruction ID: ff663bc63516b987272200feecd80f30fa07b2e4a43b5f9f8967a202d2f02ad6
Opcode Fuzzy Hash: 1d8a1de4e893f2ca7fbf5dce260fdc2a6c7de5778b149ed5036e003fb64a1bf6
Instruction Fuzzy Hash: A5616D7490460CAFDF209F54CC85AFE7BF9EB09721F108189FB25A7290D7749A89DB60

Function 00BBFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00BBFAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00BBFB08
VariantInit.OLEAUT32(?), ref: 00BBFB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00BBFB3A
VariantCopy.OLEAUT32(?,?), ref: 00BBFB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00BBFBA1
VariantClear.OLEAUT32(?), ref: 00BBFBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00BBFBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00BBFBCC
VariantClear.OLEAUT32(?), ref: 00BBFBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00BBFBE9

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: ca216a0e7bc95e964baa73813ea88536ba216326fadb3fee4cb9f0815865858e
Instruction ID: 8265da55002ce7133f9c8214815f0655a37a4159dc8eae9c77b6807f2f3845ac
Opcode Fuzzy Hash: ca216a0e7bc95e964baa73813ea88536ba216326fadb3fee4cb9f0815865858e
Instruction Fuzzy Hash: 82415E35A0021A9FCF14DF68DC549FEBFB9EF48344F0084A9E955A7361CB70A945CBA0

Function 00BC9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00BC9CA1
GetAsyncKeyState.USER32(000000A0), ref: 00BC9D22
GetKeyState.USER32(000000A0), ref: 00BC9D3D
GetAsyncKeyState.USER32(000000A1), ref: 00BC9D57
GetKeyState.USER32(000000A1), ref: 00BC9D6C
GetAsyncKeyState.USER32(00000011), ref: 00BC9D84
GetKeyState.USER32(00000011), ref: 00BC9D96
GetAsyncKeyState.USER32(00000012), ref: 00BC9DAE
GetKeyState.USER32(00000012), ref: 00BC9DC0
GetAsyncKeyState.USER32(0000005B), ref: 00BC9DD8
GetKeyState.USER32(0000005B), ref: 00BC9DEA

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: b2e1262326d2f528547808ed1bab58024cefe50e77390c7b666a80d93b419b2a
Instruction ID: 36d09c95fb2711e6824339c3e967ece0b7d0e2590941d5b10b5238342ab89232
Opcode Fuzzy Hash: b2e1262326d2f528547808ed1bab58024cefe50e77390c7b666a80d93b419b2a
Instruction Fuzzy Hash: C141D8745047CA69FF308764940CBB6BEE0EB21344F0480EEDAC7675C2DBA499C8C7A2

Function 00BE055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00BE05BC
inet_addr.WSOCK32(?), ref: 00BE061C
gethostbyname.WSOCK32(?), ref: 00BE0628
IcmpCreateFile.IPHLPAPI ref: 00BE0636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00BE06C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00BE06E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00BE07B9
WSACleanup.WSOCK32 ref: 00BE07BF

Strings

Ping, xrefs: 00BE0676

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: eec68d702c3beb5838ecbb2dcd6f47c29b6197f2f8dcf801fb44f0f37beccc6e
Instruction ID: 201c9e1b33f2991045f88ab0262f536df5c1965d5fcda0d615152e037ee83714
Opcode Fuzzy Hash: eec68d702c3beb5838ecbb2dcd6f47c29b6197f2f8dcf801fb44f0f37beccc6e
Instruction Fuzzy Hash: 0A919F356182419FD320EF16C588F2ABBE0EF44318F1485E9F4699B6A2C7B4ED85CF91

Function 00BE8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00BE8CF3

Part of subcall function 00BC8E54: _wcslen.LIBCMT ref: 00BC8E77

_wcslen.LIBCMT ref: 00BE8D4E
_wcslen.LIBCMT ref: 00BE8D9C
_wcslen.LIBCMT ref: 00BE8DDC
_wcslen.LIBCMT ref: 00BE8E6E

Strings

cdecl, xrefs: 00BE8D48, 00BE8D4D
none, xrefs: 00BE8E65, 00BE8E6A
stdcall, xrefs: 00BE8DD6, 00BE8DDB
winapi, xrefs: 00BE8D96, 00BE8D9B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: 8ed325ab5350143b18be1294fe5866ff4a02ba69e28961df2e36062799c4d419
Instruction ID: d5733c1c03ac805bc5e4bdbe85cddb98f2a487dc56176a52ed420dcaeff5112e
Opcode Fuzzy Hash: 8ed325ab5350143b18be1294fe5866ff4a02ba69e28961df2e36062799c4d419
Instruction Fuzzy Hash: 62519031A009569BCF24DF6DC9819BEB7E6FF64724B2042A9E42AE72C4DB35DD40C790

Function 00BE372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00BE3774
CoUninitialize.OLE32 ref: 00BE377F
CoCreateInstance.OLE32(?,00000000,00000017,00BFFB78,?), ref: 00BE37D9
IIDFromString.OLE32(?,?), ref: 00BE384C
VariantInit.OLEAUT32(?), ref: 00BE38E4
VariantClear.OLEAUT32(?), ref: 00BE3936

Strings

NULL Pointer assignment, xrefs: 00BE381E
Invalid parameter, xrefs: 00BE3865
Failed to create object, xrefs: 00BE37E4, 00BE389A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 90ea7ed92e0bafbb27b4e8a7616963eacf18a0cc7e1c1404a5ac2c505d49b3a1
Instruction ID: e2073eada117a9c2a2c5c5b2987e0eb5aae28cb445ce8f0e3f869abb87e58550
Opcode Fuzzy Hash: 90ea7ed92e0bafbb27b4e8a7616963eacf18a0cc7e1c1404a5ac2c505d49b3a1
Instruction Fuzzy Hash: BF61B071608341AFD310DF55D888F6ABBE8EF48B14F10499DF9859B291DB70EE48CB92

Function 00BD3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00BD33CF

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00BD33F0

Strings

"%s" (%d) : ==> %s:, xrefs: 00BD3522
Line %d (File "%s"):, xrefs: 00BD3443, 00BD345C
Incorrect parameters to object property !, xrefs: 00BD34AB
^ ERROR , xrefs: 00BD349E
"%s" (%d) : ==> %s:%s%s, xrefs: 00BD3504
Error: , xrefs: 00BD34D1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 1021da21d7cf67635a916b2b9e4d69ec07e40c61f3ddbd33acbaeba1a4fa85aa
Instruction ID: a73d9087b3bc17a119c731022e256a8966f9d1737dc87da015606f3abaf6f485
Opcode Fuzzy Hash: 1021da21d7cf67635a916b2b9e4d69ec07e40c61f3ddbd33acbaeba1a4fa85aa
Instruction Fuzzy Hash: C9516D32900209AADF15EBA0DE46EEEB7F8EF14740F1440A5F505731A2EB356F58DB61

Function 00BCB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00BCB5FC
_wcslen.LIBCMT ref: 00BCB608
_wcslen.LIBCMT ref: 00BCB64D
_wcslen.LIBCMT ref: 00BCB68C
_wcslen.LIBCMT ref: 00BCB6C7

Strings

EXISTS, xrefs: 00BCB686, 00BCB68B
APPEND, xrefs: 00BCB6C1, 00BCB6C6
REMOVE, xrefs: 00BCB602, 00BCB607
KEYS, xrefs: 00BCB647, 00BCB64C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: d9546f7bc442abeed0ea8c49412d81e2219a8897b1ff29d753fa868c14e7dd75
Instruction ID: deb569baf99b114b1f480b418f0ceaa914ae0e1c369699c2e3dc712b622511ed
Opcode Fuzzy Hash: d9546f7bc442abeed0ea8c49412d81e2219a8897b1ff29d753fa868c14e7dd75
Instruction Fuzzy Hash: 2A419532A001269ACB206F7DC992EBEB7E5EB60B54F2441BEE465D7284E735CD81C790

Function 00BD5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00BD53A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00BD5416
GetLastError.KERNEL32 ref: 00BD5420
SetErrorMode.KERNEL32(00000000,READY), ref: 00BD54A7

Strings

READONLY, xrefs: 00BD5452
UNKNOWN, xrefs: 00BD5444
READY, xrefs: 00BD5460, 00BD5468
INVALID, xrefs: 00BD5459
NOTREADY, xrefs: 00BD544B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: d5665ad8c3d6ceda33fbff2253d2a469f4a833990c42944c53e55f11b33c0707
Instruction ID: aca7c217db1df24fcdc5ca9ffc764b825101cdb2380c6d8bd46a4ccbb700a511
Opcode Fuzzy Hash: d5665ad8c3d6ceda33fbff2253d2a469f4a833990c42944c53e55f11b33c0707
Instruction Fuzzy Hash: 18319375A005089FCB20DF68C584AAABBF4EF45305F1480AAE405DB356EB71DD86CF92

Function 00BF3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00BF3C79
SetMenu.USER32(?,00000000), ref: 00BF3C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BF3D10
IsMenu.USER32(?), ref: 00BF3D24
CreatePopupMenu.USER32 ref: 00BF3D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00BF3D5B
DrawMenuBar.USER32 ref: 00BF3D63

Strings

0, xrefs: 00BF3C54
F, xrefs: 00BF3D4E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 1423eb9fd20769e4a489113b912db91430b3fd6b384a323d8b09a5ce325d0fee
Instruction ID: f93e26c0566d58c56abc9ee8d4bdac78d67dc44f5a2b13ae1b4507b5e3051035
Opcode Fuzzy Hash: 1423eb9fd20769e4a489113b912db91430b3fd6b384a323d8b09a5ce325d0fee
Instruction Fuzzy Hash: 0B416779A01209EFDB14DF64D884BAA7BF5FF49750F140068EA56A7360D730AA18CF94

Function 00BC1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BC3CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00BC1F64
GetDlgCtrlID.USER32 ref: 00BC1F6F
GetParent.USER32 ref: 00BC1F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00BC1F8E
GetDlgCtrlID.USER32(?), ref: 00BC1F97
GetParent.USER32(?), ref: 00BC1FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00BC1FAE

Strings

ComboBox, xrefs: 00BC1EEC
ListBox, xrefs: 00BC1F21

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 87c46047cda797fd875bd6ca598a57ebc4142eb7c37ec318fc02c1e2f93a898f
Instruction ID: f4e65f321312a423ec6b77be12c54819ab2b56f22216e13f33b99035e8f8a7fb
Opcode Fuzzy Hash: 87c46047cda797fd875bd6ca598a57ebc4142eb7c37ec318fc02c1e2f93a898f
Instruction Fuzzy Hash: E821C270A00218BBCF04AFA4DC85EFEBBF8EF16350F004599F961A7291CB385958DB60

Function 00BC1FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BC3CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00BC2043
GetDlgCtrlID.USER32 ref: 00BC204E
GetParent.USER32 ref: 00BC206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00BC206D
GetDlgCtrlID.USER32(?), ref: 00BC2076
GetParent.USER32(?), ref: 00BC208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00BC208D

Strings

ComboBox, xrefs: 00BC1FCD
ListBox, xrefs: 00BC2002

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: ccab9642058b3b477b78173ff4b128b6d8fc68d07f747fc095de7e34476702a0
Instruction ID: d6d51195d1ca378cfbb03194bfdd7cf89c9f0add173faa15aae51255b8ecec58
Opcode Fuzzy Hash: ccab9642058b3b477b78173ff4b128b6d8fc68d07f747fc095de7e34476702a0
Instruction Fuzzy Hash: 3521C375A00218BBCF14AFA0DD85EFEBFF8EF15340F00409AF951A71A1DA798954DB60

Function 00BF3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00BF3A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00BF3AA0
GetWindowLongW.USER32(?,000000F0), ref: 00BF3AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00BF3AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00BF3B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00BF3BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00BF3BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00BF3BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00BF3BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00BF3C13

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: b381c857980687635a5d1beaf54e1a525b642591a3b31675fcb9c2574ac1aa13
Instruction ID: 623e301219065cf71ad0b4a94211fcffedb686c07a877f92bba4d723f1b3fbb5
Opcode Fuzzy Hash: b381c857980687635a5d1beaf54e1a525b642591a3b31675fcb9c2574ac1aa13
Instruction Fuzzy Hash: 60613775A00248AFDB10DFA8CC81FFE77F8EB09710F144199FA15A72A2D774AA45DB50

Function 00BCB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00BCB151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00BCA1E1,?,00000001), ref: 00BCB165
GetWindowThreadProcessId.USER32(00000000), ref: 00BCB16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00BCA1E1,?,00000001), ref: 00BCB17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00BCB18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00BCA1E1,?,00000001), ref: 00BCB1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00BCA1E1,?,00000001), ref: 00BCB1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00BCA1E1,?,00000001), ref: 00BCB1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00BCA1E1,?,00000001), ref: 00BCB212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00BCA1E1,?,00000001), ref: 00BCB21D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: c4d15176880925156602fbc6771bfb076182f94c8c3256a8df90b7081959530e
Instruction ID: ee772ae089e9403ff231fac9cde06604f48caeee4a0fee98eb0e3babefd7e297
Opcode Fuzzy Hash: c4d15176880925156602fbc6771bfb076182f94c8c3256a8df90b7081959530e
Instruction Fuzzy Hash: F4316771520208BFDB249F24DD8AFBE7FA9EB51311F244049FA01DB190DBB89E808B60

Function 00B92C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00B92C94

Part of subcall function 00B929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000), ref: 00B929DE
Part of subcall function 00B929C8: GetLastError.KERNEL32(00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000,00000000), ref: 00B929F0

_free.LIBCMT ref: 00B92CA0
_free.LIBCMT ref: 00B92CAB
_free.LIBCMT ref: 00B92CB6
_free.LIBCMT ref: 00B92CC1
_free.LIBCMT ref: 00B92CCC
_free.LIBCMT ref: 00B92CD7
_free.LIBCMT ref: 00B92CE2
_free.LIBCMT ref: 00B92CED
_free.LIBCMT ref: 00B92CFB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 21bc71fa06f005f563a6c4ab7db46d3d14216f72aa6341639c71d8a6980c9fe2
Instruction ID: 8444479e3de099674d58b9a10b088086dd399b6f3f3e1445aa0d5de05fa5705c
Opcode Fuzzy Hash: 21bc71fa06f005f563a6c4ab7db46d3d14216f72aa6341639c71d8a6980c9fe2
Instruction Fuzzy Hash: DE114076910108BFCF02EF94D982CDD7BA9FF05350F9145B5FA489B322DA31EA509B90

Function 00B61410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00B61459
OleUninitialize.OLE32(?,00000000), ref: 00B614F8
UnregisterHotKey.USER32(?), ref: 00B616DD
DestroyWindow.USER32(?), ref: 00BA24B9
FreeLibrary.KERNEL32(?), ref: 00BA251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00BA254B

Strings

close all, xrefs: 00B61454

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: b5054b6ad0576140da5351ea01ef67b7e0940ddaddd148e578c114ebdfa32272
Instruction ID: 8bc636c9a8e1ea28f5bfa687a9a519c3b387635fdab19a097fa79ae7dc5e928f
Opcode Fuzzy Hash: b5054b6ad0576140da5351ea01ef67b7e0940ddaddd148e578c114ebdfa32272
Instruction Fuzzy Hash: BBD17A31B062128FCB19EF19C995A29F7E4FF15700F1885EDE44A6B261DB30AD12CF50

Function 00BD7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BD7FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00BD7FC1
GetFileAttributesW.KERNEL32(?), ref: 00BD7FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00BD8005
SetCurrentDirectoryW.KERNEL32(?), ref: 00BD8017
SetCurrentDirectoryW.KERNEL32(?), ref: 00BD8060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00BD80B0

Strings

*.*, xrefs: 00BD8066

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: d8cfafaa19be46b49621509ab89ace4912c1473b33e71195b094938aa5365614
Instruction ID: f34d7d00ec18bda9e99ad0354551049f2a8be8618df09bbe4d4ed6e6317e13dd
Opcode Fuzzy Hash: d8cfafaa19be46b49621509ab89ace4912c1473b33e71195b094938aa5365614
Instruction Fuzzy Hash: 998180715482459BCB20EF54C8849AAF7E8EB88314F14489FF889D7351FB35DD49CB92

Function 00B65BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00B65C7A

Part of subcall function 00B65D0A: GetClientRect.USER32(?,?), ref: 00B65D30
Part of subcall function 00B65D0A: GetWindowRect.USER32(?,?), ref: 00B65D71
Part of subcall function 00B65D0A: ScreenToClient.USER32(?,?), ref: 00B65D99

GetDC.USER32 ref: 00BA46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00BA4708
SelectObject.GDI32(00000000,00000000), ref: 00BA4716
SelectObject.GDI32(00000000,00000000), ref: 00BA472B
ReleaseDC.USER32(?,00000000), ref: 00BA4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00BA47C4

Strings

U, xrefs: 00BA4693

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 3e67e69b4e77a465b32157cff37ea7e4a46cfe6813176aca97ca3775dbf4cc19
Instruction ID: 0d09926c3da35a362d789e787ac76fb9331e6d5bcad8216702e6ff3ec2284211
Opcode Fuzzy Hash: 3e67e69b4e77a465b32157cff37ea7e4a46cfe6813176aca97ca3775dbf4cc19
Instruction Fuzzy Hash: DB71D031408249DFCF218F68C984ABA7BF5FF8A320F1842E9ED555A1A6C7B49C91DF50

Function 00BD359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00BD35E4

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

LoadStringW.USER32(00C32390,?,00000FFF,?), ref: 00BD360A

Strings

"%s" (%d) : ==> %s:, xrefs: 00BD3742
Line %d (File "%s"):, xrefs: 00BD366B
"%s" (%d) : ==> %s:%s%s, xrefs: 00BD3724
^ ERROR, xrefs: 00BD36C9
Error: , xrefs: 00BD36EF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 5a91b6b1a2a56e700a45a02ff256892a261427ce0b78bdfed9cc84347b8dde91
Instruction ID: 8491cd3d8cfe838364c74644932389faac0254ca149e3cc9e1e194e0e90c5011
Opcode Fuzzy Hash: 5a91b6b1a2a56e700a45a02ff256892a261427ce0b78bdfed9cc84347b8dde91
Instruction Fuzzy Hash: 73518F72800209BADF14EBA0DD42EEDBBF8EF14700F1441A5F505721A2EB345B98DFA5

Function 00BF8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

Part of subcall function 00B7912D: GetCursorPos.USER32(?), ref: 00B79141
Part of subcall function 00B7912D: ScreenToClient.USER32(00000000,?), ref: 00B7915E
Part of subcall function 00B7912D: GetAsyncKeyState.USER32(00000001), ref: 00B79183
Part of subcall function 00B7912D: GetAsyncKeyState.USER32(00000002), ref: 00B7919D

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00BF8B6B
ImageList_EndDrag.COMCTL32 ref: 00BF8B71
ReleaseCapture.USER32 ref: 00BF8B77
SetWindowTextW.USER32(?,00000000), ref: 00BF8C12
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00BF8C25
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00BF8CFF

Strings

@GUI_DRAGFILE, xrefs: 00BF8C9A
@GUI_DROPID, xrefs: 00BF8C51

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID
API String ID: 1924731296-2107944366
Opcode ID: c114223188c62740ca4a7423b3397c83f8b2f92209d0e29fac8ca24dc3ca588a
Instruction ID: 2f8258229a1a802262ed88bb276ffbc57f70d66dc9066e71ae7359653e46c215
Opcode Fuzzy Hash: c114223188c62740ca4a7423b3397c83f8b2f92209d0e29fac8ca24dc3ca588a
Instruction Fuzzy Hash: B6517B71204308AFD704DF24DD96BBA7BE4FB88750F040669FA96972E1CB749948CB62

Function 00BDC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00BDC272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BDC29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00BDC2CA
GetLastError.KERNEL32 ref: 00BDC322
SetEvent.KERNEL32(?), ref: 00BDC336
InternetCloseHandle.WININET(00000000), ref: 00BDC341

Strings

, xrefs: 00BDC2BB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 8f196d55576fafb7e670897eae903ee893fd7e53ef8b9b7b4c3c5046e0a9df96
Instruction ID: 3efc66c9eb69827050057f14b0bef1072f5dcce8d440809031c876df6ee020a5
Opcode Fuzzy Hash: 8f196d55576fafb7e670897eae903ee893fd7e53ef8b9b7b4c3c5046e0a9df96
Instruction Fuzzy Hash: 93316BB1600609AFDB21AF658988ABBBFFCEB49754B10855EF44693310EB30ED44DB64

Function 00BC989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00BA3AAF,?,?,Bad directive syntax error,00BFCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00BC98BC
LoadStringW.USER32(00000000,?,00BA3AAF,?), ref: 00BC98C3

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00BC9987

Strings

%s (%d) : ==> %s.: %s %s, xrefs: 00BC98F1
Line %d (File "%s"):, xrefs: 00BC992D
Line %d:, xrefs: 00BC9912
Error: , xrefs: 00BC9955
., xrefs: 00BC996D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 028af32b8cbf6d446da098dae3bb73f36fb323de8c702f4e1a9749007fd528ee
Instruction ID: 743e5ce878b0df147e7a0b418b0506e6ba4638a948c80711cda7375568f7982a
Opcode Fuzzy Hash: 028af32b8cbf6d446da098dae3bb73f36fb323de8c702f4e1a9749007fd528ee
Instruction Fuzzy Hash: A021803180021EABDF11EF90CC0AEFE77B9FF18700F0444A9F515620A2EB759A58DB60

Function 00BC209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00BC20AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00BC20C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00BC214D

Strings

details, xrefs: 00BC20FB
smallicons, xrefs: 00BC2115
SHELLDLL_DefView, xrefs: 00BC20CC
list, xrefs: 00BC212F
largeicons, xrefs: 00BC20E1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 76bd63e64d11535e195845196cd2637c88c1cd937fb83069e505a2472a0fb40d
Instruction ID: a3442e7a54a616f781eb62f36f1282e39662e0d8762f4e06af52822231b3a9b9
Opcode Fuzzy Hash: 76bd63e64d11535e195845196cd2637c88c1cd937fb83069e505a2472a0fb40d
Instruction Fuzzy Hash: 4411C676688717BAFA157720EC06EB777DCDF05725B2001BAFB04FA0E1EE7168419A14

Function 00B98D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d569d7e095ecfa9189968394314080498e5d56d931f76af64e254cc24438add
Instruction ID: b2aa85dac2e3af061b5ffb18d17f7ba6a7ca4622392b47d9d1a46720936c66d7
Opcode Fuzzy Hash: 8d569d7e095ecfa9189968394314080498e5d56d931f76af64e254cc24438add
Instruction Fuzzy Hash: 74C1BE75D04249AFDF11EFACC891BADBBF0AF0A310F1440E9F425A7292D7309941CB61

Function 00B9CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00B9CEB7
_free.LIBCMT ref: 00B9CF22
_free.LIBCMT ref: 00B9CF48
_free.LIBCMT ref: 00B9CF71
_free.LIBCMT ref: 00B9CFA9
_free.LIBCMT ref: 00B9CFDA
_free.LIBCMT ref: 00B9D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00B9D09C
_free.LIBCMT ref: 00B9D0B5

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 94aecd8600f8d8543518859f4c1f8f24f7bb71c524b2b906839cc76d8fc2bfd4
Instruction ID: 8e7351d4a81bbdfbbe08626227bf8c22a3db63cd793d5e8120135a86d15f4e72
Opcode Fuzzy Hash: 94aecd8600f8d8543518859f4c1f8f24f7bb71c524b2b906839cc76d8fc2bfd4
Instruction Fuzzy Hash: DC61E072A04205AFDF21AFB49891BAE7FE5EF05360F1441FDF945A7282E7329D098790

Function 00B78B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00BB6890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00BB68A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00BB68B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00BB68D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00BB68F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B78874,00000000,00000000,00000000,000000FF,00000000), ref: 00BB6901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00BB691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B78874,00000000,00000000,00000000,000000FF,00000000), ref: 00BB692D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 339bf5e69b7ac45d1be17f0c12ee32762add0f5a9142d3c51b935f2f97dd28fb
Instruction ID: 75301d2f0f70e593cb4c113fbceaea3f3e7efc9587810cf17ce7463fa9180001
Opcode Fuzzy Hash: 339bf5e69b7ac45d1be17f0c12ee32762add0f5a9142d3c51b935f2f97dd28fb
Instruction Fuzzy Hash: 08518A70600209EFDB20CF24CC95BBA7BF5EB48760F108558F95A972A0DBB1ED90DB50

Function 00BDC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00BDC182
GetLastError.KERNEL32 ref: 00BDC195
SetEvent.KERNEL32(?), ref: 00BDC1A9

Part of subcall function 00BDC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00BDC272
Part of subcall function 00BDC253: GetLastError.KERNEL32 ref: 00BDC322
Part of subcall function 00BDC253: SetEvent.KERNEL32(?), ref: 00BDC336
Part of subcall function 00BDC253: InternetCloseHandle.WININET(00000000), ref: 00BDC341

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: 303f5bbfffe902531f33a7845081d9255065a7d540cad9b9a4803c39803717da
Instruction ID: 5513cb2c31a5d7f73f52bb89bad3d47f3984a741ea2f456787b4b0d177a88380
Opcode Fuzzy Hash: 303f5bbfffe902531f33a7845081d9255065a7d540cad9b9a4803c39803717da
Instruction Fuzzy Hash: A1314771600A06AFDB219FA59D44A76FFE9FF18300B14446EF95A93710EB31E854DBA0

Function 00BC25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00BC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BC3A57
Part of subcall function 00BC3A3D: GetCurrentThreadId.KERNEL32 ref: 00BC3A5E
Part of subcall function 00BC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BC25B3), ref: 00BC3A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00BC25BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00BC25DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00BC25DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00BC25E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00BC2601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00BC2605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00BC260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00BC2623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00BC2627

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 6053fe05029f5726704e8a7c6c9ed0ad16d8df85ee582f15e889d9eb894ef6da
Instruction ID: 304151a10dfd8c92194e63de886a9292f9a94674b4f5ea51ee7696dac245cd4b
Opcode Fuzzy Hash: 6053fe05029f5726704e8a7c6c9ed0ad16d8df85ee582f15e889d9eb894ef6da
Instruction Fuzzy Hash: C801D430394214BBFB1067689C8AF693F99DF4EB12F600015F318AF0D1CDF26494CA69

Function 00BC1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00BC1449,?,?,00000000), ref: 00BC180C
HeapAlloc.KERNEL32(00000000,?,00BC1449,?,?,00000000), ref: 00BC1813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00BC1449,?,?,00000000), ref: 00BC1828
GetCurrentProcess.KERNEL32(?,00000000,?,00BC1449,?,?,00000000), ref: 00BC1830
DuplicateHandle.KERNEL32(00000000,?,00BC1449,?,?,00000000), ref: 00BC1833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00BC1449,?,?,00000000), ref: 00BC1843
GetCurrentProcess.KERNEL32(00BC1449,00000000,?,00BC1449,?,?,00000000), ref: 00BC184B
DuplicateHandle.KERNEL32(00000000,?,00BC1449,?,?,00000000), ref: 00BC184E
CreateThread.KERNEL32(00000000,00000000,00BC1874,00000000,00000000,00000000), ref: 00BC1868

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 190588a69bdee4f7d3d48346bcd83d82e356f76403443114547dd8dc268186a7
Instruction ID: 606141d915eacb2bccd0f5b83b8abfa18ebd4183ca8f91eddd1a1ff491c9a547
Opcode Fuzzy Hash: 190588a69bdee4f7d3d48346bcd83d82e356f76403443114547dd8dc268186a7
Instruction Fuzzy Hash: C901BBB5240308BFE710ABA5DD4DF6B3FACEB89B11F104411FA05EB1A2CA709950DB60

Function 00BEA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00BCD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00BCD501
Part of subcall function 00BCD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00BCD50F
Part of subcall function 00BCD4DC: CloseHandle.KERNEL32(00000000), ref: 00BCD5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00BEA16D
GetLastError.KERNEL32 ref: 00BEA180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00BEA1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00BEA268
GetLastError.KERNEL32(00000000), ref: 00BEA273
CloseHandle.KERNEL32(00000000), ref: 00BEA2C4

Strings

SeDebugPrivilege, xrefs: 00BEA18F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 13dae653b81df9085ebdedcc858f40379f29283a6b1d2bbde07399addc3296fe
Instruction ID: 7c616e683ae85e4fd78e0518455f45d9fd70f9f8df1d240a5d5ffc79d562d765
Opcode Fuzzy Hash: 13dae653b81df9085ebdedcc858f40379f29283a6b1d2bbde07399addc3296fe
Instruction Fuzzy Hash: 1C617A302042829FD710DF19C494F25BBE5AF44318F1484DCE56A9B7A3C776ED89CB92

Function 00BF3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00BF3925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00BF393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00BF3954
_wcslen.LIBCMT ref: 00BF3999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00BF39C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00BF39F4

Strings

SysListView32, xrefs: 00BF38F7

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 0159503e845be8baab70f1521e95bd95da2cea71f1dde515e835d84f88782261
Instruction ID: d049b83cc5f7e5b82a73512a447a945b8b74efa5de25825fd0a1a01bab62203e
Opcode Fuzzy Hash: 0159503e845be8baab70f1521e95bd95da2cea71f1dde515e835d84f88782261
Instruction Fuzzy Hash: 5641C231A0021CABDF219F64CC45BFA7BE9EF08750F100566FA49E7281D7B59A84CB90

Function 00BCBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BCBCFD
IsMenu.USER32(00000000), ref: 00BCBD1D
CreatePopupMenu.USER32 ref: 00BCBD53
GetMenuItemCount.USER32(011C80C0), ref: 00BCBDA4
InsertMenuItemW.USER32(011C80C0,?,00000001,00000030), ref: 00BCBDCC

Strings

2, xrefs: 00BCBD37
0, xrefs: 00BCBCA8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 2126d93e4768ef5a9ada0c9937b9dad1b23dcc45eac39a1e0d853a2d00931fbb
Instruction ID: 4e7c3768990505f8585a67135a639e6b8b64e22221766fc71f604a1dbeae0d82
Opcode Fuzzy Hash: 2126d93e4768ef5a9ada0c9937b9dad1b23dcc45eac39a1e0d853a2d00931fbb
Instruction Fuzzy Hash: 2951BC70A00209ABDB10CFA8D8C6FAEBBF8FF55314F2441ADE452EB290D7709945CB61

Function 00BCC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00BCC913

Strings

stop, xrefs: 00BCC8E4
info, xrefs: 00BCC8B4
warning, xrefs: 00BCC8FC
blank, xrefs: 00BCC895
question, xrefs: 00BCC8CC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: e20b02f3a68267f948b97e098d4b48ed905a9c0e82286c899685397f32532764
Instruction ID: ebe80c66337142715050f04b7cb591ee244a20fc2bc08b4ab48bf177b9d92e32
Opcode Fuzzy Hash: e20b02f3a68267f948b97e098d4b48ed905a9c0e82286c899685397f32532764
Instruction Fuzzy Hash: 35110D31689317BAE705AB54AC83EAB6BECDF25754B1000BEF508A62D2D7F09D409365

Function 00BCDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00BCDE42
gethostname.WSOCK32(?,00000100), ref: 00BCDE5C
gethostbyname.WSOCK32(?), ref: 00BCDE69
inet_ntoa.WSOCK32(?), ref: 00BCDEAB
_strcat.LIBCMT ref: 00BCDEB9
WSACleanup.WSOCK32 ref: 00BCDEDE

Strings

0.0.0.0, xrefs: 00BCDE87

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: b6c6ba468931c43d3f422a5b38866556932bbb8dc8dbb523b1ca337d22db52ef
Instruction ID: 667017a02837bf1d224c82395bb0f8784442a58cb6d1a5a07f982677e7756e3c
Opcode Fuzzy Hash: b6c6ba468931c43d3f422a5b38866556932bbb8dc8dbb523b1ca337d22db52ef
Instruction Fuzzy Hash: 6911D53590411AAFCB207B249C4AEEA77ECDB14711F0101FEF509970A1EF708A85CB60

Function 00BF9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

GetSystemMetrics.USER32(0000000F), ref: 00BF9FC7
GetSystemMetrics.USER32(0000000F), ref: 00BF9FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00BFA224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00BFA242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00BFA263
ShowWindow.USER32(00000003,00000000), ref: 00BFA282
InvalidateRect.USER32(?,00000000,00000001), ref: 00BFA2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 00BFA2CA

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 4463c9b604474054d3863e0cfe01bafa9965d13d91f02c9cbd180eaf879cc0c0
Instruction ID: 1a7f220199eca48cb7a02757bd77fae59af984a3dee1b9260376b0ea55e27211
Opcode Fuzzy Hash: 4463c9b604474054d3863e0cfe01bafa9965d13d91f02c9cbd180eaf879cc0c0
Instruction Fuzzy Hash: AFB18B716002199FDF18CF68C9857BE7BF2FF44701F0980A9EE49AB295D731AA44CB51

Function 00BCED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00BCED2A
_wcslen.LIBCMT ref: 00BCED3B
_wcslen.LIBCMT ref: 00BCED79
_wcslen.LIBCMT ref: 00BCEDAF
_wcslen.LIBCMT ref: 00BCEDDF
_wcslen.LIBCMT ref: 00BCEDEF
_wcslen.LIBCMT ref: 00BCEE2B
_wcslen.LIBCMT ref: 00BCEE5A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: cc29b8e023ce0fc8fff1297bba620e47201b3d98fcb793194db202c5fd376237
Instruction ID: f2bd29289de704be0bf733d6b79551ad65d479a58ca0ddfb7f38bef225dd3758
Opcode Fuzzy Hash: cc29b8e023ce0fc8fff1297bba620e47201b3d98fcb793194db202c5fd376237
Instruction Fuzzy Hash: BB418365C10119B6CB21FBB4C88AACFB7E8AF45710F5084A7E528E3172FB34D655C3A5

Function 00B7F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00BB682C,00000004,00000000,00000000), ref: 00B7F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00BB682C,00000004,00000000,00000000), ref: 00BBF3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00BB682C,00000004,00000000,00000000), ref: 00BBF454

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 76d1cc5174ab850c2e64f49eb4f4d03495febd78eb9e249f66e0cc35852c02dd
Instruction ID: dced9dd6682ce9a39781d1d660f8e1c8ddac22809183e66c86f6e5e2d71fd03b
Opcode Fuzzy Hash: 76d1cc5174ab850c2e64f49eb4f4d03495febd78eb9e249f66e0cc35852c02dd
Instruction Fuzzy Hash: 9C41F831608642BBC7399B2D8DC87BA7BD2EB56310F14C4BCE66F57660DA71E880CB15

Function 00BF2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00BF2D1B
GetDC.USER32(00000000), ref: 00BF2D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BF2D2E
ReleaseDC.USER32(00000000,00000000), ref: 00BF2D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00BF2D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00BF2D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00BF5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00BF2DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00BF2DE1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: d82331c70930a2e59056d8741134deae886f41c1d011bdb9a7dd6daa419c73c0
Instruction ID: 613d5b36c4ff6a7eea2501f5d643b411f537d021f8f459bc4b868a3e6b165938
Opcode Fuzzy Hash: d82331c70930a2e59056d8741134deae886f41c1d011bdb9a7dd6daa419c73c0
Instruction Fuzzy Hash: 91317C76201618BBEB118F50CC89FBB3FA9EB09711F044065FE08DB291CA759C95C7A0

Function 00BC5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00BC5637
_memcmp.LIBVCRUNTIME ref: 00BC5659
_memcmp.LIBVCRUNTIME ref: 00BC5671
_memcmp.LIBVCRUNTIME ref: 00BC5684
_memcmp.LIBVCRUNTIME ref: 00BC569E
_memcmp.LIBVCRUNTIME ref: 00BC56B1
_memcmp.LIBVCRUNTIME ref: 00BC56C9
_memcmp.LIBVCRUNTIME ref: 00BC56E4

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 938d8fa97ffa333bdb66455a3f433932943f92d119dfdebac5534f5312d2196b
Instruction ID: 10d0d7793e72490df4f11d1104a24b9d657e36314f92b375968173210a135cf4
Opcode Fuzzy Hash: 938d8fa97ffa333bdb66455a3f433932943f92d119dfdebac5534f5312d2196b
Instruction Fuzzy Hash: B521A761641A1A77D624AE248D82FBA33DCEF21384F4404F9FE049B591F721FD95C2A9

Function 00BE4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00BE5007
NULL Pointer assignment, xrefs: 00BE502E, 00BE5383

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: d8d41ce020985458f196b693ac8f3fde3e7a2c608e7c60064a660996300d80ac
Instruction ID: ac2fdc356ff952315e573d323f962a4986ab324afa8414d2bc5f1ec2e213f01f
Opcode Fuzzy Hash: d8d41ce020985458f196b693ac8f3fde3e7a2c608e7c60064a660996300d80ac
Instruction Fuzzy Hash: 30D1B371A0064A9FDF20CF99C881BAEB7F5FF48358F1481A9E915AB281E770DD45CB50

Function 00BA1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00BA17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00BA15CE
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00BA17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00BA1651
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00BA17FB,?,00BA17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00BA16E4
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00BA17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00BA16FB

Part of subcall function 00B93820: RtlAllocateHeap.NTDLL(00000000,?,00C31444,?,00B7FDF5,?,?,00B6A976,00000010,00C31440,00B613FC,?,00B613C6,?,00B61129), ref: 00B93852

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00BA17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00BA1777
__freea.LIBCMT ref: 00BA17A2
__freea.LIBCMT ref: 00BA17AE

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 9a23e65992c7ca0c7672f64fce822725ae70a034ad371052dd16c617fae4244f
Instruction ID: bf60ec053638ef62ee9cdbfd8ad0e1fba2925c1b3753182f89bac65c82ac3a8b
Opcode Fuzzy Hash: 9a23e65992c7ca0c7672f64fce822725ae70a034ad371052dd16c617fae4244f
Instruction Fuzzy Hash: D991C571E082169ADF648E7CC881EEE7BF5DF5A710F184AA9E802E7181DB35DD40CB60

Function 00BE4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00BE4648
VariantInit.OLEAUT32(?), ref: 00BE4749
VariantClear.OLEAUT32(?), ref: 00BE4753
VariantClear.OLEAUT32(?), ref: 00BE47B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 00BE45D8, 00BE4706, 00BE47BE
Incorrect Object type in FOR..IN loop, xrefs: 00BE472C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 1694e264ba35023b940dac3026414678cecf2d006e38336a6b6c9ceb017b233b
Instruction ID: 4784eb15f87aa7c2332968a474570f57347111e2528e92ca192fed2518548a86
Opcode Fuzzy Hash: 1694e264ba35023b940dac3026414678cecf2d006e38336a6b6c9ceb017b233b
Instruction Fuzzy Hash: 1A917F71A00259AFDF20CFA6D884FAEBBF8EF46714F108599F515AB280D7709D45CBA0

Function 00BD1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00BD125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00BD1284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00BD12A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BD12D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BD135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BD13C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00BD1430

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 05a24d38d145c4eeea7177ffc3bcddf0031e3500015e3f4f17eeeb62e54df7b4
Instruction ID: 05dcdb139bf826fc901a052c3850097aba3dd4a4eb93897ff1c4104956f300ce
Opcode Fuzzy Hash: 05a24d38d145c4eeea7177ffc3bcddf0031e3500015e3f4f17eeeb62e54df7b4
Instruction Fuzzy Hash: 5491AF71A00209AFDB009F98C885BBEB7F5FF45325F1488AAE910E7391E775A941CF94

Function 00B7948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 20f52b5242d2c8aca5a0fc8db78c598802b7526467f84aae4834beea3381aaf3
Instruction ID: 7e0f5f80849f88698f780e25daf0d9980e83fc5a7025ac35b65323ce7dfb073a
Opcode Fuzzy Hash: 20f52b5242d2c8aca5a0fc8db78c598802b7526467f84aae4834beea3381aaf3
Instruction Fuzzy Hash: 8E911571D44219EFCB10CFA9C884AEEBBF8FF89320F148595E525B7251D774AA42CB60

Function 00BE3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00BE396B
CharUpperBuffW.USER32(?,?), ref: 00BE3A7A
_wcslen.LIBCMT ref: 00BE3A8A
VariantClear.OLEAUT32(?), ref: 00BE3C1F

Part of subcall function 00BD0CDF: VariantInit.OLEAUT32(00000000), ref: 00BD0D1F
Part of subcall function 00BD0CDF: VariantCopy.OLEAUT32(?,?), ref: 00BD0D28
Part of subcall function 00BD0CDF: VariantClear.OLEAUT32(?), ref: 00BD0D34

Strings

Incorrect Parameter format, xrefs: 00BE39A6, 00BE3BA1
AUTOIT.ERROR, xrefs: 00BE3A80, 00BE3A85

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: 09504ff35b931a626e4ba75e7e40683f60ca362f8769b2f81d613029944d3f09
Instruction ID: fe477084ab3aa2942362a2812249800ce5f61d8af616535cc425329bdf147282
Opcode Fuzzy Hash: 09504ff35b931a626e4ba75e7e40683f60ca362f8769b2f81d613029944d3f09
Instruction Fuzzy Hash: 37918B746083459FC700DF29C58496AB7E4FF88714F1488AEF88A9B351DB31EE45CB92

Function 00BE4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00BC000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?,?,?,00BC035E), ref: 00BC002B
Part of subcall function 00BC000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?,?), ref: 00BC0046
Part of subcall function 00BC000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?,?), ref: 00BC0054
Part of subcall function 00BC000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?), ref: 00BC0064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00BE4C51
_wcslen.LIBCMT ref: 00BE4D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00BE4DCF
CoTaskMemFree.OLE32(?), ref: 00BE4DDA

Strings

NULL Pointer assignment, xrefs: 00BE4E23, 00BE4E52

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 6defa4a1fc88a2fd9ba0e56d4b2eb8cf282caea402dc7ea7fc74cb32c8d27545
Instruction ID: de88e52f17a56de4ae72d9372a387f2defdd04dd0f202cc3a4db50950f8bba51
Opcode Fuzzy Hash: 6defa4a1fc88a2fd9ba0e56d4b2eb8cf282caea402dc7ea7fc74cb32c8d27545
Instruction Fuzzy Hash: 49910471D0025DAFDF14DFA5D891AEEBBB8FF08300F1085A9E915A7291EB749A44CF60

Function 00BF20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00BF2183
GetMenuItemCount.USER32(00000000), ref: 00BF21B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00BF21DD
_wcslen.LIBCMT ref: 00BF2213
GetMenuItemID.USER32(?,?), ref: 00BF224D
GetSubMenu.USER32(?,?), ref: 00BF225B

Part of subcall function 00BC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BC3A57
Part of subcall function 00BC3A3D: GetCurrentThreadId.KERNEL32 ref: 00BC3A5E
Part of subcall function 00BC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BC25B3), ref: 00BC3A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00BF22E3

Part of subcall function 00BCE97B: Sleep.KERNEL32 ref: 00BCE9F3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 09653756b80da99730bc811658439a7a998666f27037494952142a2e46276f8f
Instruction ID: ddd7979de55ee07af6c4959d8520a24ef909db7ec5ba5baf360e9900f26db47a
Opcode Fuzzy Hash: 09653756b80da99730bc811658439a7a998666f27037494952142a2e46276f8f
Instruction Fuzzy Hash: 30714E75A00209AFCB14DFA4C885ABEBBF5EF48310F148499E956EB351DB34EE45CB90

Function 00BF7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(011C8020), ref: 00BF7F37
IsWindowEnabled.USER32(011C8020), ref: 00BF7F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00BF801E
SendMessageW.USER32(011C8020,000000B0,?,?), ref: 00BF8051
IsDlgButtonChecked.USER32(?,?), ref: 00BF8089
GetWindowLongW.USER32(011C8020,000000EC), ref: 00BF80AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00BF80C3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: a7082954fe187c4fa6857d1cd91af081781db5546297be8fffbd1268ca1e88ad
Instruction ID: 04d9626f55bfff08a8ae17f42585e7e823280b1daba2f402153c2301ea3bea05
Opcode Fuzzy Hash: a7082954fe187c4fa6857d1cd91af081781db5546297be8fffbd1268ca1e88ad
Instruction Fuzzy Hash: 37717D3464824DAFEB219F64C884FFABBF9EF19300F1444D9EA45972A1CF31A949DB50

Function 00BCAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00BCAEF9
GetKeyboardState.USER32(?), ref: 00BCAF0E
SetKeyboardState.USER32(?), ref: 00BCAF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00BCAF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00BCAFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00BCAFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00BCB020

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 0f44895ca20cb1f9d6363384e78c3b6732fbf3c71687d0aafb281eaf8c0448df
Instruction ID: 44dab5380b61decde1b2667889c437abb2c498baf5f7e3f75ab7e1f71d826201
Opcode Fuzzy Hash: 0f44895ca20cb1f9d6363384e78c3b6732fbf3c71687d0aafb281eaf8c0448df
Instruction Fuzzy Hash: 2F5192A06046D93DFB3652348C46FBE7EE99B06308F0885CDE1D5968C2D7A9ACC4D752

Function 00BCACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00BCAD19
GetKeyboardState.USER32(?), ref: 00BCAD2E
SetKeyboardState.USER32(?), ref: 00BCAD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00BCADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00BCADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00BCAE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00BCAE38

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 1c6fbea113725d3e65dc7c496383735b0b49fdffcc88a16578e95761a1eddf4a
Instruction ID: 4ac61b30f1aab688da738adc49e129bdf5e42709dbda6ec14ac173848e07fa56
Opcode Fuzzy Hash: 1c6fbea113725d3e65dc7c496383735b0b49fdffcc88a16578e95761a1eddf4a
Instruction Fuzzy Hash: FB51E6A15047DA3DFB3283348C85F7ABEE89B45309F0884DCE1D6968C3C694EC84D7A2

Function 00B9542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00BA3CD6,?,?,?,?,?,?,?,?,00B95BA3,?,?,00BA3CD6,?,?), ref: 00B95470
__fassign.LIBCMT ref: 00B954EB
__fassign.LIBCMT ref: 00B95506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00BA3CD6,00000005,00000000,00000000), ref: 00B9552C
WriteFile.KERNEL32(?,00BA3CD6,00000000,00B95BA3,00000000,?,?,?,?,?,?,?,?,?,00B95BA3,?), ref: 00B9554B
WriteFile.KERNEL32(?,?,00000001,00B95BA3,00000000,?,?,?,?,?,?,?,?,?,00B95BA3,?), ref: 00B95584

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 1674fec7c898b2e5c991e4f0af44a96eeac21a51c66c2ed311893efc215f128a
Instruction ID: 0a278ce0bdc047bed412c5ec7e6f9c2ae2abcb15ca8b8bf63413664988776301
Opcode Fuzzy Hash: 1674fec7c898b2e5c991e4f0af44a96eeac21a51c66c2ed311893efc215f128a
Instruction Fuzzy Hash: 9551D471A006099FDF21CFA8D885BEEBBF9EF19300F1541AAF555E7292D7309A41CB60

Function 00B82D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00B82D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00B82D53
_ValidateLocalCookies.LIBCMT ref: 00B82DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00B82E0C
_ValidateLocalCookies.LIBCMT ref: 00B82E61

Strings

csm, xrefs: 00B82DF6

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 298818f65833379b2e4e7318679e50d1d115c487f2c9566d1446ffc0b33e30c0
Instruction ID: 728a610ab9a0c00dbdf6108306ff88c35d47b9eea178f02f16bdb945ee8367be
Opcode Fuzzy Hash: 298818f65833379b2e4e7318679e50d1d115c487f2c9566d1446ffc0b33e30c0
Instruction Fuzzy Hash: 51418434A00209ABCF10EF68C885A9EBFF5FF45724F1481A5E8156B3B2D7759A15CBD0

Function 00BE10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00BE304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00BE307A
Part of subcall function 00BE304E: _wcslen.LIBCMT ref: 00BE309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00BE1112
WSAGetLastError.WSOCK32 ref: 00BE1121
WSAGetLastError.WSOCK32 ref: 00BE11C9
closesocket.WSOCK32(00000000), ref: 00BE11F9

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: bb3c34883fe33be57e19f99cae1a1b6caa95d5b657b3777c125d0268922837cf
Instruction ID: 178760ef1a448ab2add51490d1e508bf99e404e67b8e2be4be6fad29c6336f54
Opcode Fuzzy Hash: bb3c34883fe33be57e19f99cae1a1b6caa95d5b657b3777c125d0268922837cf
Instruction Fuzzy Hash: F7411A31600144AFDB109F59C884BB9BBE9FF45354F248499FD05AB291CB74ED85CBE2

Function 00BCCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BCDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BCCF22,?), ref: 00BCDDFD

Part of subcall function 00BCDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00BCCF22,?), ref: 00BCDE16

lstrcmpiW.KERNEL32(?,?), ref: 00BCCF45
MoveFileW.KERNEL32(?,?), ref: 00BCCF7F
_wcslen.LIBCMT ref: 00BCD005
_wcslen.LIBCMT ref: 00BCD01B
SHFileOperationW.SHELL32(?), ref: 00BCD061

Strings

\*.*, xrefs: 00BCCFF3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 5d61f9c1b35af916270c271e9d96351e8ad6711e2bdba58130cb1b380fc5658b
Instruction ID: 96a9312dcedbbef6d34e3d54b5aa2a3607b9f0f5da5eb45fbde109f639f702f2
Opcode Fuzzy Hash: 5d61f9c1b35af916270c271e9d96351e8ad6711e2bdba58130cb1b380fc5658b
Instruction Fuzzy Hash: 084143759052189EDF12EBA4C981FDDB7F8EF18380F0000EEE509EB141EA34A688CB50

Function 00BF2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00BF2E1C
GetWindowLongW.USER32(?,000000F0), ref: 00BF2E4F
GetWindowLongW.USER32(?,000000F0), ref: 00BF2E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00BF2EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00BF2EE0
GetWindowLongW.USER32(?,000000F0), ref: 00BF2EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00BF2F0B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 8e41bca9ddd2d1a2ececaaad011cb0d036b35b56258a52b8299bfef9a7126969
Instruction ID: 5283d219c2857174a77466762a577f6b29e53b22423390235bf35208ac44c10a
Opcode Fuzzy Hash: 8e41bca9ddd2d1a2ececaaad011cb0d036b35b56258a52b8299bfef9a7126969
Instruction Fuzzy Hash: 4031F630654258EFDB218F58DD85F793BE1EB5A720F2901A4FA00CF2B1CB71A848DB41

Function 00BC7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BC7769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BC778F
SysAllocString.OLEAUT32(00000000), ref: 00BC7792
SysAllocString.OLEAUT32(?), ref: 00BC77B0
SysFreeString.OLEAUT32(?), ref: 00BC77B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00BC77DE
SysAllocString.OLEAUT32(?), ref: 00BC77EC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 84b4c50d9c356f168822deec04645c32f570af2f404747d2116fd56a75f5ac2a
Instruction ID: 822dbbe826ae9475395a4b68bf0b75ea139edadf68f7f03b6913acaffc19c3ca
Opcode Fuzzy Hash: 84b4c50d9c356f168822deec04645c32f570af2f404747d2116fd56a75f5ac2a
Instruction Fuzzy Hash: F821B27660421DAFDB10DFA8CC88DBB77ECEB09364700806AF914DB250DA70DC85CBA4

Function 00BC77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BC7842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BC7868
SysAllocString.OLEAUT32(00000000), ref: 00BC786B
SysAllocString.OLEAUT32 ref: 00BC788C
SysFreeString.OLEAUT32 ref: 00BC7895
StringFromGUID2.OLE32(?,?,00000028), ref: 00BC78AF
SysAllocString.OLEAUT32(?), ref: 00BC78BD

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 376e0756fe6cc49499267b8f5ca5baa87273827d01d834d2abae37c5f3997697
Instruction ID: 83ffa6d2e784f7297a58d6582b2d49a25ea08bc8789b2e16b557d8f26b79dacb
Opcode Fuzzy Hash: 376e0756fe6cc49499267b8f5ca5baa87273827d01d834d2abae37c5f3997697
Instruction Fuzzy Hash: DD214735604109AFDB109FA9DC8DEBA7BECEB097607108169FA15CB2A1DE74DC41CB64

Function 00BD04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00BD04F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00BD052E

Strings

nul, xrefs: 00BD0567

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 44a3fae4aadc80ca9fe2d3e7c5e53d8e9519a81449a17f2b109b6a29f660dc8a
Instruction ID: 342fd00cc89bdbd42cacd7480db5d3186b9712561f22af3560d750a5c7c60eb9
Opcode Fuzzy Hash: 44a3fae4aadc80ca9fe2d3e7c5e53d8e9519a81449a17f2b109b6a29f660dc8a
Instruction Fuzzy Hash: 3E215175510305DBDB20AF29E885B5ABBF4EF54728F204A5AECA1D72E0E7709950DF20

Function 00BD05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00BD05C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00BD0601

Strings

nul, xrefs: 00BD0639

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 49207d3eb4eed52e4c087f90ebd99865c52a00a456db0109f904b399409a6b64
Instruction ID: 3587786f35b7ec6815b5e14d395a1af839df1fe66bc1f7fe985b89f489608e3f
Opcode Fuzzy Hash: 49207d3eb4eed52e4c087f90ebd99865c52a00a456db0109f904b399409a6b64
Instruction Fuzzy Hash: 6D2144755103059BDB20AF799C44B5AB7E4EF95724F200A9AE8A1E73D0E770D960CB10

Function 00BF40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B6600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B6604C
Part of subcall function 00B6600E: GetStockObject.GDI32(00000011), ref: 00B66060
Part of subcall function 00B6600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B6606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00BF4112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00BF411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00BF412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00BF4139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00BF4145

Strings

Msctls_Progress32, xrefs: 00BF40E3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 430d87b5db8039b733a1c62fe98d17b35f8ac72e2d0627e2df1395276f91d410
Instruction ID: 05421f643ad82d52a49812f3a427ac5dbf58bfa20cd516cf30d69e4c86a24ba2
Opcode Fuzzy Hash: 430d87b5db8039b733a1c62fe98d17b35f8ac72e2d0627e2df1395276f91d410
Instruction Fuzzy Hash: B2118EB215021DBEEF118E64CC85EE77F9DEF08798F014110BB18A7090CB729C61DBA4

Function 00B9D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00B9D7A3: _free.LIBCMT ref: 00B9D7CC

_free.LIBCMT ref: 00B9D82D

Part of subcall function 00B929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000), ref: 00B929DE
Part of subcall function 00B929C8: GetLastError.KERNEL32(00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000,00000000), ref: 00B929F0

_free.LIBCMT ref: 00B9D838
_free.LIBCMT ref: 00B9D843
_free.LIBCMT ref: 00B9D897
_free.LIBCMT ref: 00B9D8A2
_free.LIBCMT ref: 00B9D8AD
_free.LIBCMT ref: 00B9D8B8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: 92cd939704d49c68216578c674035423cf9d4060196888192ea6c8844692a1be
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 33112B71940B04BADE21FFF1CC47FCB7BDCAF04700F4148B5B29DA6592DA69B90586A0

Function 00BCDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00BCDA74
LoadStringW.USER32(00000000), ref: 00BCDA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00BCDA91
LoadStringW.USER32(00000000), ref: 00BCDA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00BCDADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00BCDAB9

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 138e56dbda104e7ee105c574f21f29be7fe1050a26865bbd4532e1fd39b84ae5
Instruction ID: 644244fd1f52abecd460ef13b69c2c8a6f4b70d819f95df686f9875255324ff5
Opcode Fuzzy Hash: 138e56dbda104e7ee105c574f21f29be7fe1050a26865bbd4532e1fd39b84ae5
Instruction Fuzzy Hash: 880162F650020C7FE750ABA49E89EF7766CE708701F4004A5B746E3041EA749EC48F74

Function 00BD096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(011C15D8,011C15D8), ref: 00BD097B
EnterCriticalSection.KERNEL32(011C15B8,00000000), ref: 00BD098D
TerminateThread.KERNEL32(?,000001F6), ref: 00BD099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00BD09A9
CloseHandle.KERNEL32(?), ref: 00BD09B8
InterlockedExchange.KERNEL32(011C15D8,000001F6), ref: 00BD09C8
LeaveCriticalSection.KERNEL32(011C15B8), ref: 00BD09CF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: c595e68e132ce3e507036ecb0f50c8b340c8c6451729c17a28b8845f472e66bb
Instruction ID: e6b52668b84aa7a284f2734b90cb95db28f99b3390085713a84c6fef983a6f9b
Opcode Fuzzy Hash: c595e68e132ce3e507036ecb0f50c8b340c8c6451729c17a28b8845f472e66bb
Instruction Fuzzy Hash: 84F01D31442506ABD7415B94EF88BE6BA25FF01702F501016F101928A0DB7494A5DF90

Function 00BE1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00BE1DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00BE1DE1
WSAGetLastError.WSOCK32 ref: 00BE1DF2
htons.WSOCK32(?,?,?,?,?), ref: 00BE1EDB
inet_ntoa.WSOCK32(?), ref: 00BE1E8C

Part of subcall function 00BC39E8: _strlen.LIBCMT ref: 00BC39F2

Part of subcall function 00BE3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00BDEC0C), ref: 00BE3240

_strlen.LIBCMT ref: 00BE1F35

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
String ID:
API String ID: 3203458085-0
Opcode ID: 45e653bf31c5a2109bb9a9ae37dbff1709f689097f5aebdfa1a861bd1c909306
Instruction ID: c1067ec90bcf36aa480a64769bf376ff3ada06823b6363ed119b609cc2de4ad9
Opcode Fuzzy Hash: 45e653bf31c5a2109bb9a9ae37dbff1709f689097f5aebdfa1a861bd1c909306
Instruction Fuzzy Hash: C4B1B231204380AFC324DF29C895E2A7BE5EF84318F64899CF4569B2E2DB71ED45CB91

Function 00B65D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00B65D30
GetWindowRect.USER32(?,?), ref: 00B65D71
ScreenToClient.USER32(?,?), ref: 00B65D99
GetClientRect.USER32(?,?), ref: 00B65ED7
GetWindowRect.USER32(?,?), ref: 00B65EF8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 6a58de99e7ba4e720471cf613b1d6e4d21ad30164529f388395ca975073bd219
Instruction ID: e098f947d25a4f1485226cc08f9921528fedaae72109c9d756d527279d0251f7
Opcode Fuzzy Hash: 6a58de99e7ba4e720471cf613b1d6e4d21ad30164529f388395ca975073bd219
Instruction Fuzzy Hash: 3BB17A34A0464ADFDB20CFA8C4807EEB7F1FF58310F14845AE8A9D7250DB78AA61DB50

Function 00B901B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00B900BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B900D6
__allrem.LIBCMT ref: 00B900ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B9010B
__allrem.LIBCMT ref: 00B90122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B90140

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction ID: c7a4d79a12cd9cddd16cb0ee4c1e0667e016db6e5ee0e07ef3345d6209432145
Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
Instruction Fuzzy Hash: 6181E572A017169FEB24BF68CC81B6BB3E9EF41724F2445BAF551D6291E770D900CB90

Function 00B961FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00B882D9,00B882D9,?,?,?,00B9644F,00000001,00000001,8BE85006), ref: 00B96258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00B9644F,00000001,00000001,8BE85006,?,?,?), ref: 00B962DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00B963D8
__freea.LIBCMT ref: 00B963E5

Part of subcall function 00B93820: RtlAllocateHeap.NTDLL(00000000,?,00C31444,?,00B7FDF5,?,?,00B6A976,00000010,00C31440,00B613FC,?,00B613C6,?,00B61129), ref: 00B93852

__freea.LIBCMT ref: 00B963EE
__freea.LIBCMT ref: 00B96413

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 3e503fa73bdb211c55b68cdbdf18da1dbe0a2f157913ab0ca7e1eccc259fc775
Instruction ID: ea4978aee00d3f5a66997484be552d2524c8bfe2efb2833054e53c7826f36015
Opcode Fuzzy Hash: 3e503fa73bdb211c55b68cdbdf18da1dbe0a2f157913ab0ca7e1eccc259fc775
Instruction Fuzzy Hash: A451CF72A04216ABEF268F68CC81EAF7BE9EB44750F1546B9F805D7140EB34DC50D664

Function 00BEBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BEB6AE,?,?), ref: 00BEC9B5
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BEC9F1
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BECA68
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BEBCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00BEBD25
RegCloseKey.ADVAPI32(00000000), ref: 00BEBD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00BEBD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00BEBDF3
RegCloseKey.ADVAPI32(?), ref: 00BEBDFF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 7cf7b3718f60e57e3a0b0cf4645867c2c9c4b4216c38e858d3313ca61fd98ff3
Instruction ID: a16a8b3298521ecb86673f712827c83a6546bfe9b57734365195ddd9200e5bd6
Opcode Fuzzy Hash: 7cf7b3718f60e57e3a0b0cf4645867c2c9c4b4216c38e858d3313ca61fd98ff3
Instruction Fuzzy Hash: D3816F31118241AFD714DF25C895E2BBBE5FF84308F1489ACF55A4B2A2DB31ED45CB92

Function 00BBF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00BBF7B9
SysAllocString.OLEAUT32(00000001), ref: 00BBF860
VariantCopy.OLEAUT32(00BBFA64,00000000), ref: 00BBF889
VariantClear.OLEAUT32(00BBFA64), ref: 00BBF8AD
VariantCopy.OLEAUT32(00BBFA64,00000000), ref: 00BBF8B1
VariantClear.OLEAUT32(?), ref: 00BBF8BB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: d0a07fe738af5b72af6e5569b00fe814cd3ef2d3ab714ad4d06e9d4742cfc5b1
Instruction ID: dde9eef3057df425278935626b781da9cf32d06906812d368c6e3b19ca9abbc3
Opcode Fuzzy Hash: d0a07fe738af5b72af6e5569b00fe814cd3ef2d3ab714ad4d06e9d4742cfc5b1
Instruction Fuzzy Hash: E6519E31600312BBCF24AB65DC95BB9B3E8EF45710B2494F7E906DF291DAB08C40CB96

Function 00BD910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00B67620: _wcslen.LIBCMT ref: 00B67625

Part of subcall function 00B66B57: _wcslen.LIBCMT ref: 00B66B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00BD94E5
_wcslen.LIBCMT ref: 00BD9506
_wcslen.LIBCMT ref: 00BD952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00BD9585

Strings

X, xrefs: 00BD9412

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 6ee55181d32184f070ab26422dfc47c53ddf2e425438129bbf44da9809148f56
Instruction ID: 584c3c7a00f78273f104e760d8b5fcb326d78d65d90af0731ca50cc3a25b8b07
Opcode Fuzzy Hash: 6ee55181d32184f070ab26422dfc47c53ddf2e425438129bbf44da9809148f56
Instruction Fuzzy Hash: 25E1A2315043009FD724EF24C881A6AB7E4FF95314F1489AEF8999B3A2EB31DD45CB92

Function 00B7920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

BeginPaint.USER32(?,?,?), ref: 00B79241
GetWindowRect.USER32(?,?), ref: 00B792A5
ScreenToClient.USER32(?,?), ref: 00B792C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00B792D3
EndPaint.USER32(?,?,?,?,?), ref: 00B79321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00BB71EA

Part of subcall function 00B79339: BeginPath.GDI32(00000000), ref: 00B79357

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 3d322bc52137260b679e7604c641a8a3d31ff6d2a727a39541148276263cbe29
Instruction ID: 7d86c8ae4e42f309bfd45307eb9c9f27d410ebf6ade2e62de31476b87927a25b
Opcode Fuzzy Hash: 3d322bc52137260b679e7604c641a8a3d31ff6d2a727a39541148276263cbe29
Instruction Fuzzy Hash: FA41AD70108300AFD710DF28DC84FBA7BE8EF85320F1442A9F9A9972A2CB719845DB61

Function 00BD07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00BD080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00BD0847
EnterCriticalSection.KERNEL32(?), ref: 00BD0863
LeaveCriticalSection.KERNEL32(?), ref: 00BD08DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00BD08F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00BD0921

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: e6d45c356c1eabe7529ce67c4ffe622ddb03ef1a66fb4ef881d43215ee2f5274
Instruction ID: 9db1c0a9fbf72fcb768f456900bb8eb1392b3fd88f20d8c9afd803c623774bc1
Opcode Fuzzy Hash: e6d45c356c1eabe7529ce67c4ffe622ddb03ef1a66fb4ef881d43215ee2f5274
Instruction Fuzzy Hash: 17417C71910205EBDF14AF54DC85B6ABBB8FF04300F1480A5ED04AB297EB31DE65DBA4

Function 00BF81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00BBF3AB,00000000,?,?,00000000,?,00BB682C,00000004,00000000,00000000), ref: 00BF824C
EnableWindow.USER32(?,00000000), ref: 00BF8272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00BF82D1
ShowWindow.USER32(?,00000004), ref: 00BF82E5
EnableWindow.USER32(?,00000001), ref: 00BF830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00BF832F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: db0b944bde3579417e84244d78c08606f022c8f7999c88ad9192916f89449613
Instruction ID: 515ab2914329974fea48a7b2ff0ce42810cccc390e0771bb2fe8b574a935e470
Opcode Fuzzy Hash: db0b944bde3579417e84244d78c08606f022c8f7999c88ad9192916f89449613
Instruction Fuzzy Hash: F9413234601648EFDB16CF15D999BF87BE1FB4A714F1841A9EA084B272CB31A849CF54

Function 00BC4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00BC4C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00BC4CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00BC4CEA
_wcslen.LIBCMT ref: 00BC4D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00BC4D10
_wcsstr.LIBVCRUNTIME ref: 00BC4D1A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: d665ec74ff4285a5bb99df9253ca96f12032f7fcb7a60fb7ba6a2316e144ad64
Instruction ID: 2c63171db84ee437f95b903624d8dee3750b38071dbefdd816830d5d77d28236
Opcode Fuzzy Hash: d665ec74ff4285a5bb99df9253ca96f12032f7fcb7a60fb7ba6a2316e144ad64
Instruction Fuzzy Hash: 3421C5326042057BEB256B299D59F7B7BE8DF45750F1080BDF80ACB1A1EB61DD40D6A0

Function 00BD581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00B63AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B63A97,?,?,00B62E7F,?,?,?,00000000), ref: 00B63AC2

_wcslen.LIBCMT ref: 00BD587B
CoInitialize.OLE32(00000000), ref: 00BD5995
CoCreateInstance.OLE32(00BFFCF8,00000000,00000001,00BFFB68,?), ref: 00BD59AE
CoUninitialize.OLE32 ref: 00BD59CC

Strings

.lnk, xrefs: 00BD5876, 00BD58C1, 00BD5985

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: 0bc86a027a8cf54faaffde3444f2545e9efc12f2a6d729f3303af093f9abdc6f
Instruction ID: a3ee5d9709c4a83cf9aceb63a00e9f42b3d97be1b823ca1c2d6c8a1d7061d08f
Opcode Fuzzy Hash: 0bc86a027a8cf54faaffde3444f2545e9efc12f2a6d729f3303af093f9abdc6f
Instruction Fuzzy Hash: CDD154716047019FC724DF24C490A2AFBE5EF89714F14889EF88A9B361EB35EC45CB92

Function 00BC175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00BC0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00BC0FCA
Part of subcall function 00BC0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00BC0FD6
Part of subcall function 00BC0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00BC0FE5
Part of subcall function 00BC0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00BC0FEC
Part of subcall function 00BC0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00BC1002

GetLengthSid.ADVAPI32(?,00000000,00BC1335), ref: 00BC17AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00BC17BA
HeapAlloc.KERNEL32(00000000), ref: 00BC17C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00BC17DA
GetProcessHeap.KERNEL32(00000000,00000000,00BC1335), ref: 00BC17EE
HeapFree.KERNEL32(00000000), ref: 00BC17F5

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 7a0bac7c0c966abb5cbd259a161d76c912078d5fe6f40f6caf718aed1f615309
Instruction ID: 4e0b49b38e720cc359cd8a23dce4f66657bd9b27626dde9761a68ec64a3cc5c2
Opcode Fuzzy Hash: 7a0bac7c0c966abb5cbd259a161d76c912078d5fe6f40f6caf718aed1f615309
Instruction Fuzzy Hash: 10118C71500209EFDB109FA8CD49FAE7BE9EF42355F10485DE441A7211CB359D95CB60

Function 00BC14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00BC14FF
OpenProcessToken.ADVAPI32(00000000), ref: 00BC1506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00BC1515
CloseHandle.KERNEL32(00000004), ref: 00BC1520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00BC154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00BC1563

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: b31095102a73a5da545ff9d438654744a7f795b3effcc9d9ac27af2a8db7aa99
Instruction ID: 130f9bef2bc3f02b651f40dd5428dda9b7566cdcacc9cc889831d1bd6a213091
Opcode Fuzzy Hash: b31095102a73a5da545ff9d438654744a7f795b3effcc9d9ac27af2a8db7aa99
Instruction Fuzzy Hash: 6D11597250020DABDF11CFA8DE49FEE7BA9EF49744F044058FA05A2160C771CEA5EB60

Function 00B83382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00B83379,00B82FE5), ref: 00B83390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B8339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B833B7
SetLastError.KERNEL32(00000000,?,00B83379,00B82FE5), ref: 00B83409

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 0d25e61c4b57a033284fe3e44e08a692f9a234869d8179054a229a6ece3e2b97
Instruction ID: d0e2358e1caa019ecfcc505d96e39735c58ea9f8761cb98bb1ac4c60f0ab9cc8
Opcode Fuzzy Hash: 0d25e61c4b57a033284fe3e44e08a692f9a234869d8179054a229a6ece3e2b97
Instruction Fuzzy Hash: 3601D43261D311BEAA2537B8BCC5B6E2AD4EB05F7972002A9F410822F1EF114E02D788

Function 00B92D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00B95686,00BA3CD6,?,00000000,?,00B95B6A,?,?,?,?,?,00B8E6D1,?,00C28A48), ref: 00B92D78
_free.LIBCMT ref: 00B92DAB
_free.LIBCMT ref: 00B92DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00B8E6D1,?,00C28A48,00000010,00B64F4A,?,?,00000000,00BA3CD6), ref: 00B92DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00B8E6D1,?,00C28A48,00000010,00B64F4A,?,?,00000000,00BA3CD6), ref: 00B92DEC
_abort.LIBCMT ref: 00B92DF2

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 9d7a26ec4ce2a9c8cf7cd71bfbe724c21fbfdf58ecec14dd0bc32caaf3a01737
Instruction ID: 9b5849caaac8cd4e276f359096ef2949949d83b9e82681affa0352a4513cc1dd
Opcode Fuzzy Hash: 9d7a26ec4ce2a9c8cf7cd71bfbe724c21fbfdf58ecec14dd0bc32caaf3a01737
Instruction Fuzzy Hash: 56F0A436D0560037CE226738AC46F2E29E9EFC27A1F2505B9F824932A2EE34884241A0

Function 00BF8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00B79639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B79693
Part of subcall function 00B79639: SelectObject.GDI32(?,00000000), ref: 00B796A2
Part of subcall function 00B79639: BeginPath.GDI32(?), ref: 00B796B9
Part of subcall function 00B79639: SelectObject.GDI32(?,00000000), ref: 00B796E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00BF8A4E
LineTo.GDI32(?,00000003,00000000), ref: 00BF8A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00BF8A70
LineTo.GDI32(?,00000000,00000003), ref: 00BF8A80
EndPath.GDI32(?), ref: 00BF8A90
StrokePath.GDI32(?), ref: 00BF8AA0

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 78bf04cc8f7ce7ec9003ccabc6fa8e9e3effc5c792bb9130602c6aa0aae12700
Instruction ID: a4f0c500e77750c55e7ce9d60acc84c35834f009bc996b8f0f842d0217b79591
Opcode Fuzzy Hash: 78bf04cc8f7ce7ec9003ccabc6fa8e9e3effc5c792bb9130602c6aa0aae12700
Instruction Fuzzy Hash: 1E11C97600010DFFDB129F94DD88FAA7FADEB08354F048052BA199B1A1DB719D95DBA0

Function 00BC51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00BC5218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00BC5229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BC5230
ReleaseDC.USER32(00000000,00000000), ref: 00BC5238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00BC524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00BC5261

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 5f04c63ee24f6239d48db4e1521d1f1a710b76d5f55b84ee21d9cac9dc18eabf
Instruction ID: 12390649eb028f6a91a75c3d3eef5b661f1fb75106c8442db70dc2c8f1d382ab
Opcode Fuzzy Hash: 5f04c63ee24f6239d48db4e1521d1f1a710b76d5f55b84ee21d9cac9dc18eabf
Instruction Fuzzy Hash: 9C018F75A00708BBEB109BA59D49F6EBFB8EB48351F044065FA04EB380DA709850CBA0

Function 00B61BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00B61BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00B61BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00B61C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00B61C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00B61C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00B61C22

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: f0f65917348a286a9d721dca1227baca62466f0b9dc45aa6a7076a32fe05225d
Instruction ID: e7ec3db64bf007369be1484dda33aed18ca5ecd60fb317313d04a77bc7b2ed6a
Opcode Fuzzy Hash: f0f65917348a286a9d721dca1227baca62466f0b9dc45aa6a7076a32fe05225d
Instruction Fuzzy Hash: D5016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5

Function 00BCEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00BCEB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00BCEB46
GetWindowThreadProcessId.USER32(?,?), ref: 00BCEB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BCEB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BCEB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BCEB75

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 1cb417ab88f70b97c87315c1c40cc94aba8d91c8224abc4f0a118cc41a8fe71b
Instruction ID: fb9115e4b6dc9fa0d6b187e19d71a22c91b993787f9eb2de9eb7c11bdd7d950d
Opcode Fuzzy Hash: 1cb417ab88f70b97c87315c1c40cc94aba8d91c8224abc4f0a118cc41a8fe71b
Instruction Fuzzy Hash: 49F01772240158BBE7215B629D0EEFB3E7CEFCAB11F000158F611E30919BA05A41D6B5

Function 00BB7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00BB7452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00BB7469
GetWindowDC.USER32(?), ref: 00BB7475
GetPixel.GDI32(00000000,?,?), ref: 00BB7484
ReleaseDC.USER32(?,00000000), ref: 00BB7496
GetSysColor.USER32(00000005), ref: 00BB74B0

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 3e7ea766de640aa8ed81f92d89451bcb9db2bf8946fdd86c87026cfc1f5e26b1
Instruction ID: 70aac4c39f47842a9a5437f909f4ca8c252afc03c7aeaa1e930484fb1075ca58
Opcode Fuzzy Hash: 3e7ea766de640aa8ed81f92d89451bcb9db2bf8946fdd86c87026cfc1f5e26b1
Instruction Fuzzy Hash: 08014031404209EFEB505BA4DE09BBA7EB5FB04322F2400A0E926A32A0CF311E91EB10

Function 00BC1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BC187F
UnloadUserProfile.USERENV(?,?), ref: 00BC188B
CloseHandle.KERNEL32(?), ref: 00BC1894
CloseHandle.KERNEL32(?), ref: 00BC189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00BC18A5
HeapFree.KERNEL32(00000000), ref: 00BC18AC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 5b8cd7b2282abcf9d9b55b85b60f92b3e93368151b2af008d33e6ba6d73bcb2c
Instruction ID: a9d707b0d2b30bf5ac819f359464e056480c78b574b2bf929c7154cf26a746fd
Opcode Fuzzy Hash: 5b8cd7b2282abcf9d9b55b85b60f92b3e93368151b2af008d33e6ba6d73bcb2c
Instruction Fuzzy Hash: 7DE0C236004109BBDA016BA1EE0CD1ABF29FF49B22B108220F22593070CF3294B0EB50

Function 00BCC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B67620: _wcslen.LIBCMT ref: 00B67625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BCC6EE
_wcslen.LIBCMT ref: 00BCC735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BCC79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00BCC7CA

Strings

0, xrefs: 00BCC6AF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: eaeaf13d4cc5350e7b3cda707562fae02343291305c06b12c763e53f4bb63ea5
Instruction ID: 0fa090313945fc4dfd1c7dde76c8d17c3c6360e14bb3786779de5da33e15dfa2
Opcode Fuzzy Hash: eaeaf13d4cc5350e7b3cda707562fae02343291305c06b12c763e53f4bb63ea5
Instruction Fuzzy Hash: D551BE716143019BD7119F28C985F6BBBE4EB69310F080AAEF999D31A0DB74DD04CB56

Function 00BEAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00BEAEA3

Part of subcall function 00B67620: _wcslen.LIBCMT ref: 00B67625

GetProcessId.KERNEL32(00000000), ref: 00BEAF38
CloseHandle.KERNEL32(00000000), ref: 00BEAF67

Strings

@, xrefs: 00BEAE72
<, xrefs: 00BEAE6B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: ddc061c55f8f6a260edd7a88628b792646326bc73af6d907e5a04a4e5ec35c05
Instruction ID: ddec7bcabedff63ca9ecce53857f19a07013b881a314e2686aa5939d9e327e96
Opcode Fuzzy Hash: ddc061c55f8f6a260edd7a88628b792646326bc73af6d907e5a04a4e5ec35c05
Instruction Fuzzy Hash: 59715670A00259DFCB14EF55C494A9EBBF4FF08314F148499E81AAB3A2CB74ED45CB91

Function 00BC719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00BC7206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00BC723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00BC724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00BC72CF

Strings

DllGetClassObject, xrefs: 00BC7242

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: c797d73879f708d6ac1b41da0c128a1c28d2b321324fb9322b4397f591c095f7
Instruction ID: 212bc71b234119c132469deefe61589ad35dc7d2369b277f7d638a7480410086
Opcode Fuzzy Hash: c797d73879f708d6ac1b41da0c128a1c28d2b321324fb9322b4397f591c095f7
Instruction Fuzzy Hash: 6D411A71A44204AFDB15CF54C984FAA7BE9EF45310B2480ADBD099F20ADBB1DA45CFA0

Function 00BF3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BF3E35
IsMenu.USER32(?), ref: 00BF3E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00BF3E92
DrawMenuBar.USER32 ref: 00BF3EA5

Strings

0, xrefs: 00BF3D89

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 5d65b27fff5db33f3b56fad76d58d20dd0845f8670274fb1c807e107055e31f8
Instruction ID: 099920541fdd8f7566eaa677b0b17bc342731ab6ed43834f63ac86a7688e3257
Opcode Fuzzy Hash: 5d65b27fff5db33f3b56fad76d58d20dd0845f8670274fb1c807e107055e31f8
Instruction Fuzzy Hash: DC412475A1120DEFDF10DF60D884AEABBF9FF48764F0441A9EA05A7250D730AE49CB60

Function 00BC1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BC3CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00BC1E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00BC1E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00BC1EA9

Part of subcall function 00B66B57: _wcslen.LIBCMT ref: 00B66B6A

Strings

ComboBox, xrefs: 00BC1DF0
ListBox, xrefs: 00BC1E25

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: c91b4a2dc3567e1dbbbe312eb16c80c000bdc215374e6f13208eb62ffb4791bb
Instruction ID: a85e5f4f829e58b650c2d12a6f94db08c946ab4b2b9efa15d6ccd132cb3bebfe
Opcode Fuzzy Hash: c91b4a2dc3567e1dbbbe312eb16c80c000bdc215374e6f13208eb62ffb4791bb
Instruction Fuzzy Hash: 6C213571A00109BBDB14AB68DD46DFFBBF8DF46350B1485ADF825E31E2DB38494AC620

Function 00BF2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00BF2F8D
LoadLibraryW.KERNEL32(?), ref: 00BF2F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00BF2FA9
DestroyWindow.USER32(?), ref: 00BF2FB1

Strings

SysAnimate32, xrefs: 00BF2F68

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: 6034d1f6c542770ac4193e8bb5f04b981f61065badb8f7d509cfc4832cde167d
Instruction ID: 382ad4b961e5294a09213c52082f864c75dc6c5e3272bf45d15c21c246e04562
Opcode Fuzzy Hash: 6034d1f6c542770ac4193e8bb5f04b981f61065badb8f7d509cfc4832cde167d
Instruction Fuzzy Hash: 2721977222420AABEB104FA4DC80EBB37F9EB69364F104668FA50D31A0D771DC959760

Function 00B84D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00B84D1E,00B928E9,?,00B84CBE,00B928E9,00C288B8,0000000C,00B84E15,00B928E9,00000002), ref: 00B84D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B84DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00B84D1E,00B928E9,?,00B84CBE,00B928E9,00C288B8,0000000C,00B84E15,00B928E9,00000002,00000000), ref: 00B84DC3

Strings

CorExitProcess, xrefs: 00B84D98
mscoree.dll, xrefs: 00B84D86

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 4c58a28c722a5ccbffa1faf875c6c25a8ab1ceaf6dd2c3e25eaa41fb45a62465
Instruction ID: 7985d461c7e29fb880a7633de9cce7ee5cbea796bffa3bfaff8a75aeb089338d
Opcode Fuzzy Hash: 4c58a28c722a5ccbffa1faf875c6c25a8ab1ceaf6dd2c3e25eaa41fb45a62465
Instruction Fuzzy Hash: B4F03C34A40219ABDB11AB94DD49BAEBFF5EF44751F0000A4A809A36A0CF745E94CB91

Function 00B64E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B64EDD,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00B64EAE
FreeLibrary.KERNEL32(00000000,?,?,00B64EDD,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64EC0

Strings

kernel32.dll, xrefs: 00B64E94
Wow64DisableWow64FsRedirection, xrefs: 00B64EA8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: d77d8c085f3bcca413307422f9e50021e30f2b33103bc6a9a171fbe987f62046
Instruction ID: 04bb6d0d7d370203b3e571386688a4f5af7010cfa1fac1893f1aadaaed79cadb
Opcode Fuzzy Hash: d77d8c085f3bcca413307422f9e50021e30f2b33103bc6a9a171fbe987f62046
Instruction Fuzzy Hash: 09E0CD35E019365BD23117257D18B7F69D4EF81F627050165FD04F3111DF68CE45C4A0

Function 00B64E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00BA3CDE,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00B64E74
FreeLibrary.KERNEL32(00000000,?,?,00BA3CDE,?,00C31418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00B64E87

Strings

Wow64RevertWow64FsRedirection, xrefs: 00B64E6E
kernel32.dll, xrefs: 00B64E5B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 657966b4e0b9391d8d7dd75778a5639409031f19dc425a0a7e956a67133886c6
Instruction ID: 45dffb9b90085b16ba97048670ef24e25219371248e47046fb9115fd399583db
Opcode Fuzzy Hash: 657966b4e0b9391d8d7dd75778a5639409031f19dc425a0a7e956a67133886c6
Instruction Fuzzy Hash: C7D0C239502A365B46221B247C08EAB6E58EF81B113050161B904B3110CF29CE52C1D0

Function 00BD2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BD2C05
DeleteFileW.KERNEL32(?), ref: 00BD2C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00BD2C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BD2CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BD2CC0

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 9e1c9455d75ddce2ab29482b2e1fd6fd42b422637e5f11f95cf7ac7431f2ddc6
Instruction ID: 06b4200732f028a7c8d19594177911e6bc17313dc5ee00d6cd9bd35ac5abf4bb
Opcode Fuzzy Hash: 9e1c9455d75ddce2ab29482b2e1fd6fd42b422637e5f11f95cf7ac7431f2ddc6
Instruction Fuzzy Hash: 21B13C71D00119ABDF21EBA4CC85EEEBBBDEF59350F1040E6F909A7251EA349E44CB61

Function 00BEA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00BEA427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00BEA435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00BEA468
CloseHandle.KERNEL32(?), ref: 00BEA63D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 5db81f2584335130130db937ff5c9321dcf91e40e1bf5eebf0a06be1fb20bd3c
Instruction ID: b4d22cbb12453d829f53fa9c8f11ca24eb3cb4e312b159805aaf30972bb2d28b
Opcode Fuzzy Hash: 5db81f2584335130130db937ff5c9321dcf91e40e1bf5eebf0a06be1fb20bd3c
Instruction Fuzzy Hash: 9EA18E71604340AFD720DF25C886F2AB7E5AF84714F14889DF59A9B392DBB4EC41CB92

Function 00B9BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00C03700), ref: 00B9BB91
WideCharToMultiByte.KERNEL32(00000000,00000000,00C3121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B9BC09
WideCharToMultiByte.KERNEL32(00000000,00000000,00C31270,000000FF,?,0000003F,00000000,?), ref: 00B9BC36
_free.LIBCMT ref: 00B9BB7F

Part of subcall function 00B929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000), ref: 00B929DE
Part of subcall function 00B929C8: GetLastError.KERNEL32(00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000,00000000), ref: 00B929F0

_free.LIBCMT ref: 00B9BD4B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: 3aafa2ece81c14385a96bffed8f9f0e87bd9a497c8fc7296f98dfec903819835
Instruction ID: 8736192072a22797bec6001265404353bff8d1ac24bcde561532392f151a6a47
Opcode Fuzzy Hash: 3aafa2ece81c14385a96bffed8f9f0e87bd9a497c8fc7296f98dfec903819835
Instruction Fuzzy Hash: F751CA71904209AFCF14EF65AE81EAEB7F8EF44360B1442FAE454D71A1DB709E41C790

Function 00BCE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BCDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BCCF22,?), ref: 00BCDDFD

Part of subcall function 00BCDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00BCCF22,?), ref: 00BCDE16

Part of subcall function 00BCE199: GetFileAttributesW.KERNEL32(?,00BCCF95), ref: 00BCE19A

lstrcmpiW.KERNEL32(?,?), ref: 00BCE473
MoveFileW.KERNEL32(?,?), ref: 00BCE4AC
_wcslen.LIBCMT ref: 00BCE5EB
_wcslen.LIBCMT ref: 00BCE603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00BCE650

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 143d765cb7846b330ad04736f1e3a607c28e5951ada430c1ac29dbb5a26b9db1
Instruction ID: b09171b5480c546f82863b7ba67dbc14c80fac2e78afc5afaeba31addfd6922a
Opcode Fuzzy Hash: 143d765cb7846b330ad04736f1e3a607c28e5951ada430c1ac29dbb5a26b9db1
Instruction Fuzzy Hash: 46514FB24087459BC724EB90D881EDFB7ECEF94340F00496EF59993191EE74E688CB66

Function 00BEB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BEC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BEB6AE,?,?), ref: 00BEC9B5
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BEC9F1
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BECA68
Part of subcall function 00BEC998: _wcslen.LIBCMT ref: 00BECA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BEBAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00BEBB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00BEBB63
RegCloseKey.ADVAPI32(?,?), ref: 00BEBBA6
RegCloseKey.ADVAPI32(00000000), ref: 00BEBBB3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 347f532e24463c481a67deb9dace676a55c364d769326daec6b0936bf4a00fee
Instruction ID: 9fa35ac41d19b13a34fbaaea0ac02d3e34490cb526495f10b8069032d1dfea74
Opcode Fuzzy Hash: 347f532e24463c481a67deb9dace676a55c364d769326daec6b0936bf4a00fee
Instruction Fuzzy Hash: 25618131208241AFD714DF25C890E2BBBE5FF84348F5495ACF4998B2A2DB35ED45CB92

Function 00BC8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00BC8BCD
VariantClear.OLEAUT32 ref: 00BC8C3E
VariantClear.OLEAUT32 ref: 00BC8C9D
VariantClear.OLEAUT32(?), ref: 00BC8D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00BC8D3B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: ea2f38f77451a6e484b91f11472ea0c620b94ac91a57ea151065f53377315a84
Instruction ID: 257a24d76785055fa94d7b2b900574b8a7f99b29993b93b253bc904a12c619f2
Opcode Fuzzy Hash: ea2f38f77451a6e484b91f11472ea0c620b94ac91a57ea151065f53377315a84
Instruction Fuzzy Hash: B0515BB5A00219EFCB14CF58D894EAABBF5FF89310B15856DE906DB350E730E911CB90

Function 00BD8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00BD8BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00BD8BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00BD8C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00BD8C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00BD8C5F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 64180707480563fc552a38447a120931d47092e22dc3f63d0ac2ad4354d313f7
Instruction ID: 7a6acc52a455250e220334d9d30c85e5c854eb337b498718bf04898a9b7a85c4
Opcode Fuzzy Hash: 64180707480563fc552a38447a120931d47092e22dc3f63d0ac2ad4354d313f7
Instruction Fuzzy Hash: 3A515A35A10219EFCB05DF64C880A6DBBF5FF48314F088099E84AAB362DB35ED51CB90

Function 00BE8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00BE8F40
GetProcAddress.KERNEL32(00000000,?), ref: 00BE8FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00BE8FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00BE9032
FreeLibrary.KERNEL32(00000000), ref: 00BE9052

Part of subcall function 00B7F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00BD1043,?,7529E610), ref: 00B7F6E6
Part of subcall function 00B7F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00BBFA64,00000000,00000000,?,?,00BD1043,?,7529E610,?,00BBFA64), ref: 00B7F70D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 3b0805eac6c84ed49ce590193140337fcb75576026ce52c55fa49256b09a6e40
Instruction ID: ce72ddf07ffb619fa484046b561da2ae6ec0ee74c7dcebf335a6ebb61b405c85
Opcode Fuzzy Hash: 3b0805eac6c84ed49ce590193140337fcb75576026ce52c55fa49256b09a6e40
Instruction Fuzzy Hash: 11513835600645DFCB11DF59C4948ADBBF1FF59324B0480E9E80AAB362DB31ED85CB90

Function 00BF6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00BF6C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00BF6C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00BF6C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00BDAB79,00000000,00000000), ref: 00BF6C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00BF6CC7

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 626ff1ee4e8029142c522ca9cf36d1410532ea3751f8d785316362d80282b7c6
Instruction ID: 4fa8cf00e02610c1c98bf31e2b48553f849cc0f4d94e99fdc34c898c725b1a11
Opcode Fuzzy Hash: 626ff1ee4e8029142c522ca9cf36d1410532ea3751f8d785316362d80282b7c6
Instruction Fuzzy Hash: B941AF35A04108AFDB24CF68CD99FB97BE5EB09360F1502A8EE95E72A1C771AD45CA40

Function 00B92051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00B920C3
_free.LIBCMT ref: 00B920E3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: c59e0398f1c20ccf84b78b4d21f438ba11cdbada708ddaf19d8bbf5bd38b20ca
Instruction ID: bf089363635f7fa964a4b40d5d3d1993e19ed568f7a343aafa5b36af7d96a6a5
Opcode Fuzzy Hash: c59e0398f1c20ccf84b78b4d21f438ba11cdbada708ddaf19d8bbf5bd38b20ca
Instruction Fuzzy Hash: 8241AF32E00210AFCF24DF78C881A6DB7E5EF89314F1585B9E615EB392DA31AD01CB81

Function 00B7912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00B79141
ScreenToClient.USER32(00000000,?), ref: 00B7915E
GetAsyncKeyState.USER32(00000001), ref: 00B79183
GetAsyncKeyState.USER32(00000002), ref: 00B7919D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: bdda7b454c86e7539a06be4d4a908f87d1cd7eb0dccd7496594005b74bf8291c
Instruction ID: f6933155710367d3133cc1a196fbd9de9ef1e65793b959a437478036545e2e48
Opcode Fuzzy Hash: bdda7b454c86e7539a06be4d4a908f87d1cd7eb0dccd7496594005b74bf8291c
Instruction Fuzzy Hash: 7D416E7190850ABBDF059F68C844BFEB7B4FB45320F208295E429B72D0CB745954DBA1

Function 00BD3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00BD38CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00BD3922
TranslateMessage.USER32(?), ref: 00BD394B
DispatchMessageW.USER32(?), ref: 00BD3955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BD3966

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 4b98ec6da0f0593bc7613cc22c9cea3923fa53c700a82442e1a619babfdbfb94
Instruction ID: 5e79f1c35f966855a9d6d4d8edfeb7beda31f368aee9c6cb5997400793ccd23f
Opcode Fuzzy Hash: 4b98ec6da0f0593bc7613cc22c9cea3923fa53c700a82442e1a619babfdbfb94
Instruction Fuzzy Hash: FB31FB705143419EEB35CB349898B76BBE4DB05710F0805ABE463832E2F7F99A84DB13

Function 00BDCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00BDC21E,00000000), ref: 00BDCF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00BDCF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00BDC21E,00000000), ref: 00BDCFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00BDC21E,00000000), ref: 00BDCFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00BDC21E,00000000), ref: 00BDCFF2

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: d37d1c2774be22fe6d36135898787a050624b162a6477f7c0a7bcab08570b65a
Instruction ID: fad84aafe533676f2a08b15ed646965d53ff12a239306c0620b9260f55ad508f
Opcode Fuzzy Hash: d37d1c2774be22fe6d36135898787a050624b162a6477f7c0a7bcab08570b65a
Instruction Fuzzy Hash: F4312F71504206AFDB20DFA5C9849ABBFF9EB14351B1044AEF51AD3251EB30AD49DB60

Function 00BC1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00BC1915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00BC19C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00BC19C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00BC19DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00BC19E2

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 3ae4c43f1d29fe559be876aad6e0f0e14372aceb9f6de411ebac2edd2b86c8e6
Instruction ID: fa263ea4d20b9ff15390b8633494e508820ee7d44931ea3395d833d455e8124c
Opcode Fuzzy Hash: 3ae4c43f1d29fe559be876aad6e0f0e14372aceb9f6de411ebac2edd2b86c8e6
Instruction Fuzzy Hash: F731CF71A00219EFCB00CFACC998BEE7BB5EB05314F108669F921E72D1C7B09955CB90

Function 00BF5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00BF5745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00BF579D
_wcslen.LIBCMT ref: 00BF57AF
_wcslen.LIBCMT ref: 00BF57BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00BF5816

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 5855abe6ee3dd5c84b2f7edab7d9c400760b1a2c82711f19973a92897ce4c1c4
Instruction ID: 20ea9a62e8c37ddf25d34b1d7fce10280fbe2276e367a7b5c893d778a73a63ae
Opcode Fuzzy Hash: 5855abe6ee3dd5c84b2f7edab7d9c400760b1a2c82711f19973a92897ce4c1c4
Instruction Fuzzy Hash: F521307190461CAADB309F64CC85AFDBBF8EF04724F108296EB29EB194D7709989CF50

Function 00BE0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00BE0951
GetForegroundWindow.USER32 ref: 00BE0968
GetDC.USER32(00000000), ref: 00BE09A4
GetPixel.GDI32(00000000,?,00000003), ref: 00BE09B0
ReleaseDC.USER32(00000000,00000003), ref: 00BE09E8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: b3d5d251b33e81f544bc9fc23685e74d6a010a897067fe7b4eda70c495bf6514
Instruction ID: 2cdd91d11ba6004a2fabb7a7077e68ba4f44e4c411aa0241662e14c011f1bfe5
Opcode Fuzzy Hash: b3d5d251b33e81f544bc9fc23685e74d6a010a897067fe7b4eda70c495bf6514
Instruction Fuzzy Hash: FA219335600204AFD704EF69D984AAEBBF5EF44700F0484ADF84AD7362DB74AD44CB50

Function 00B9CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00B9CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B9CDE9

Part of subcall function 00B93820: RtlAllocateHeap.NTDLL(00000000,?,00C31444,?,00B7FDF5,?,?,00B6A976,00000010,00C31440,00B613FC,?,00B613C6,?,00B61129), ref: 00B93852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B9CE0F
_free.LIBCMT ref: 00B9CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B9CE31

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 275461099c054bf378a9320df33f2de97eda8e09029a4deed161e7844112cdd0
Instruction ID: 17d637374272fa676da1ee0ad5a1826ccd3785572fa2fb1932679dd6ed5cb9a0
Opcode Fuzzy Hash: 275461099c054bf378a9320df33f2de97eda8e09029a4deed161e7844112cdd0
Instruction Fuzzy Hash: EF01D472601A157F2B211ABA6C88C7B6EEDDEC6BA131501B9F906D7200EE609E01C2B4

Function 00B79639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B79693
SelectObject.GDI32(?,00000000), ref: 00B796A2
BeginPath.GDI32(?), ref: 00B796B9
SelectObject.GDI32(?,00000000), ref: 00B796E2

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 7a963d730cc0a759ec70035eeddb446674b7b29fad70cf6bdfbdbd2afb9a4e86
Instruction ID: ff0afcd27ffec59acc371080a0ebf8946ad9ca9fb18d318510da65025d26f311
Opcode Fuzzy Hash: 7a963d730cc0a759ec70035eeddb446674b7b29fad70cf6bdfbdbd2afb9a4e86
Instruction Fuzzy Hash: 36217C30812305EFDB119F28ED08BBD3BE8FB41725F188396F828A71A0D7709991CB94

Function 00BC5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00BC5726
_memcmp.LIBVCRUNTIME ref: 00BC5744
_memcmp.LIBVCRUNTIME ref: 00BC5757
_memcmp.LIBVCRUNTIME ref: 00BC576F
_memcmp.LIBVCRUNTIME ref: 00BC5787

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 15f3affdbab19036f0874525d4148cb5555da34de9258615f664166dbe04835c
Instruction ID: e2b11cbef11613b6e2878b2a49103dd010621e982a8b7e102d88f9fe3fb3765b
Opcode Fuzzy Hash: 15f3affdbab19036f0874525d4148cb5555da34de9258615f664166dbe04835c
Instruction Fuzzy Hash: 59019671741619BA922866149D82FBA63DCDF21394B0044AAFE049B251F660FD95C2A8

Function 00BC000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?,?,?,00BC035E), ref: 00BC002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?,?), ref: 00BC0046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?,?), ref: 00BC0054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?), ref: 00BC0064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00BBFF41,80070057,?,?), ref: 00BC0070

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 65c03519d2b984e7fad8bb4b6e078180deed23bfd653066e96fed2e15385818f
Instruction ID: 63ee7f907a7a3f93215cd4d3223324cf917b230b33f2c9d600a8162422ca895f
Opcode Fuzzy Hash: 65c03519d2b984e7fad8bb4b6e078180deed23bfd653066e96fed2e15385818f
Instruction Fuzzy Hash: EB017872610208EBDB116F68ED44FBA7EEDEB44792F154168F905D3210EB71DD808BA0

Function 00BCE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00BCE997
QueryPerformanceFrequency.KERNEL32(?), ref: 00BCE9A5
Sleep.KERNEL32(00000000), ref: 00BCE9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00BCE9B7
Sleep.KERNEL32 ref: 00BCE9F3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: abe3a935ddab4894fb2abfc23cb6262445d387017f124a2f4ff8374c7710bf31
Instruction ID: b3b31a8491767dc1ddb20fda7542b2439dc9ce6f7cbebd4a77bc9453cf381466
Opcode Fuzzy Hash: abe3a935ddab4894fb2abfc23cb6262445d387017f124a2f4ff8374c7710bf31
Instruction Fuzzy Hash: 5F015B31C0152DDBCF009BE4D949BEDBBB8FF09700F00458AE512B3140CB709691C761

Function 00BC10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00BC1114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC1120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00BC0B9B,?,?,?), ref: 00BC1136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00BC114D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 99900af56b0b4e855f4421ba562fa7dbebba298f2fa4ccfbac145f7c61b7eac8
Instruction ID: 4397722efd2e0f99e69dcd69761ff486307b5d5e008e5e242cff739933c14546
Opcode Fuzzy Hash: 99900af56b0b4e855f4421ba562fa7dbebba298f2fa4ccfbac145f7c61b7eac8
Instruction Fuzzy Hash: DC016975200209BFDB115FA8DD49E6A3FAEEF8A3A0B240458FA41E3360DF31DD50CA60

Function 00BC0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00BC0FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00BC0FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00BC0FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00BC0FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00BC1002

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 936ad223598d764f8570a9ea3764de7504efa193dcf759752b0dacfdce58db1f
Instruction ID: fbad009cf51d697a4753cc4703fa8df460f11a25b617b02d68066083942ce72b
Opcode Fuzzy Hash: 936ad223598d764f8570a9ea3764de7504efa193dcf759752b0dacfdce58db1f
Instruction Fuzzy Hash: 04F04F35100305ABD7214FA89D49F663FADEF8A761F114455FA45D7251CE70DC90CA60

Function 00BC1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00BC102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00BC1036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BC1045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00BC104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BC1062

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: ad757b49923f5aeef3b1bd0bfe3e44efd95c5b9e39a064aee57795e43ca3d403
Instruction ID: ec296a61ed3218a6803b28c5a8e9a23e32b77eb7c7780ee85f0e715d8cbd06b9
Opcode Fuzzy Hash: ad757b49923f5aeef3b1bd0bfe3e44efd95c5b9e39a064aee57795e43ca3d403
Instruction Fuzzy Hash: 3FF06D35240309EBDB215FA8ED49F663FADEF8A761F210818FE45E7251CE70D990CA60

Function 00BD030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00BD017D,?,00BD32FC,?,00000001,00BA2592,?), ref: 00BD0324
CloseHandle.KERNEL32(?,?,?,?,00BD017D,?,00BD32FC,?,00000001,00BA2592,?), ref: 00BD0331
CloseHandle.KERNEL32(?,?,?,?,00BD017D,?,00BD32FC,?,00000001,00BA2592,?), ref: 00BD033E
CloseHandle.KERNEL32(?,?,?,?,00BD017D,?,00BD32FC,?,00000001,00BA2592,?), ref: 00BD034B
CloseHandle.KERNEL32(?,?,?,?,00BD017D,?,00BD32FC,?,00000001,00BA2592,?), ref: 00BD0358
CloseHandle.KERNEL32(?,?,?,?,00BD017D,?,00BD32FC,?,00000001,00BA2592,?), ref: 00BD0365

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 83703273b3e065cc907a27b8d34bbfe75b7c692ce09b8e700c2161ae9dec6e77
Instruction ID: 483bcf64eedabcf0c3e701d156d4fee600ff7b3044dd7c6f80d224fc220773a2
Opcode Fuzzy Hash: 83703273b3e065cc907a27b8d34bbfe75b7c692ce09b8e700c2161ae9dec6e77
Instruction Fuzzy Hash: BB01EE72800B058FCB30AF66D880812FBF9FF603253058A3FD19252A30C3B0A998CF84

Function 00B9D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00B9D752

Part of subcall function 00B929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000), ref: 00B929DE
Part of subcall function 00B929C8: GetLastError.KERNEL32(00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000,00000000), ref: 00B929F0

_free.LIBCMT ref: 00B9D764
_free.LIBCMT ref: 00B9D776
_free.LIBCMT ref: 00B9D788
_free.LIBCMT ref: 00B9D79A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 2a958a70170cfddb5bdf42502541db6a1297df8dcbbf72aa6a80f756127bd71e
Instruction ID: 02fcbf584666ef8764ed7c4bb6734f25ba44e78799aaaa8cd4b7f1f349f051ae
Opcode Fuzzy Hash: 2a958a70170cfddb5bdf42502541db6a1297df8dcbbf72aa6a80f756127bd71e
Instruction Fuzzy Hash: B3F0FF32954204ABCA21EBA5F9C5E1E77DDFB447107A508A5F04CE7A51CB24FC8086A4

Function 00BC5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00BC5C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00BC5C6F
MessageBeep.USER32(00000000), ref: 00BC5C87
KillTimer.USER32(?,0000040A), ref: 00BC5CA3
EndDialog.USER32(?,00000001), ref: 00BC5CBD

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 23e48524f3dadbcbeb7428d135896715bc3dd975064b2c48f535f9b07b951e80
Instruction ID: 81c10f070d55f98790de775bc8cd5e52053cd4b74897acf5278700de4de9f7d5
Opcode Fuzzy Hash: 23e48524f3dadbcbeb7428d135896715bc3dd975064b2c48f535f9b07b951e80
Instruction Fuzzy Hash: 85011230504B08ABEB315B10DE4EFA67BF8FB04B05F04159DA592A34E1DBF4B9C8CA90

Function 00B922A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00B922BE

Part of subcall function 00B929C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000), ref: 00B929DE
Part of subcall function 00B929C8: GetLastError.KERNEL32(00000000,?,00B9D7D1,00000000,00000000,00000000,00000000,?,00B9D7F8,00000000,00000007,00000000,?,00B9DBF5,00000000,00000000), ref: 00B929F0

_free.LIBCMT ref: 00B922D0
_free.LIBCMT ref: 00B922E3
_free.LIBCMT ref: 00B922F4
_free.LIBCMT ref: 00B92305

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ce54eaaff56d3c3f9ba28989fff83e6acd73b358ff7eebd1c4a9428bad82b8d2
Instruction ID: 317de6f3d4c37173c311067874a6247ed5f55cdce27eac43df33d7510f50fa2e
Opcode Fuzzy Hash: ce54eaaff56d3c3f9ba28989fff83e6acd73b358ff7eebd1c4a9428bad82b8d2
Instruction Fuzzy Hash: 53F05E71C20620AF8E22EF94BC41B0D3BE4F71876071405AAF814D63B1C7310912EFE4

Function 00B795C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00B795D4
StrokeAndFillPath.GDI32(?,?,00BB71F7,00000000,?,?,?), ref: 00B795F0
SelectObject.GDI32(?,00000000), ref: 00B79603
DeleteObject.GDI32 ref: 00B79616
StrokePath.GDI32(?), ref: 00B79631

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 566690ac6dd55763d6495676b6ba935614e7c2373e4c45a404025a2e0bd9cc76
Instruction ID: c30a26b86a19ecde1cba983a1aa1974cf889c94462fb587e58e21431da063e2b
Opcode Fuzzy Hash: 566690ac6dd55763d6495676b6ba935614e7c2373e4c45a404025a2e0bd9cc76
Instruction Fuzzy Hash: 49F0C935015708EFDB169F65EE18B683FA5EB11332F088354F869560F1CB308AA5DF20

Function 00B90F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00B910F9
__freea.LIBCMT ref: 00B91117

Part of subcall function 00B91537: _free.LIBCMT ref: 00B9154F

Strings

am/pm, xrefs: 00B9117A
a/p, xrefs: 00B911DE

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 4c14d949fcccbc6103ba7bfc2d8db7c5cb285a8f16a603bc6266113ff1e09033
Instruction ID: e621cf13604ea87f267c507a219d1a9e3afafe4d041b97439285087cb1685e2b
Opcode Fuzzy Hash: 4c14d949fcccbc6103ba7bfc2d8db7c5cb285a8f16a603bc6266113ff1e09033
Instruction Fuzzy Hash: 9BD1D031904207EADF299F6CC895BBAB7F0EF05700F2449F9E901AB651D3359D80EB65

Function 00BE7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00B80242: EnterCriticalSection.KERNEL32(00C3070C,00C31884,?,?,00B7198B,00C32518,?,?,?,00B612F9,00000000), ref: 00B8024D
Part of subcall function 00B80242: LeaveCriticalSection.KERNEL32(00C3070C,?,00B7198B,00C32518,?,?,?,00B612F9,00000000), ref: 00B8028A

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00B800A3: __onexit.LIBCMT ref: 00B800A9

__Init_thread_footer.LIBCMT ref: 00BE7BFB

Part of subcall function 00B801F8: EnterCriticalSection.KERNEL32(00C3070C,?,?,00B78747,00C32514), ref: 00B80202
Part of subcall function 00B801F8: LeaveCriticalSection.KERNEL32(00C3070C,?,00B78747,00C32514), ref: 00B80235

Strings

G, xrefs: 00BE7C7F
Variable must be of type 'Object'., xrefs: 00BE7C3A
5, xrefs: 00BE7C78

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: a4ed2b81222c2c1b20b38ca63c82ffdbda3b0d323fa2d5e24894bc5072d20379
Instruction ID: bdabea0b558265132df91db7b114c34068b34645d05dbefce4518474bc727e14
Opcode Fuzzy Hash: a4ed2b81222c2c1b20b38ca63c82ffdbda3b0d323fa2d5e24894bc5072d20379
Instruction Fuzzy Hash: 6D91AA70A44289EFCB04EF55D8809BDB7F5FF48300F108099F806AB292DB71AE45CB91

Function 00BC2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00BCB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00BC21D0,?,?,00000034,00000800,?,00000034), ref: 00BCB42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00BC2760

Part of subcall function 00BCB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00BC21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00BCB3F8

Part of subcall function 00BCB32A: GetWindowThreadProcessId.USER32(?,?), ref: 00BCB355
Part of subcall function 00BCB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00BC2194,00000034,?,?,00001004,00000000,00000000), ref: 00BCB365
Part of subcall function 00BCB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00BC2194,00000034,?,?,00001004,00000000,00000000), ref: 00BCB37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00BC27CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00BC281A

Strings

@, xrefs: 00BC2832

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: b62b5bb811b864d6ec3d95926e0ac4eb382111e481a24a49fc8e78e08c42f5de
Instruction ID: 8962a3f6435fc98c9bad39578ac5631eee464436e54b8bb69b90cc8584861367
Opcode Fuzzy Hash: b62b5bb811b864d6ec3d95926e0ac4eb382111e481a24a49fc8e78e08c42f5de
Instruction Fuzzy Hash: 8341FB76900218AFDB10DBA4CD86FEEBBB8EF49700F104099FA55B7181DB706E45CBA1

Function 00B9172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00B91769
_free.LIBCMT ref: 00B91834
_free.LIBCMT ref: 00B9183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00B91760, 00B91767, 00B91796, 00B917CE

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-517116171
Opcode ID: 0a33d9840e2e57d967f4eec1febb7e87bbc9fb91141d5063d57d629e581b64b0
Instruction ID: 78155bc22b4b6eab409285b3bf6f03eceb0528bb4992866e43d6f8c93f6f0ba9
Opcode Fuzzy Hash: 0a33d9840e2e57d967f4eec1febb7e87bbc9fb91141d5063d57d629e581b64b0
Instruction Fuzzy Hash: 0F3150B5A0021AAFDF21DF999885E9EBBFCEB85350B1445F6F80497211D6708E41EBA0

Function 00BCC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00BCC306
DeleteMenu.USER32(?,00000007,00000000), ref: 00BCC34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00C31990,011C80C0), ref: 00BCC395

Strings

0, xrefs: 00BCC2DF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 167f8a68094778a338a67ad8ba595eef1763b55222adeb42537541a36c80f632
Instruction ID: 0b865291ee27b18092d269f193cf7965c8cb721a5180d7752fc91686c8220604
Opcode Fuzzy Hash: 167f8a68094778a338a67ad8ba595eef1763b55222adeb42537541a36c80f632
Instruction Fuzzy Hash: E94191712043419FD720DF24E885F1ABFE4EBE5310F10869DF8A9D7292D730A904CB66

Function 00BF4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00BFCC08,00000000,?,?,?,?), ref: 00BF44AA
GetWindowLongW.USER32 ref: 00BF44C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00BF44D7

Strings

SysTreeView32, xrefs: 00BF447C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: cf52e181eef25015396354d2e5a592b79bd42ecd7e463f17ad2ade683551d730
Instruction ID: 5cb16f8f46c467e845109bf158ca25fd3d579c38e247afcbce9d7594970fbf58
Opcode Fuzzy Hash: cf52e181eef25015396354d2e5a592b79bd42ecd7e463f17ad2ade683551d730
Instruction Fuzzy Hash: 13316D31214209AFDB209E78DC45BEB7BE9EB08324F204755FA75A32E0DB74EC549B50

Function 00BE304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00BE335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00BE3077,?,?), ref: 00BE3378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00BE307A
_wcslen.LIBCMT ref: 00BE309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00BE3106

Strings

255.255.255.255, xrefs: 00BE3095, 00BE309A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: ce3382875029262488bea9f66f0619f13382eba5fbdeecc2bd51081f8501f7d9
Instruction ID: 83574f8d0f22482da9f42e050e0269e6a24cecbd1e0ac41e9bfe2cedc614db23
Opcode Fuzzy Hash: ce3382875029262488bea9f66f0619f13382eba5fbdeecc2bd51081f8501f7d9
Instruction Fuzzy Hash: 7331F3352002859FCB20CF6AC589FAA77E0EF54718F2480D9E8159B393CB36EE41C761

Function 00BF3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00BF3F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00BF3F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00BF3F78

Strings

SysMonthCal32, xrefs: 00BF3F0B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 9af99fa777bbc112435367f00ddf7025000807ae7cfc3f847fae6d6d6ef32583
Instruction ID: e76235a1c1c6c3caa0888af6915e67c769a28bd168a993816779ac9257d1593f
Opcode Fuzzy Hash: 9af99fa777bbc112435367f00ddf7025000807ae7cfc3f847fae6d6d6ef32583
Instruction Fuzzy Hash: 2D219F32610219BFDF118F50DC86FEA3BB5EF48724F110254FA15AB1D0D6B5AD94CBA0

Function 00BF4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00BF4705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00BF4713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00BF471A

Strings

msctls_updown32, xrefs: 00BF4684

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: c97e0ce3644450e04dea76565fa59ea56d44e03adbd7bde72bc460aadb2a015b
Instruction ID: 3870e6325ff1b4ec5e7a008462262772166c8dc45a45c7876afa7384309f71fb
Opcode Fuzzy Hash: c97e0ce3644450e04dea76565fa59ea56d44e03adbd7bde72bc460aadb2a015b
Instruction Fuzzy Hash: 11213EB5604209AFDB10DF64DCD1EBB37EDEB9A3A8B040199FA009B251CB71EC55CB60

Function 00BC95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00BC961D

Strings

#requireadmin, xrefs: 00BC95D9
#notrayicon, xrefs: 00BC95B7
#OnAutoItStartRegister, xrefs: 00BC95F3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: ebdb9c8c8ae12bcf4d9f15dcf44f2729979447ec858b490dbdf98870fa212986
Instruction ID: 95d6f08b247bb3647ef477e5d99e20cb0bed692c822f33155f9c4baef3f37b3f
Opcode Fuzzy Hash: ebdb9c8c8ae12bcf4d9f15dcf44f2729979447ec858b490dbdf98870fa212986
Instruction Fuzzy Hash: DC21573220421167E331BB28DC4AFBB73D8EFA5714F5040BEFA8A97091EB65AD45C395

Function 00BF37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00BF3840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00BF3850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00BF3876

Strings

Listbox, xrefs: 00BF380F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 816221c31188a2303ec3aa443db08c39593247fbb74adeec011db203d006f06e
Instruction ID: d51a26672cef85de5195f24a7b89dd43d743970454140857f0199e82d27722b4
Opcode Fuzzy Hash: 816221c31188a2303ec3aa443db08c39593247fbb74adeec011db203d006f06e
Instruction Fuzzy Hash: 5D21B072610118BBEB119F54CC81FBB37EAEF89B90F118164FA009B190CA75DC55C7A0

Function 00BD49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00BD4A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00BD4A5C
SetErrorMode.KERNEL32(00000000,?,?,00BFCC08), ref: 00BD4AD0

Strings

%lu, xrefs: 00BD4A6F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 7f2e020fa87a6b9bc42425b04d8961173d716ef45e52815863f646e92efd4dc9
Instruction ID: 3d76d8fa192781e058542c3723248ef8b6d144513ed5f25faa23ab7d5bd9f8d0
Opcode Fuzzy Hash: 7f2e020fa87a6b9bc42425b04d8961173d716ef45e52815863f646e92efd4dc9
Instruction Fuzzy Hash: A3314175A00109AFDB10DF54C985EAABBF8EF04318F1480A5F509DB362DB75EE45CB61

Function 00BF41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00BF424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00BF4264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00BF4271

Strings

msctls_trackbar32, xrefs: 00BF4226

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 7ba4d1719d45411638d6c2b74fac829815c501dc5790f99736169631f041cef5
Instruction ID: 9c6f0b6246125e4a8144bb1d1afa5602c56e8c378fe410bedd900defdd018c91
Opcode Fuzzy Hash: 7ba4d1719d45411638d6c2b74fac829815c501dc5790f99736169631f041cef5
Instruction Fuzzy Hash: 4B11CE31250248BEEF205E28CC46FBB3BE8EB85B64F010624FA55E70A0D671D851DB20

Function 00BC2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B66B57: _wcslen.LIBCMT ref: 00B66B6A

Part of subcall function 00BC2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00BC2DC5
Part of subcall function 00BC2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BC2DD6
Part of subcall function 00BC2DA7: GetCurrentThreadId.KERNEL32 ref: 00BC2DDD
Part of subcall function 00BC2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00BC2DE4

GetFocus.USER32 ref: 00BC2F78

Part of subcall function 00BC2DEE: GetParent.USER32(00000000), ref: 00BC2DF9

GetClassNameW.USER32(?,?,00000100), ref: 00BC2FC3
EnumChildWindows.USER32(?,00BC303B), ref: 00BC2FEB

Strings

%s%d, xrefs: 00BC2FFF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 9a174489aad9e68919c3ae08db5b93bd919204ad90d5bb1f0739e7c823894539
Instruction ID: e5ae622abd35578b20979adb0f9cd0752049045824f789e7c83ffbd080b59c67
Opcode Fuzzy Hash: 9a174489aad9e68919c3ae08db5b93bd919204ad90d5bb1f0739e7c823894539
Instruction Fuzzy Hash: C6119071600209ABDF556F649C86FFE37EAAF94304F0480B9B9099B292DE7099498B60

Function 00BF5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00BF58C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00BF58EE
DrawMenuBar.USER32(?), ref: 00BF58FD

Strings

0, xrefs: 00BF588F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 40a86c89a834c791eeab873b2401aec86d64a54f2cff42f649d2142d5d552690
Instruction ID: f5f609239115ff110c10f86b3622ac1d6e61d76cb137bc555d55f5e6ef66180b
Opcode Fuzzy Hash: 40a86c89a834c791eeab873b2401aec86d64a54f2cff42f649d2142d5d552690
Instruction Fuzzy Hash: 4E012731500218AEDB219F25DC85BBABBB4FB45360F10C0D9EA49D7251DB708A88EF21

Function 00BBD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00BBD3BF
FreeLibrary.KERNEL32 ref: 00BBD3E5

Strings

X64, xrefs: 00BBD2A8
GetSystemWow64DirectoryW, xrefs: 00BBD3B9

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 3013587201-2590602151
Opcode ID: b0a0793fb91d1167d6f0c9c959d536835a781fc1a1b8d9524dd4ef3455b9c222
Instruction ID: d97bf8592bba89dbf1b8e6f3ea95abcba488701fdd0dfcb0f4515f14b8eeeed3
Opcode Fuzzy Hash: b0a0793fb91d1167d6f0c9c959d536835a781fc1a1b8d9524dd4ef3455b9c222
Instruction Fuzzy Hash: F2F0552240075A8BC7741210CC98AFD77E4EF10741BA982E9F016F30A5FBF8CD88C64A

Function 00BC007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028cd8b6d1a30935a210dca48b8b5abd7c44564005934521eeead680cf553835
Instruction ID: f580e428b0b6067efb05a41bc7cb55a1ebe36304a47dd372b0a80815e652f51e
Opcode Fuzzy Hash: 028cd8b6d1a30935a210dca48b8b5abd7c44564005934521eeead680cf553835
Instruction Fuzzy Hash: 8BC14775A1021AEFDB14DFA8C894FAAB7B5FF88304F248598E505EB251D731EE41CB90

Function 00B93E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00B93F0B
__alldvrm.LIBCMT ref: 00B9410C
__alldvrm.LIBCMT ref: 00B9412E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 561f21f11133bf88cdbaf92e6c43b666358b6c9c4dcc8d088982a42de72fce8a
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: 0DA12476A042969FDF25CF28C891BAABFE5EF62350F1841FDE5859B281C3348982C750

Function 00BE342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00BE3459
CoUninitialize.OLE32 ref: 00BE3463
VariantInit.OLEAUT32(?), ref: 00BE346E
VariantClear.OLEAUT32(?), ref: 00BE371B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 428d7c567e8b306f117c6af049472d920b062f65ff411a2915027b9a19bf830f
Instruction ID: b811ed85736baa0abff8271cea535327a93426f432dcca25f37aafeba0f6d0f4
Opcode Fuzzy Hash: 428d7c567e8b306f117c6af049472d920b062f65ff411a2915027b9a19bf830f
Instruction Fuzzy Hash: F2A15C752183009FC710DF29C595A2AB7E5FF88714F04889DF98A9B362DB34EE45CB91

Function 00BC0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00BFFC08,?), ref: 00BC05F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00BFFC08,?), ref: 00BC0608
CLSIDFromProgID.OLE32(?,?,00000000,00BFCC40,000000FF,?,00000000,00000800,00000000,?,00BFFC08,?), ref: 00BC062D
_memcmp.LIBVCRUNTIME ref: 00BC064E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 46d974dabc746846f938c24171a2334639eac11df185078e67e5f78b4568c2c7
Instruction ID: 7095cafc3edb9e0b33b39002795b7937c08592006e05b322acd508cbd6cf1916
Opcode Fuzzy Hash: 46d974dabc746846f938c24171a2334639eac11df185078e67e5f78b4568c2c7
Instruction Fuzzy Hash: 0981F771A10109EFCB04DF94C984EEEB7F9FF89315F204598E516AB250DB71AE46CB60

Function 00BA1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00BA14C0

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 855bcfdcfce095ff45d0f1c970aedc5fb0e53a3c604475ff2ed0e8c0b2a50807
Instruction ID: f72489724c00b113058df7fea9db04c7339c3ab74d48cb35d38a9c71c94e7807
Opcode Fuzzy Hash: 855bcfdcfce095ff45d0f1c970aedc5fb0e53a3c604475ff2ed0e8c0b2a50807
Instruction Fuzzy Hash: F5414931A08115ABDF617FBD8C85ABE3AE4EF4B370F144AE5F418D6391EA3448419BA1

Function 00BF6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00BF62E2
ScreenToClient.USER32(?,?), ref: 00BF6315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00BF6382

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 4e2008a2c03fe1035ae9ea9989e52b677b06dd251b4a06fa8664ca988b95311f
Instruction ID: 765628753a7a7b3cbabf58d20488951b4873fed8469f3c50262d6a4e54cf09a7
Opcode Fuzzy Hash: 4e2008a2c03fe1035ae9ea9989e52b677b06dd251b4a06fa8664ca988b95311f
Instruction Fuzzy Hash: 78511874A00209EFCB14DF68D980ABE7BF5EB55360F1481A9FE159B2A1D730ED85CB90

Function 00BE1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00BE1AFD
WSAGetLastError.WSOCK32 ref: 00BE1B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00BE1B8A
WSAGetLastError.WSOCK32 ref: 00BE1B94

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 2c34bf9661adbf8c64097e679a0d79dc390035caf36a233e706316a5aec383ea
Instruction ID: 60728a79e6192a405f8e5a2f01e85dd5f238c6500f6546cb80c9c617b0de4ed2
Opcode Fuzzy Hash: 2c34bf9661adbf8c64097e679a0d79dc390035caf36a233e706316a5aec383ea
Instruction Fuzzy Hash: 9441A034600200AFE720AF24C886F2A77E5EB44718F54C498F95A9F3D2D776ED41CB90

Function 00B9B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b25a880021febd963755f2bf97e600434a61381399c9dc9229d71ea3b425b8b3
Instruction ID: c8f8dba693bb113e66d86ff29b24461e22aa0cca9f75fd0278024c48752e389c
Opcode Fuzzy Hash: b25a880021febd963755f2bf97e600434a61381399c9dc9229d71ea3b425b8b3
Instruction Fuzzy Hash: C441E275A00304AFDB24AF78D941FAABBE9EB88710F1045BEF151DB392D77199018780

Function 00BD56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00BD5783
GetLastError.KERNEL32(?,00000000), ref: 00BD57A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00BD57CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00BD57FA

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: b80457177f267fc60a7c2cdba9e05d11e262f653e63a16692b7c8843e8e63e6e
Instruction ID: 0337e65802d103bdcae73b2525830202a7319d0b874840b0a235dccc439e3b31
Opcode Fuzzy Hash: b80457177f267fc60a7c2cdba9e05d11e262f653e63a16692b7c8843e8e63e6e
Instruction Fuzzy Hash: 89415B39210610DFCB20EF15C554A5EBBF2EF99324B1884D9E84AAB362DB34FD40CB91

Function 00B9D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00B86D71,00000000,00000000,00B882D9,?,00B882D9,?,00000001,00B86D71,8BE85006,00000001,00B882D9,00B882D9), ref: 00B9D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B9D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00B9D9AB
__freea.LIBCMT ref: 00B9D9B4

Part of subcall function 00B93820: RtlAllocateHeap.NTDLL(00000000,?,00C31444,?,00B7FDF5,?,?,00B6A976,00000010,00C31440,00B613FC,?,00B613C6,?,00B61129), ref: 00B93852

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 9e3da7b0e4ec6ab20deab0d400397c9535516d84edf37349c2325dd28ff8bc2f
Instruction ID: e9c4d980eb7775e76f7cddd91b3d99ec9cd6603866592fe1c35b26fe4d02fb24
Opcode Fuzzy Hash: 9e3da7b0e4ec6ab20deab0d400397c9535516d84edf37349c2325dd28ff8bc2f
Instruction Fuzzy Hash: 6831AE72A0020AABDF24AF65DC85EAE7BE5EB40710B1542A9FC05D7160EB35CD54CB90

Function 00BF52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00BF5352
GetWindowLongW.USER32(?,000000F0), ref: 00BF5375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00BF5382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00BF53A8

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: e76e2708ea77752b8d7d804448f2e4093cbd2fcf1d8838ed5ec1c383a90febbc
Instruction ID: 4554e05cd0cf2d08c77635921554c616d228d67370c8030a48c19da50832cd20
Opcode Fuzzy Hash: e76e2708ea77752b8d7d804448f2e4093cbd2fcf1d8838ed5ec1c383a90febbc
Instruction Fuzzy Hash: 57319234A55A0CEFEB309A1CCC45BF877E5EB05390F584181FB12971E1C7B09988DB4A

Function 00BCAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00BCABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00BCAC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00BCAC74
SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00BCACC6

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 2b4e21755bce2cc00b8169e8dd6318e35796f503e5667dc6c8b0cf1c13caae8f
Instruction ID: ea022528e725d910f21317ea607730794c12a4a55afc3833e9bce53acfae9a6a
Opcode Fuzzy Hash: 2b4e21755bce2cc00b8169e8dd6318e35796f503e5667dc6c8b0cf1c13caae8f
Instruction Fuzzy Hash: A3311230A4421CAFFB248B688C09FFB7BE5EB89318F04429EE491971D1C374998587A2

Function 00BF7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00BF769A
GetWindowRect.USER32(?,?), ref: 00BF7710
PtInRect.USER32(?,?,00BF8B89), ref: 00BF7720
MessageBeep.USER32(00000000), ref: 00BF778C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 805077369599b63997f5a55ec05ca79fd4b9c6f087140e5ef116aa20670970f7
Instruction ID: 751fe95a1aa11c3ba3eb1a87295b655ab3bf42d4a680cec02e3d3518cb35e95b
Opcode Fuzzy Hash: 805077369599b63997f5a55ec05ca79fd4b9c6f087140e5ef116aa20670970f7
Instruction Fuzzy Hash: 97416D34655218EFCB01EF58C894FB97BF5FB49314F1940E8EA249B261CB30AD49CB90

Function 00BF16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00BF16EB

Part of subcall function 00BC3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BC3A57
Part of subcall function 00BC3A3D: GetCurrentThreadId.KERNEL32 ref: 00BC3A5E
Part of subcall function 00BC3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00BC25B3), ref: 00BC3A65

GetCaretPos.USER32(?), ref: 00BF16FF
ClientToScreen.USER32(00000000,?), ref: 00BF174C
GetForegroundWindow.USER32 ref: 00BF1752

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 81cfb653c61773f2927d37a0483970b6f51eb780492493a244588dc21a242b13
Instruction ID: a04757acb5833d8986e783c4a8a718bfaa5ac6e04069c1f647861e91df6204b4
Opcode Fuzzy Hash: 81cfb653c61773f2927d37a0483970b6f51eb780492493a244588dc21a242b13
Instruction Fuzzy Hash: D6313E75D00249AFC704EFA9C981DBEBBF9EF48304B5084AAE415E7211EA35DE45CFA0

Function 00BCDF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00B67620: _wcslen.LIBCMT ref: 00B67625

_wcslen.LIBCMT ref: 00BCDFCB
_wcslen.LIBCMT ref: 00BCDFE2
_wcslen.LIBCMT ref: 00BCE00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00BCE018

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 889af068b427cce4e051bfc1c04e92ed2232ed899b5a37739b8720962b7f18b1
Instruction ID: d8ad960a29efe2564fd7dd1cec91f82baefc05a191409d056549d34873006250
Opcode Fuzzy Hash: 889af068b427cce4e051bfc1c04e92ed2232ed899b5a37739b8720962b7f18b1
Instruction Fuzzy Hash: 3F21A375900215EFCB20EFA8D982B6EB7F8EF45760F1440A9E805BB281D7709E41CBA1

Function 00BCD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00BCD501
Process32FirstW.KERNEL32(00000000,?), ref: 00BCD50F
Process32NextW.KERNEL32(00000000,?), ref: 00BCD52F
CloseHandle.KERNEL32(00000000), ref: 00BCD5DC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 1b2f936f26ba239cc5be3456853656a7a621514f3e7058b56a9083dbd775aac1
Instruction ID: 9a9cbc824439486fa0da18bf77fc843f520cee8daff6f58a676b808f01bd2563
Opcode Fuzzy Hash: 1b2f936f26ba239cc5be3456853656a7a621514f3e7058b56a9083dbd775aac1
Instruction Fuzzy Hash: DB319F711083009FD300EF54C881FAFBBE8EFA9354F14096DF585971A1EB719A88CBA2

Function 00BF8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

GetCursorPos.USER32(?), ref: 00BF9001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00BB7711,?,?,?,?,?), ref: 00BF9016
GetCursorPos.USER32(?), ref: 00BF905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00BB7711,?,?,?), ref: 00BF9094

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 7f2549eebf61840f4b2180d73f39c4eade524d36134dd750496beae7ac59fafb
Instruction ID: 03a83a3dc1ccc4c84b487391c4085837187644bacb100a397dd251e35d4c09aa
Opcode Fuzzy Hash: 7f2549eebf61840f4b2180d73f39c4eade524d36134dd750496beae7ac59fafb
Instruction Fuzzy Hash: 04216D3560011CEFDB258FA4C859FFA7BF9EB89360F1440A5FA058B2A1CB319994DF60

Function 00BCD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00BFCB68), ref: 00BCD2FB
GetLastError.KERNEL32 ref: 00BCD30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00BCD319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00BFCB68), ref: 00BCD376

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 57a0d45449f13cfec7400fe4b22161d053a971d2905a1de3b2722cd8ff29de31
Instruction ID: 429f27679db1e851dcb4dd88c04f0065c9cb4267cc176da0072d550b38f1e145
Opcode Fuzzy Hash: 57a0d45449f13cfec7400fe4b22161d053a971d2905a1de3b2722cd8ff29de31
Instruction Fuzzy Hash: AA21B7745043059F8300DF24C98196E7BE8EF95364F104AADF495C72A1DB30D949CB97

Function 00BC1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00BC1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00BC102A
Part of subcall function 00BC1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00BC1036
Part of subcall function 00BC1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BC1045
Part of subcall function 00BC1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00BC104C
Part of subcall function 00BC1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00BC1062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00BC15BE
_memcmp.LIBVCRUNTIME ref: 00BC15E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00BC1617
HeapFree.KERNEL32(00000000), ref: 00BC161E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 6d832aa329d1d5ddae5e2d7cdef985bb63e115262e3121858b54b2001c375a77
Instruction ID: 9b0734dac24b7d1db9a3f4ec637d7d43512fe679e36a60c989faf155aed8817f
Opcode Fuzzy Hash: 6d832aa329d1d5ddae5e2d7cdef985bb63e115262e3121858b54b2001c375a77
Instruction Fuzzy Hash: 4F217C71E00108AFDB00DFA8C945FEEB7F8EF45344F184899E441B7242D730AA45DB50

Function 00BF2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00BF280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00BF2824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00BF2832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00BF2840

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: eb4f739b9712334627507a468f782d86affb160886619b772936c203d9419994
Instruction ID: fea500f652b9f9678b64519088c43727e050c8d103c1ef044aad224a2c78a6bd
Opcode Fuzzy Hash: eb4f739b9712334627507a468f782d86affb160886619b772936c203d9419994
Instruction Fuzzy Hash: A4212131204119AFD7109B24C841FBA7BE5EF45324F148198F526CB6E2CB71FC86C790

Function 00BC78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BC8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00BC790A,?,000000FF,?,00BC8754,00000000,?,0000001C,?,?), ref: 00BC8D8C
Part of subcall function 00BC8D7D: lstrcpyW.KERNEL32(00000000,?,?,00BC790A,?,000000FF,?,00BC8754,00000000,?,0000001C,?,?,00000000), ref: 00BC8DB2
Part of subcall function 00BC8D7D: lstrcmpiW.KERNEL32(00000000,?,00BC790A,?,000000FF,?,00BC8754,00000000,?,0000001C,?,?), ref: 00BC8DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00BC8754,00000000,?,0000001C,?,?,00000000), ref: 00BC7923
lstrcpyW.KERNEL32(00000000,?,?,00BC8754,00000000,?,0000001C,?,?,00000000), ref: 00BC7949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00BC8754,00000000,?,0000001C,?,?,00000000), ref: 00BC7984

Strings

cdecl, xrefs: 00BC797B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 594d329143875db7fc30bb8263f7ba620091dcf751b073d986c8b306d38a3742
Instruction ID: aacb7449364b5f39c120b8b5af30f3566a860313e1c7820b71ae9a2e7ec01abb
Opcode Fuzzy Hash: 594d329143875db7fc30bb8263f7ba620091dcf751b073d986c8b306d38a3742
Instruction Fuzzy Hash: ED11263A200302BBCB159F38D844E7A77E9FF85390B50806EF846C72A4EF719811CBA1

Function 00BF7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00BF7D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00BF7D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00BF7D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00BDB7AD,00000000), ref: 00BF7D6B

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: 679ad0b3203e983e2872edb385764ceb974dc87c4166ee63132e43bdf28da443
Instruction ID: c0325f569df874c250cd9ebdd2c6188e0f8fbda47bcacbe049f402466ecbd58e
Opcode Fuzzy Hash: 679ad0b3203e983e2872edb385764ceb974dc87c4166ee63132e43bdf28da443
Instruction Fuzzy Hash: 8411AC75258619AFCB108F28CC04ABA3BE5EF45360B5583B4F939CB2E0DB308965CB80

Function 00BF5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00BF56BB
_wcslen.LIBCMT ref: 00BF56CD
_wcslen.LIBCMT ref: 00BF56D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00BF5816

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: e8d32471beb16865159df164003ad44c0ea685a4e47ede5c99f5fe0eb524ce85
Instruction ID: 075230d18467b01c07654758266691476637bd3b94771390f8fcca7a64f49856
Opcode Fuzzy Hash: e8d32471beb16865159df164003ad44c0ea685a4e47ede5c99f5fe0eb524ce85
Instruction Fuzzy Hash: 3811B47160060CAADB30AF61CCC5AFE77ECEF11760B1080A6FB15D7181EB709988CB64

Function 00B91D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd799ae76b2cafa8226262581b25a340d7276589fbd7052a0e5b43e4afc50aa4
Instruction ID: 5dacd50412efb4e713db70e28fdf487ac910c64d2faff7aa81f89e03c2264658
Opcode Fuzzy Hash: cd799ae76b2cafa8226262581b25a340d7276589fbd7052a0e5b43e4afc50aa4
Instruction Fuzzy Hash: 90014FB260561B7EFE11167C6CC1F67669DDF413B8B340BB5F535621E2DB608D40A170

Function 00BC1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00BC1A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BC1A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BC1A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00BC1A8A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 224c7db61abe98b8a2e2f7ebcc48eae10a24978635597dbc7f62f59e9eb2f7ce
Instruction ID: 3c834d8ad43b551803091f5c07fa7f8c6c3d1de160a23c4de16094ac92d127ee
Opcode Fuzzy Hash: 224c7db61abe98b8a2e2f7ebcc48eae10a24978635597dbc7f62f59e9eb2f7ce
Instruction Fuzzy Hash: A411393AD01219FFEB10DFA8CD85FADBBB8EB08750F200495EA10B7290D6716E50DB94

Function 00BCE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00BCE1FD
MessageBoxW.USER32(?,?,?,?), ref: 00BCE230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00BCE246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00BCE24D

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: f394bbe7c9a9580682eb31f81ea143ce4f0c8d3a6ac6e298fb5926cbbc6269ab
Instruction ID: cca0b31f656596c6f317b54d692f4b29b65011d504012177a5a236af32b7b29a
Opcode Fuzzy Hash: f394bbe7c9a9580682eb31f81ea143ce4f0c8d3a6ac6e298fb5926cbbc6269ab
Instruction Fuzzy Hash: 0511C876904258BFC7019FA89C05FAE7FECDB45320F044259F924E72A1D770CD048BA0

Function 00B8D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00B8CFF9,00000000,00000004,00000000), ref: 00B8D218
GetLastError.KERNEL32 ref: 00B8D224
__dosmaperr.LIBCMT ref: 00B8D22B
ResumeThread.KERNEL32(00000000), ref: 00B8D249

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: f6aaabda64df2a4371873000517ff76b03ef44804e3230a93f537ed54017b087
Instruction ID: 82a56bf7cc15440a1299f11aa3570778857447ec703b21c1cbfafb7885cd3859
Opcode Fuzzy Hash: f6aaabda64df2a4371873000517ff76b03ef44804e3230a93f537ed54017b087
Instruction Fuzzy Hash: A601C036805209BBDB117FA5DC09AAA7FA9EF81330F10029AF925A21F0CF708945C7A0

Function 00B7990E Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,?), ref: 00B798D6
SetBkMode.GDI32(?,00000001), ref: 00B798E9
GetStockObject.GDI32(00000005), ref: 00B798F1
GetWindowLongW.USER32(?,000000EB), ref: 00B79952

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ColorLongModeObjectStockTextWindow
String ID:
API String ID: 2960364272-0
Opcode ID: 6be271b19b862f6de262eac5863584d4f168ced4788585535d91b1a01078149c
Instruction ID: 75f426b9f063dabeb1d87c5c2020b74e73eab64a4ab40a81b26fbc975cb9e242
Opcode Fuzzy Hash: 6be271b19b862f6de262eac5863584d4f168ced4788585535d91b1a01078149c
Instruction Fuzzy Hash: 2A118C322462109FD7118F20EC94FFA7FA5DF6B365B08419DFA468B2A2DB314891C751

Function 00BF9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00B79BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B79BB2

GetClientRect.USER32(?,?), ref: 00BF9F31
GetCursorPos.USER32(?), ref: 00BF9F3B
ScreenToClient.USER32(?,?), ref: 00BF9F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00BF9F7A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: e1b58f1d1dfdfd2b78a19f9ae5592af6f40c0ffc8be64e58120c6240eee88ff6
Instruction ID: 1b30be844fde807f8375787aba0b9982dd2df9f9fa47fc2d87e075bf7167a273
Opcode Fuzzy Hash: e1b58f1d1dfdfd2b78a19f9ae5592af6f40c0ffc8be64e58120c6240eee88ff6
Instruction Fuzzy Hash: 00112A3290011EABDB10DF68D985AFE7BB9FF45311F104495FA11E7151D730BA89CBA1

Function 00B6600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B6604C
GetStockObject.GDI32(00000011), ref: 00B66060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00B6606A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 71a181c6d31c548e56afd592932fd50b540c94512300edeb168d6f2a184645c9
Instruction ID: cf2e1819eeecd88704105b277c745d4eb202ba50d33c3471e69064121d08d563
Opcode Fuzzy Hash: 71a181c6d31c548e56afd592932fd50b540c94512300edeb168d6f2a184645c9
Instruction Fuzzy Hash: 5B116D72501508BFEF165FA49C84EEABFADFF093A4F040265FA1553110DB369CA0DBA0

Function 00B83B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00B83B56

Part of subcall function 00B83AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00B83AD2
Part of subcall function 00B83AA3: ___AdjustPointer.LIBCMT ref: 00B83AED

_UnwindNestedFrames.LIBCMT ref: 00B83B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00B83B7C
CallCatchBlock.LIBVCRUNTIME ref: 00B83BA4

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 28d4f055bf347d8418a261e86557f490ff8caff64c1e664f5fab9bc221c58108
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: AB012972100149BBDF126E95CC42EEB7FE9EF48B54F044094FE4856131D732E961DBA0

Function 00B93073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00B613C6,00000000,00000000,?,00B9301A,00B613C6,00000000,00000000,00000000,?,00B9328B,00000006,FlsSetValue), ref: 00B930A5
GetLastError.KERNEL32(?,00B9301A,00B613C6,00000000,00000000,00000000,?,00B9328B,00000006,FlsSetValue,00C02290,FlsSetValue,00000000,00000364,?,00B92E46), ref: 00B930B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00B9301A,00B613C6,00000000,00000000,00000000,?,00B9328B,00000006,FlsSetValue,00C02290,FlsSetValue,00000000), ref: 00B930BF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 226ceee353212825a90963020ce4b25b2bf8922c8c95c33d08c849b00180649b
Instruction ID: 092c838fbbe09517e1aa4e2ed5c3d994e2f2156bb86c7487a00a97e8673457f0
Opcode Fuzzy Hash: 226ceee353212825a90963020ce4b25b2bf8922c8c95c33d08c849b00180649b
Instruction Fuzzy Hash: B501D432301226ABCF314A789C84B6B7FD8EF05FA1B250670F915E3140CB21D945C6E0

Function 00BC7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00BC747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00BC7497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00BC74AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00BC74CA

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 9453c453874a4b7d1f66b3221157bc242fcc335c1c78627fec2715a5baa17f86
Instruction ID: d28d37e36325cca6f2b1406bcea936a10f77db2eee3d62bd5861fe39db8070e7
Opcode Fuzzy Hash: 9453c453874a4b7d1f66b3221157bc242fcc335c1c78627fec2715a5baa17f86
Instruction Fuzzy Hash: B711A1B12453149BE7208F14ED49FA2BFFCEB00B00F1085ADA626D7251DB70E944DF90

Function 00BCB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00BCACD3,?,00008000), ref: 00BCB0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00BCACD3,?,00008000), ref: 00BCB0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00BCACD3,?,00008000), ref: 00BCB0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00BCACD3,?,00008000), ref: 00BCB126

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 58dc9af120a001922c7d8dece8dc97978ce0d55b9a117481e3f49288759254ad
Instruction ID: 202f7b70c55e9eb5cdd6b0780652616dfb2da5204232c71c5edc9af7096f9c3d
Opcode Fuzzy Hash: 58dc9af120a001922c7d8dece8dc97978ce0d55b9a117481e3f49288759254ad
Instruction Fuzzy Hash: 48111831C1151CD7CF009FA4E99AFEEBBB8FF09711F114089D951B3181CB3056508B52

Function 00BF7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00BF7E33
ScreenToClient.USER32(?,?), ref: 00BF7E4B
ScreenToClient.USER32(?,?), ref: 00BF7E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00BF7E8A

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 3d5b1168b58b9474107cc73b6bef7c6105f4f50f215ad33554999747d1c9dc7d
Instruction ID: 772fbc8cbcdf69dfe5792c10fd8e741c51daaaec392fcd05c1381399fd1bb0e8
Opcode Fuzzy Hash: 3d5b1168b58b9474107cc73b6bef7c6105f4f50f215ad33554999747d1c9dc7d
Instruction Fuzzy Hash: EA1113B9D0424EAFDB41DF98C9849EEBBF9FB08310F505096E915E3210D735AA95CF50

Function 00BC2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00BC2DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00BC2DD6
GetCurrentThreadId.KERNEL32 ref: 00BC2DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00BC2DE4

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: d75dd678d91386612f604db688dd4da2587f233dd614aba4b007168308b1088d
Instruction ID: b46d639db9bdb30ff03508325bf41004801d04b19ea168ce224f033ef3397712
Opcode Fuzzy Hash: d75dd678d91386612f604db688dd4da2587f233dd614aba4b007168308b1088d
Instruction Fuzzy Hash: 00E092711052287BD7201B729D0DFFB3EACEF53BA1F100069F506D30809EA0C980C6B0

Function 00BF8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00B79639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B79693
Part of subcall function 00B79639: SelectObject.GDI32(?,00000000), ref: 00B796A2
Part of subcall function 00B79639: BeginPath.GDI32(?), ref: 00B796B9
Part of subcall function 00B79639: SelectObject.GDI32(?,00000000), ref: 00B796E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00BF8887
LineTo.GDI32(?,?,?), ref: 00BF8894
EndPath.GDI32(?), ref: 00BF88A4
StrokePath.GDI32(?), ref: 00BF88B2

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 6ac02bf02c1cd76765752751979273671fccf8871d00a694c12d021ed3f0a334
Instruction ID: b5a19d7b014a8bd265c5efd4bfc6112729222909e9bbec36a0839f1bc3b5b43e
Opcode Fuzzy Hash: 6ac02bf02c1cd76765752751979273671fccf8871d00a694c12d021ed3f0a334
Instruction Fuzzy Hash: 24F03A36041259BADB125FA4AD09FEE3E59AF06310F048141FA11670E2CB755561CBA5

Function 00B798B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00B798CC
SetTextColor.GDI32(?,?), ref: 00B798D6
SetBkMode.GDI32(?,00000001), ref: 00B798E9
GetStockObject.GDI32(00000005), ref: 00B798F1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 07a2f1f81cb02c50a78ce0292fed580d73a7366e16d4a9be421056ff0bf402fb
Instruction ID: 397bca79d9d55b38aeb446828ac028df905800b86157697f4d9ade65da4f4f6c
Opcode Fuzzy Hash: 07a2f1f81cb02c50a78ce0292fed580d73a7366e16d4a9be421056ff0bf402fb
Instruction Fuzzy Hash: 12E06531244244ABEB215F74AD09BF83F50EB51336F148259F6F95A1E1CB714790DB10

Function 00BC162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00BC1634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00BC11D9), ref: 00BC163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00BC11D9), ref: 00BC1648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00BC11D9), ref: 00BC164F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 995914fe9d5997ee557650e68099fbb02cc69740f7176d33f87bfd19b7e263b1
Instruction ID: d41d7299af9e0297e9e16c929adc7090c8697176364b604a0a604368be93a95b
Opcode Fuzzy Hash: 995914fe9d5997ee557650e68099fbb02cc69740f7176d33f87bfd19b7e263b1
Instruction Fuzzy Hash: 4FE04632602215ABD7201BB4AE0DFA63FA8EF45792F148858F245DB080EE348485CB68

Function 00BBD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00BBD858
GetDC.USER32(00000000), ref: 00BBD862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00BBD882
ReleaseDC.USER32(?), ref: 00BBD8A3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: c4ba6e95fddb2572aedc1a979ac1e66024e24a85a74c9e73d3354a8459ffd3fb
Instruction ID: 4fdb7d93eeb330ee62f8c24a7bcf288ddcc667466670ea810dad60f9820443af
Opcode Fuzzy Hash: c4ba6e95fddb2572aedc1a979ac1e66024e24a85a74c9e73d3354a8459ffd3fb
Instruction Fuzzy Hash: 6FE0E5B0804208EFCB419FA09A48A7DBFF1AB08311F109449E84AE7350CB784995EF40

Function 00BBD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00BBD86C
GetDC.USER32(00000000), ref: 00BBD876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00BBD882
ReleaseDC.USER32(?), ref: 00BBD8A3

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 393f537c9ff17693ee54c8a1f7bd1416c674d24682d073ac03cc399bef790f3f
Instruction ID: 7f5d248e336cc2e8e751f070c45dd191f060c8d8ef76343e2e91123b2e10e548
Opcode Fuzzy Hash: 393f537c9ff17693ee54c8a1f7bd1416c674d24682d073ac03cc399bef790f3f
Instruction Fuzzy Hash: FDE012B0804208EFCB40AFA0DA08A7DBFF1BB08310F109448E84AE7350CF385996EF40

Function 00BD4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00B67620: _wcslen.LIBCMT ref: 00B67625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00BD4ED4

Strings

LPT, xrefs: 00BD4DFB
*, xrefs: 00BD4E10

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: eb69f61c67ec47a377a105fd7bc13645c07beb1c398aea5de6109ef677141805
Instruction ID: 0d75ff6f0c613a30bf390f612582a18fcea57d63d14ab2b1917975ac62ebb14c
Opcode Fuzzy Hash: eb69f61c67ec47a377a105fd7bc13645c07beb1c398aea5de6109ef677141805
Instruction Fuzzy Hash: 39913D75A002449FCB14DF58C494EAABBF5EF44308F1980DAE80A9F362E775ED85CB91

Function 00B8E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00B8E30D

Strings

pow, xrefs: 00B8E2E5, 00B8E302

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 7e1e9291ed64bf2e1ce2107c1c4add28042d6be81da241a4877d9a012c7d9ef3
Instruction ID: cef3df1ccf47fcaa2cdae1d0210e4777749c11f7a2d0a73bd7365cc36d9929d2
Opcode Fuzzy Hash: 7e1e9291ed64bf2e1ce2107c1c4add28042d6be81da241a4877d9a012c7d9ef3
Instruction Fuzzy Hash: F0514AA1A6C60296CF167B18C9417BD3BE8EF40740F3449F8E4A5422B9DF34CC91DB4A

Function 00B7E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00B7E1B1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: e9067d61f3d12bea72a4a0367f778e5ea24dc12128b8dc3114ce3e86d695a253
Instruction ID: db2d04e5a78e158b7daee6816cb15fbcb27aa9eb71eb7388feb66c7b33e38512
Opcode Fuzzy Hash: e9067d61f3d12bea72a4a0367f778e5ea24dc12128b8dc3114ce3e86d695a253
Instruction Fuzzy Hash: 40510035504246EFDB15DF68C4816FA7BE8EF19310F2480D9E8B1AB2A1DB74DD42CBA0

Function 00B7F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00B7F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00B7F2BB

Strings

@, xrefs: 00B7F2AF

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: c9e9e902ab5f4783233ea7738ab2a53b626e889a86a3f21414606fc7ad5d64ef
Instruction ID: 05a200053483bc5b51e425af46cabc34e43b2e80af18f0d322edc2aa44f65c2b
Opcode Fuzzy Hash: c9e9e902ab5f4783233ea7738ab2a53b626e889a86a3f21414606fc7ad5d64ef
Instruction Fuzzy Hash: AC5155714187459BD320AF50D886BAFBBF8FB84304F81888DF2D9411A5EB758529CB66

Function 00BE5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00BE57E0
_wcslen.LIBCMT ref: 00BE57EC

Strings

CALLARGARRAY, xrefs: 00BE57E6, 00BE57EB

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 6c90bd8cf0e69fc2beb338ee89df18311de016791bea0e8f4eb8ed11cfca6e09
Instruction ID: d5d9f4b7862b9f13f8ad491b9047d6d327ec9a33ab6c04df86fc86ba557325c8
Opcode Fuzzy Hash: 6c90bd8cf0e69fc2beb338ee89df18311de016791bea0e8f4eb8ed11cfca6e09
Instruction Fuzzy Hash: F041B231E00109DFCB24DFA9C8819BEBBF9FF59318F1441A9E515A7251EB349D81CB90

Function 00BDD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00BDD130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00BDD13A

Strings

|, xrefs: 00BDD10B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: a1809a2930ed09f66dd920ac6aa5fd8beb634fab4db4cd3887e870a560b8c27f
Instruction ID: 8e3851e289471ca7bfba4ab6de5d53430d14defa0f9147fa3088c5fda3241e9d
Opcode Fuzzy Hash: a1809a2930ed09f66dd920ac6aa5fd8beb634fab4db4cd3887e870a560b8c27f
Instruction Fuzzy Hash: 99311A71D00209ABCF15EFA4CC85AEEBFF9FF04300F000199F915A6261E735AA46DB90

Function 00BF356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00BF3621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00BF365C

Strings

static, xrefs: 00BF35BC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 384d38a52507e055c220fb6c91325ca350c68f25a4fbdd595fb351d5ad129b33
Instruction ID: 9e6aa7a70188d289f28eaa15894817d7cc6a4454b2791da5eb9a4c693acb2e15
Opcode Fuzzy Hash: 384d38a52507e055c220fb6c91325ca350c68f25a4fbdd595fb351d5ad129b33
Instruction Fuzzy Hash: F0318D71110208AEDB109F68DC80EBB77E9FF98B24F008659FAA5D7290DA30ED95D760

Function 00BF4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00BF461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00BF4634

Strings

', xrefs: 00BF458E

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 4a5d30b3083b35ebb5624011e3c8b17dd14e958dbc25f9f91f70de1bfac47a99
Instruction ID: f81806e267f1acbf5d932555ffbc80353ac4a561680f7389bec3d976c968f827
Opcode Fuzzy Hash: 4a5d30b3083b35ebb5624011e3c8b17dd14e958dbc25f9f91f70de1bfac47a99
Instruction Fuzzy Hash: 1131F574A01209AFDF14DFA9C990BEABBF5FB59300F1440AAEA05AB351D770A945CF90

Function 00BF31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00BF327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BF3287

Strings

Combobox, xrefs: 00BF3249

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 91db9745cbcd6e36b76e18038df17bd4a7026103a9fc58c3c959c891b5ff8cb2
Instruction ID: 1b5bc8cf1faaa9438df18e3dcd65959829ffb4d90d416a79ae7336dba3e05076
Opcode Fuzzy Hash: 91db9745cbcd6e36b76e18038df17bd4a7026103a9fc58c3c959c891b5ff8cb2
Instruction Fuzzy Hash: B311B27130020C7FFF219E54DC80EBB3BEAEB98764F104265FA1897290D631DD559760

Function 00BF3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00B6600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00B6604C
Part of subcall function 00B6600E: GetStockObject.GDI32(00000011), ref: 00B66060
Part of subcall function 00B6600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B6606A

GetWindowRect.USER32(00000000,?), ref: 00BF377A
GetSysColor.USER32(00000012), ref: 00BF3794

Strings

static, xrefs: 00BF3757

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: bd34ef6514d44be0a301e09b38554096361e9b0bafceb91c7b5e890b96ad3ccd
Instruction ID: e515e2949e018783128516f4419cd790ee59ba8d8072be2c04027862ed9f99ca
Opcode Fuzzy Hash: bd34ef6514d44be0a301e09b38554096361e9b0bafceb91c7b5e890b96ad3ccd
Instruction Fuzzy Hash: 601106B2610209AFDB00EFA8C846EBA7BE8EB08714F004954FA55E3250DB35E955DB50

Function 00BDCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00BDCD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00BDCDA6

Strings

<local>, xrefs: 00BDCD66

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 8b6200835cd926703463c3a8eae30a2a7c0745b09cef9fc3ddddb39763b0f562
Instruction ID: 12d047f736f68bf2506bbb1d7eb98331c7696e9f380adf1cadbba8db4efd6f71
Opcode Fuzzy Hash: 8b6200835cd926703463c3a8eae30a2a7c0745b09cef9fc3ddddb39763b0f562
Instruction Fuzzy Hash: 0611A3712056367AD7284A668C85EF7FEAAEF127A4F104277B11A83290E6609840D6F0

Function 00BF3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00BF34AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00BF34BA

Strings

edit, xrefs: 00BF348F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: f18174672af4df32cc201ebb93a6ef144630e030ed1ec4ea7fe3a9d2b99cd8da
Instruction ID: 9bf704fb37aa702a2897cb02ede15fc7e2d396f3ce390f0d4c53d8a65e6f6c74
Opcode Fuzzy Hash: f18174672af4df32cc201ebb93a6ef144630e030ed1ec4ea7fe3a9d2b99cd8da
Instruction Fuzzy Hash: 5311BC7110020CAFEB128E64DC80ABB3BEAEB04B74F504364FA60932E0C771DD999B60

Function 00BC6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

CharUpperBuffW.USER32(?,?,?), ref: 00BC6CB6
_wcslen.LIBCMT ref: 00BC6CC2

Strings

STOP, xrefs: 00BC6CBC, 00BC6CC1

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: b6c94653cb922d4c22f3190372f41438dfd58d7ab995298816d7e108d28a4d9b
Instruction ID: 440ccae411bc6831978dde2c9ee29e3f70e4ff9bbf23b64c08662de7313e8e62
Opcode Fuzzy Hash: b6c94653cb922d4c22f3190372f41438dfd58d7ab995298816d7e108d28a4d9b
Instruction Fuzzy Hash: 5801C032A1052A8BCB20AFFDDC80EBF77E9EB61720B1005BCE86297194EB35D940C650

Function 00BC1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BC3CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00BC1D4C

Strings

ComboBox, xrefs: 00BC1CEB
ListBox, xrefs: 00BC1D16

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: be1f406c1ed3832dbc5f829a40d0cd14b8f39019a9fbc6fd823a636775da47af
Instruction ID: 2f51347b4b1936385fac12de1e773d6871b811221fb8c0407bf2f417c44ba22c
Opcode Fuzzy Hash: be1f406c1ed3832dbc5f829a40d0cd14b8f39019a9fbc6fd823a636775da47af
Instruction Fuzzy Hash: EF01D871601218ABCB04EBA4CD51EFF77E8EB57350B140DADF823672C2EA349908C660

Function 00BC1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BC3CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00BC1C46

Strings

ComboBox, xrefs: 00BC1BE5
ListBox, xrefs: 00BC1C10

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: c1fb60aee2098d8ffecac0dbba04d1874dd494d1051296499d4a20039f19a992
Instruction ID: 12b6f48af06cec1687725d1c05c500c598c7bd211ffb21393db5aa4f7d7035c5
Opcode Fuzzy Hash: c1fb60aee2098d8ffecac0dbba04d1874dd494d1051296499d4a20039f19a992
Instruction Fuzzy Hash: 0B01A77578110867CB04EB94CA51FFF77ECDB12340F14049DB40677282EA349E18E6B1

Function 00BC1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BC3CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00BC1CC8

Strings

ComboBox, xrefs: 00BC1C69
ListBox, xrefs: 00BC1C94

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 1bac771f184acf773829f4e0bebd191a1a6cd7c0407f25d4ca9d90cb400545f3
Instruction ID: fb8ed551bb2dd66ca77e6f851cc4fc5ea068b5ad95f7128020109fda7cfb8ce2
Opcode Fuzzy Hash: 1bac771f184acf773829f4e0bebd191a1a6cd7c0407f25d4ca9d90cb400545f3
Instruction Fuzzy Hash: EB018F7168021867CB04EBA4CA51FFF77ECDB12380F540499B802B7282EA349E18D671

Function 00BC1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00B69CB3: _wcslen.LIBCMT ref: 00B69CBD

Part of subcall function 00BC3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00BC3CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00BC1DD3

Strings

ComboBox, xrefs: 00BC1D75
ListBox, xrefs: 00BC1DA0

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: ab76c764f2af69d57401cdd12dd52cd807a7ca6cfd172498d0d2025b68402473
Instruction ID: de1b0562150d1d98f03f9cd5dc258b149098e8acc577c653bdcb614202f9139e
Opcode Fuzzy Hash: ab76c764f2af69d57401cdd12dd52cd807a7ca6cfd172498d0d2025b68402473
Instruction Fuzzy Hash: 36F0A471B5121867DB04F7A8DD92FFF77ECEB12750F440DA9B822B32C2DA7459088660

Function 00BE747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00BE7493
_wcslen.LIBCMT ref: 00BE74B9

Strings

3, 3, 16, 1, xrefs: 00BE7483

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: da760fe68ea81731eb82ffbda04c4acb24a22dc91b2956f7bd2745e0690aa379
Instruction ID: 4ecba43e7b40aa2a556c173ecdedc5952c1f236109186aeee7978457c84247d3
Opcode Fuzzy Hash: da760fe68ea81731eb82ffbda04c4acb24a22dc91b2956f7bd2745e0690aa379
Instruction Fuzzy Hash: 1EE02B02245261149231227BECC197F56D9CFC975071018ABF985C23B6EF94CD91D3A0

Function 00BC0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00BC0B23

Strings

AutoIt, xrefs: 00BC0B17
Error allocating memory., xrefs: 00BC0B1C

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 7fd7bb1dd58ed6d795f9b5b23efdef548f6283961305d398e7f88fa721a199d3
Instruction ID: d8e88e696489b7d943f4b96163b3f2ce9675cc8689080b899aa0c352d2ab43ae
Opcode Fuzzy Hash: 7fd7bb1dd58ed6d795f9b5b23efdef548f6283961305d398e7f88fa721a199d3
Instruction Fuzzy Hash: 45E0483228931D6AD21436557D03FA97FC4CF05B51F1044AAFB58965D38FE168D087ED

Function 00B80D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00B7F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00B80D71,?,?,?,00B6100A), ref: 00B7F7CE

IsDebuggerPresent.KERNEL32(?,?,?,00B6100A), ref: 00B80D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00B6100A), ref: 00B80D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00B80D7F

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: a4b20efc0cc0ec14c3d271ea3199d81aeda7b4c3e581db28635f863d9d476049
Instruction ID: be2abcea14b7e2849324af7e5059b9445af116dccd0ec66beff47760a54adc95
Opcode Fuzzy Hash: a4b20efc0cc0ec14c3d271ea3199d81aeda7b4c3e581db28635f863d9d476049
Instruction Fuzzy Hash: F2E06D702103028FD3A0BFB9E5043667BE4EF00780F0489BDE886C7661DBB4E488CB91

Function 00BD3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00BD302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00BD3044

Strings

aut, xrefs: 00BD3038

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 26b84ea9826e6f6d3955c82965cf4925c987e02f5aba6e164c6be25e7b063cef
Instruction ID: d71c12389162d9b464c834a3a3d117d09acf34809e73d49eee5ddf3694efc890
Opcode Fuzzy Hash: 26b84ea9826e6f6d3955c82965cf4925c987e02f5aba6e164c6be25e7b063cef
Instruction Fuzzy Hash: 50D05E72500328A7DA20A7A4AD0EFDB3E6CDB04750F0002A1B655E3092DEB09984CAE0

Function 00BBD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00BBD220

Strings

X64, xrefs: 00BBD2A8
%.3d, xrefs: 00BBD22B

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: a081c41b1cc86b247b9e3a619085f12db897235df51e5c2b8892b2d49c8cf397
Instruction ID: ddec2e7207602ad899893e688b6fe174c83e711a1680c50edf2ac22ee110061a
Opcode Fuzzy Hash: a081c41b1cc86b247b9e3a619085f12db897235df51e5c2b8892b2d49c8cf397
Instruction Fuzzy Hash: 47D01261C09159EBCB50D7D0DCC59F9B7FCEB08341F5084E2F91A92040F66CC948AB61

Function 00BF2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BF232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00BF233F

Part of subcall function 00BCE97B: Sleep.KERNEL32 ref: 00BCE9F3

Strings

Shell_TrayWnd, xrefs: 00BF2325

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 3904485b0501d268d7756f141df1c10b4dd100c935271b21150ceddaf3c3e876
Instruction ID: e985e1bcd37e2b6ae63eba7a7729a75c878b0c59e4073eee3eaae537e3261393
Opcode Fuzzy Hash: 3904485b0501d268d7756f141df1c10b4dd100c935271b21150ceddaf3c3e876
Instruction Fuzzy Hash: 8ED01276394314B7E664B770ED0FFD67E54AB10B10F0049267755EB1D0CDF0A881CA54

Function 00BF2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BF236C
PostMessageW.USER32(00000000), ref: 00BF2373

Part of subcall function 00BCE97B: Sleep.KERNEL32 ref: 00BCE9F3

Strings

Shell_TrayWnd, xrefs: 00BF2365

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: a85a53ade4bd4abafd0825c10d5609479798fe214c055e985b4149e500448504
Instruction ID: fb97ad845171eb79dfad210004aed63f3588a220f35c25de6d56e7b9e29929d1
Opcode Fuzzy Hash: a85a53ade4bd4abafd0825c10d5609479798fe214c055e985b4149e500448504
Instruction Fuzzy Hash: 17D0C972385314BAE664A770AD0FFD66A54AB15B10F4049267655EB1D0C9F0A881CA54

Function 00B9BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00B9BE93
GetLastError.KERNEL32 ref: 00B9BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B9BEFC

Memory Dump Source

Source File: 00000000.00000002.3302395539.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true

Associated: 00000000.00000002.3302360530.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000BFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302551517.0000000000C22000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302645757.0000000000C2C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3302688081.0000000000C34000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b60000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: c71a7f3f5dbd128c6f1f225bb062ec7f7610e9942676fc625cd099182a1e1430
Instruction ID: c72df82b3246c9cd85e89eb56b331e5700b7a2513cf360ae79e47c44364e2594
Opcode Fuzzy Hash: c71a7f3f5dbd128c6f1f225bb062ec7f7610e9942676fc625cd099182a1e1430
Instruction Fuzzy Hash: 5941B13560060AABCF219F64EE84FBA7BE9EF41310F1441F9F959971A1DB308D01CB50

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre