Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1527956
MD5:	6d09b95cc7d01afe4997af5e6e550580
SHA1:	4d1727ef778c9516274e0beb383c22b1282382fa
SHA256:	ca2858de41af6f9b91bafd74fbb004bf30a313701f14118406f091822f9ae635
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7264 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6D09B95CC7D01AFE4997AF5E6E550580)

taskkill.exe (PID: 7280 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7344 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7408 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7472 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7536 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 7624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 7264	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 1416sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=UwKxF1J0Ty-rCTFpiJigHwx9qSYUjdENylT2S5EBu-d7HIQNmkiBrs4abkKIikW5MuMg8y8ds6lU-LU8nv4jiRSmeAnRyNtpYQ1RYL_SOj8r5MNcOIINVzxGlKqjlDWV01cqxRWVKHaXdZjqwunWYK87d5fkyKvT0B_we7awexcXtsvmvVa4I2zfww

Source: chromecache_149.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_149.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_145.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_149.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_149.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_145.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_145.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_149.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_149.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_149.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_149.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_149.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_149.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_149.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_149.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_149.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_149.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_149.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_145.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_149.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_149.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_145.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_149.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_149.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_145.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_145.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_145.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_145.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_145.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_145.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_149.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_149.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.1733203302.0000000000584000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2964510887.0000000001028000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_149.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 62894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62910
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 62905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 62906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62889
Source: unknown	Network traffic detected: HTTP traffic on port 62908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62899
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62897
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 62889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 62910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62906
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62909
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62903
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62904
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62905
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 62903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49796 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F2EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00F2EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F2ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00F2ED6A

Source: C:\Users\user\Desktop\file.exe

0_2_00F2EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F1AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00F1AA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F49576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00F49576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1709870001.0000000000F72000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_35c65fd8-9
Source: file.exe, 00000000.00000000.1709870001.0000000000F72000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_c8935dfd-9
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_aa644c1f-d
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_bd7cccde-3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F1D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00F1D5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F11201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00F11201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F1E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00F1E8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB8060	0_2_00EB8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F22046	0_2_00F22046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F18298	0_2_00F18298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EEE4FF	0_2_00EEE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE676B	0_2_00EE676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F44873	0_2_00F44873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EBCAF0	0_2_00EBCAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDCAA0	0_2_00EDCAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ECCC39	0_2_00ECCC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE6DD9	0_2_00EE6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB91C0	0_2_00EB91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ECB119	0_2_00ECB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED1394	0_2_00ED1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED1706	0_2_00ED1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED781B	0_2_00ED781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED19B0	0_2_00ED19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EC997D	0_2_00EC997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB7920	0_2_00EB7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED7A4A	0_2_00ED7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED7CA7	0_2_00ED7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED1C77	0_2_00ED1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE9EEE	0_2_00EE9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3BE44	0_2_00F3BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED1F32	0_2_00ED1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ED0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ECF9F2 appears 31 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal64.troj.evad.winEXE@51/30@12/7

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F237B5 GetLastError,FormatMessageW,

0_2_00F237B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F110BF AdjustTokenPrivileges,CloseHandle,		0_2_00F110BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00F116C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00F251CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F3A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_00F3A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F2648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00F2648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00EB42A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7416:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7288:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7352:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7544:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00EB42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ED0A76 push ecx; ret

0_2_00ED0A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ECF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00ECF98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F41C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00F41C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-95824

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7158			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1774			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.7 %

Source: C:\Users\user\Desktop\file.exe TID: 7268

Thread sleep time: -71580s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7158 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00F1DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F268EE FindFirstFileW,FindClose,	0_2_00F268EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00F2698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00F1D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00F1D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F29642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00F29642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00F2979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F29B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00F29B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F25C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00F25C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00EB42DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F2EAA2 BlockInput,

0_2_00F2EAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EE2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00EE2622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00EB42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ED4CE8 mov eax, dword ptr fs:[00000030h]

0_2_00ED4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F10B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00F10B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00EE2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00ED083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED09D5 SetUnhandledExceptionFilter,	0_2_00ED09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00ED0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00F11201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EF2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00EF2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F1B226 SendInput,keybd_event,

0_2_00F1B226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_00F322DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00F10B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F11663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00F11663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ED0698 cpuid

0_2_00ED0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F28195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00F28195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F0D27A GetUserNameW,

0_2_00F0D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EEBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00EEBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00EB42DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 7264, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 7264, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F31204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00F31204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F31806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00F31806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	172.217.18.110	true	false	unknown
www3.l.google.com	216.58.206.46	true	false	unknown
play.google.com	142.250.181.238	true	false	unknown
www.google.com	142.250.185.68	true	false	unknown
youtube.com	172.217.16.142	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false		unknown
https://www.google.com/favicon.ico	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_149.13.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_149.13.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_145.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_149.13.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_145.13.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_149.13.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_149.13.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_149.13.dr	false		unknown
https://support.google.com/accounts?hl=	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_149.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_149.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
216.58.206.46	www3.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false
172.217.18.110	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
172.217.16.142	youtube.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527956
Start date and time:	2024-10-07 13:22:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal64.troj.evad.winEXE@51/30@12/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 41 Number of non-executed functions: 311
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.250.181.238, 142.251.168.84, 34.104.35.123, 142.250.185.227, 172.217.16.131, 142.250.185.74, 142.250.185.170, 142.250.186.42, 142.250.185.106, 142.250.186.74, 142.250.184.234, 142.250.185.202, 216.58.212.170, 142.250.181.234, 142.250.186.170, 216.58.212.138, 142.250.185.234, 142.250.186.106, 142.250.186.138, 216.58.206.42, 172.217.16.202, 142.250.185.138, 172.217.18.10, 172.217.18.106, 142.250.184.202, 216.58.206.74, 93.184.221.240, 192.229.221.95, 142.250.186.163, 66.102.1.84, 216.58.212.142
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://emmaway-my.sharepoint.com/:f:/g/personal/jessica_emmaway_uk/Eodal0AmsKFKtMeEeNJG0V0B3d0_hcKMrsOYen-8p5FxhQ?e=bBSdNW	Get hash	malicious	Unknown	Browse
	http://www.twbcompany.com	Get hash	malicious	Unknown	Browse
	https://cloud.list.lu/index.php/s/znw4dNSttiDzHTB	Get hash	malicious	Unknown	Browse
	c3KH2gLNrM.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	http://46.27.141.62	Get hash	malicious	Unknown	Browse
	https://kohlhage-de.powerappsportals.com/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	High Court Summons Notice.pdf	Get hash	malicious	Unknown	Browse
	https://kohlhage-de.powerappsportals.com/	Get hash	malicious	HtmlDropper	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	cfev.-Information refb08b4d10f3ce74a317adeabab8ac66ad.htm	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
play.google.com	c3KH2gLNrM.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	172.217.18.110
	file.exe	Get hash	malicious	Credential Flusher	Browse	216.58.206.46
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.142
	Fact-2024-10.pdf	Get hash	malicious	Unknown	Browse	142.250.185.142
	4qZ59IMp8b.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.174
	http://appeal-voilation-policy-issues.github.io/Submit-review-/	Get hash	malicious	Unknown	Browse	142.250.185.142
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.186.110
	http://sites.google.com/coinswallett.com/walletconnectt/home/	Get hash	malicious	Unknown	Browse	142.250.74.206
	https://allegrolokalnie.p24-v990d8a01.pl/oferta/df10e59f-ef1b-4d67-8f86-5b7cf2069508	Get hash	malicious	Unknown	Browse	172.217.18.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.184.206

ASNs

⊘No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://emmaway-my.sharepoint.com/:f:/g/personal/jessica_emmaway_uk/Eodal0AmsKFKtMeEeNJG0V0B3d0_hcKMrsOYen-8p5FxhQ?e=bBSdNW	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	http://www.twbcompany.com	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://cloud.list.lu/index.php/s/znw4dNSttiDzHTB	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	c3KH2gLNrM.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	http://46.27.141.62	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	https://kohlhage-de.powerappsportals.com/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	High Court Summons Notice.pdf	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	SecuriteInfo.com.Win32.PWSX-gen.19312.293.exe	Get hash	malicious	Unknown	Browse	4.175.87.197 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Credential Flusher	Browse	4.175.87.197 184.28.90.27 13.107.246.45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9211
Entropy (8bit):	5.393454943843583
Encrypted:	false
SSDEEP:	192:t7mFYxV97IeIa0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Ir2t+dEF1JlNg
MD5:	1848ADF9DF4F0B9EB4E56FFA23A16796
SHA1:	CC54EFA712F6F82DE0977905A5FFF1D1029B5BDF
SHA-256:	5A43C2FDD10E0D10637D203FAEA519F034A13303F0ED542408C558D727C1AA56
SHA-512:	AB63E6B3394B274C0546BBFF4444816CF79A4D892DE9BB7FBC7EEAFBE37A396F22278D5EDBA81DD19D28B9614AB0D83243E12B1F4322FE95E13FD7271CE05255
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4068
Entropy (8bit):	5.370430682968771
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTsw:3mTOImedWOVF6vtUJyA8xJZ
MD5:	AF3C2B50FABC8DDB5CDAEFFEA7878CB9
SHA1:	2D75D985CCE4453480787700B96B81809BB0DAEC
SHA-256:	3468FD73B47F212173B6C8B32DB6DD9F3348617BA4BFDC77A1939B1BB98A2438
SHA-512:	8CCD6C833BEAF40E0CD35F48E8BCE38CD8315B38C4A1EAFFE958A79D37A145FB16BB217A503C37F29A09949E837A4A5BBB1C96B1F4E8D1A66D3FCEB188EE17B9
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792855158264205
Encrypted:	false
SSDEEP:	6144:l5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:9OeKGSpgu/
MD5:	1C074FFA394C0A391A155AA7BC324B94
SHA1:	4AE0B6B55F93194332B80C7FF405C530A5093626
SHA-256:	6E86F756E8C9EF4090EA0E9F026224F63FD45BB96C39FBC5BBC9862A6C65DC35
SHA-512:	6CFA6277ABD8C140A00BDB15EBA93656E3F2A2E3A20D850003655BC63B7E3229354CD71F07B335D27B43600DD906C61738D151854D5076D8AC34BB0C2A6D6C32
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlH3q0jVbYYiO617zFp27kMqU3AaWg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x2046d864, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698854
Entropy (8bit):	5.5949878545992435
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJi9pZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiSU+
MD5:	16A9D8B7D80B923760B086BCBE3F98DE
SHA1:	DFCDCDCAC1E5D5148C61B0BF9ACAD1BF59011AA5
SHA-256:	404818CE1670AF132D3DD0E6A6AFFD2D2B23167CBDFBBFCB62D52AD36B164380
SHA-512:	11E6899995C67296B65FBEA94A2944B8C7AA49C3A11DC9A249C9D5BB4738CAD2FBF3FDECA306FCE1EB6ECF19794370B983BC87029B2EAB4C8C5FC32F8154A9B9
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBm2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHcm_AmnkxyZDRYujxIEpRVVQs8wA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583817157993573
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	6d09b95cc7d01afe4997af5e6e550580
SHA1:	4d1727ef778c9516274e0beb383c22b1282382fa
SHA256:	ca2858de41af6f9b91bafd74fbb004bf30a313701f14118406f091822f9ae635
SHA512:	15cb29574f840ac731cfaa97be87c7cc4def1531e3cfd2ede8f7ba436b92470e35aeef3cd09e802e160b28cad6979097523624196ea752d6c7bc08d3b075c6a7
SSDEEP:	24576:FqDEvCTbMWu7rQYlBQcBiT6rprG8a4VK:FTvC/MTQYxsWR7a4
TLSH:	8F159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6703C211 [Mon Oct 7 11:12:17 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F21253CE5B3h
jmp 00007F21253CDEBFh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F21253CE09Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F21253CE06Ah
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F21253D0C5Dh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F21253D0CA8h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F21253D0C91h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	02433c6f7371c17198457b0ac54bc272	False	0.3167317708333333	data	5.332639800350655	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 13:23:04.528593063 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:04.528629065 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:04.528687000 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:04.529325962 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:04.529339075 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:04.536494017 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 7, 2024 13:23:05.181480885 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.181691885 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.181704998 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.183012009 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.183084965 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.185519934 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.185637951 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.186600924 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.186683893 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.186702013 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.231400967 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.239348888 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.239362001 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.286324978 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.475133896 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.475186110 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.475193977 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.475204945 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.475239038 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.503449917 CEST	49733	443	192.168.2.4	172.217.16.142
Oct 7, 2024 13:23:05.503469944 CEST	443	49733	172.217.16.142	192.168.2.4
Oct 7, 2024 13:23:05.715862036 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:05.715920925 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:05.716053009 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:05.716563940 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:05.716582060 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.345452070 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.346208096 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.346219063 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.346626997 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.346770048 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.347261906 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.347412109 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.348431110 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.348517895 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.348823071 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.395402908 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.395797968 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.395808935 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.442522049 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.638897896 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.638963938 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.638977051 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.638987064 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:06.639025927 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.641227007 CEST	49736	443	192.168.2.4	172.217.18.110
Oct 7, 2024 13:23:06.641241074 CEST	443	49736	172.217.18.110	192.168.2.4
Oct 7, 2024 13:23:08.894908905 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:08.894962072 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:08.895415068 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:08.895415068 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:08.895456076 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:09.465843916 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:09.465905905 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:09.465975046 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:09.510137081 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:09.510181904 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:09.567428112 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:09.568993092 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:09.569017887 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:09.570040941 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:09.570172071 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:09.571271896 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:09.571347952 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:09.622920990 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:09.622931957 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:09.676665068 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:10.168644905 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.168765068 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.216880083 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.216933966 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.217379093 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.267265081 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.311412096 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.455351114 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.455461979 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.455532074 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.456393957 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.456420898 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.456438065 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.456446886 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.497435093 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.497488976 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:10.497556925 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.497879982 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:10.497898102 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:11.134789944 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:11.134875059 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:11.137320042 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:11.137331963 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:11.137651920 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:11.139616013 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:11.187408924 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:11.410866976 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:11.410945892 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:11.411873102 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:11.412276983 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:11.412295103 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:11.412305117 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 13:23:11.412309885 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 13:23:14.758124113 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:14.758172035 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:14.758220911 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:14.758918047 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:14.758938074 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.390243053 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.390512943 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.390536070 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.391083956 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.391153097 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.392123938 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.392174006 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.393068075 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.393155098 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.393275976 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.393287897 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.443094969 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.707657099 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.707721949 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.707772017 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.707792044 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.707832098 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.707848072 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.707889080 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.713871002 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.713942051 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.719995022 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.720050097 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.720067978 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.720078945 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.720118999 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.726274014 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.726337910 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.732672930 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.732727051 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.732744932 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.732753038 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.732793093 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.794301033 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.794351101 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.794383049 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.794394970 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.794433117 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.797189951 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.797239065 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.803509951 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.803554058 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.803576946 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.803585052 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.803622961 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.809968948 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.810041904 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.815932035 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.815996885 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.816009045 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.822482109 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.822530985 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.822540045 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.828613043 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.828672886 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.828681946 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.828744888 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:15.828799009 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.828952074 CEST	49757	443	192.168.2.4	216.58.206.46
Oct 7, 2024 13:23:15.828967094 CEST	443	49757	216.58.206.46	192.168.2.4
Oct 7, 2024 13:23:18.173927069 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:18.186367035 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:18.186398983 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:18.186484098 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:18.187752008 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:18.187771082 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:18.219400883 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:18.375976086 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:18.376024008 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:18.376054049 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:18.376085043 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:18.376091003 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:18.376106024 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:18.376127005 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:18.376240969 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:18.376283884 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:18.377711058 CEST	49741	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:23:18.377723932 CEST	443	49741	142.250.185.68	192.168.2.4
Oct 7, 2024 13:23:18.974919081 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:18.975003004 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:18.977768898 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:18.977788925 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:18.978096008 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.021138906 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:19.681885004 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:19.690308094 CEST	49723	80	192.168.2.4	88.221.110.91
Oct 7, 2024 13:23:19.695836067 CEST	80	49723	88.221.110.91	192.168.2.4
Oct 7, 2024 13:23:19.696990967 CEST	49723	80	192.168.2.4	88.221.110.91
Oct 7, 2024 13:23:19.727401018 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941046953 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941076040 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941083908 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941097021 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941133022 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941159964 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:19.941203117 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941221952 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:19.941248894 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:19.941800117 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941855907 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:19.941867113 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.941999912 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:19.942044020 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:20.704948902 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:20.704967022 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:20.705192089 CEST	49769	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:20.705198050 CEST	443	49769	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:54.508744955 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:54.508770943 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:54.508831978 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:54.509078979 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:54.509089947 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.201886892 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.202018976 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.205323935 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.205342054 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.205719948 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.213903904 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.259396076 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.641782999 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.641808033 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.641833067 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.641937017 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.641943932 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.641993046 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.733613014 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.733639956 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.733705997 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.733726025 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.733792067 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.736105919 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.736136913 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.736187935 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.736196995 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.736207962 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.736234903 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.825222015 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.825254917 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.825396061 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.825423956 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.825474977 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.826277018 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.826299906 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.826356888 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.826371908 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.826406002 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.827265978 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.827289104 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.827339888 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.827351093 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.827409983 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.829082012 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.829158068 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.829166889 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.829175949 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.829212904 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.920625925 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.920655966 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.920764923 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.920779943 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.920823097 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.920929909 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.920949936 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.920984983 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.920989037 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.921015024 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.921044111 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.921858072 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.921875954 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.921927929 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.921931982 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.921972036 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.922863007 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.922883034 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.922961950 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.922972918 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.923019886 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.923564911 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.923592091 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.923630953 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.923636913 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.923652887 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.923667908 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924112082 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.924130917 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.924170971 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924175024 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.924196959 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924207926 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924659014 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.924716949 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924721003 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.924748898 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.924757957 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924792051 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924829006 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924846888 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.924854994 CEST	49784	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.924860954 CEST	443	49784	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.993606091 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.993709087 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.993788958 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.994966984 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.995011091 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.995078087 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.996875048 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.996906996 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.996927023 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.996943951 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.996988058 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.997015953 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.997766018 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.997778893 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.997879028 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.997893095 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.998794079 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.998816013 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.998862982 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.998876095 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:55.999937057 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:55.999983072 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.000051022 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.000200033 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.000212908 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.628674984 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.629440069 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.629482985 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.629941940 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.629951000 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.631516933 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.633552074 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.633569002 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.637712002 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.637723923 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.667136908 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.667602062 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.667634964 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.668023109 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.668030977 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.687742949 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.688529968 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.688558102 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.689003944 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.689012051 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.727714062 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.727777958 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.727827072 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.728039980 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.728065014 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.728076935 CEST	49785	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.728082895 CEST	443	49785	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.731420994 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.731468916 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.731690884 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.731690884 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.731725931 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.732697964 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.732719898 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.732780933 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.732799053 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.732841969 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.732847929 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.732889891 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.732923031 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.732938051 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.732948065 CEST	49787	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.732953072 CEST	443	49787	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.734831095 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.734867096 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.734939098 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.735050917 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.735060930 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.770143032 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.770169020 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.770216942 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.770246983 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.770307064 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.770313025 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.770324945 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.770365953 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.770498991 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.770517111 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.770525932 CEST	49786	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.770530939 CEST	443	49786	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.774513960 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.774580002 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.774662971 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.774808884 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.774840117 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.795568943 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.795589924 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.795653105 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.795680046 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.795912027 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.795912981 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.795927048 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.796062946 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.796089888 CEST	443	49788	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.796129942 CEST	49788	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.798443079 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.798484087 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:56.798547983 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.798674107 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:56.798681021 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.119236946 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:57.119267941 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:57.119419098 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:57.119698048 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:57.119710922 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:57.380551100 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.381684065 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.381684065 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.381716013 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.381732941 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.392878056 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.393374920 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.393399954 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.393712997 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.393718004 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.423257113 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.423775911 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.423791885 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.424051046 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.424056053 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.432988882 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.433402061 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.433422089 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.433912992 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.433917046 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.450237989 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.450545073 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.450572968 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.451420069 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.451426029 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.480112076 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.480169058 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.480314016 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.480410099 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.480410099 CEST	49790	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.480434895 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.480447054 CEST	443	49790	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.483175039 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.483236074 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.483329058 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.483475924 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.483504057 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.496695995 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.496824980 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.496886015 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.496939898 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.496954918 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.496969938 CEST	49791	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.496974945 CEST	443	49791	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.498905897 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.498936892 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.499012947 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.499125004 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.499135017 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.524724960 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.524777889 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.524832964 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.524982929 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.525000095 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.525017023 CEST	49792	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.525022984 CEST	443	49792	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.527240038 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.527287960 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.527370930 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.527499914 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.527512074 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.533873081 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.533940077 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.533982038 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.534102917 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.534117937 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.534128904 CEST	49793	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.534133911 CEST	443	49793	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.536117077 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.536137104 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.536210060 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.536334038 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.536341906 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.650687933 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.650753975 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.650896072 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.651009083 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.651009083 CEST	49789	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.651032925 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.651045084 CEST	443	49789	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.653589964 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.653631926 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:57.653709888 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.653862953 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:57.653878927 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.893843889 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:58.894015074 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:58.895677090 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:58.895704985 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:58.895962954 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:58.904695034 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:58.908998013 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.909348965 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.909360886 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.909730911 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.909734964 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.912703037 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.912976980 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.913003922 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.913464069 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.913471937 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.917505980 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.917795897 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.917804003 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.918014050 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.918165922 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.918171883 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.918239117 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.918246031 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.918576956 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.918585062 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.918589115 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.918797970 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.918811083 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.919117928 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:58.919122934 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:58.947408915 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.019347906 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.019458055 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.019501925 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.019685984 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.019705057 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.019720078 CEST	49799	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.019730091 CEST	443	49799	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.021771908 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.021822929 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.021863937 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.022401094 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.022465944 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.022511005 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.022938967 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.022999048 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.023052931 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.023816109 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.023821115 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.023834944 CEST	49796	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.023838043 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.023838997 CEST	443	49796	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.023888111 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.023984909 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.024018049 CEST	49798	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.024036884 CEST	443	49798	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.025306940 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.025319099 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.026267052 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.026304960 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.026374102 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.026483059 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.026498079 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.027056932 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.027070999 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.027086020 CEST	49795	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.027091980 CEST	443	49795	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.027416945 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.027426004 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.027481079 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.027755022 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.027764082 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.029032946 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.029063940 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.029191971 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.029324055 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.029334068 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.039359093 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.039412975 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.039465904 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.039531946 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.039542913 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.039552927 CEST	49797	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.039558887 CEST	443	49797	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.042208910 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.042223930 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.042273998 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.042376041 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.042385101 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.258475065 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.258508921 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.258537054 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.258637905 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:59.258656979 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.258723021 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:59.259675980 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.259733915 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.259759903 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.259763002 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:59.259792089 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:59.259814024 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:59.263230085 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:59.263247013 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.263257027 CEST	49794	443	192.168.2.4	4.175.87.197
Oct 7, 2024 13:23:59.263262987 CEST	443	49794	4.175.87.197	192.168.2.4
Oct 7, 2024 13:23:59.920902967 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.920949936 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.921389103 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.921422958 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.921787977 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.921824932 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.921835899 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.921874046 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.921886921 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.922188044 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.922194004 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.922344923 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.922389984 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.923094034 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.923114061 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.924417973 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.924822092 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.924850941 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.925146103 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.925160885 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.935380936 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.935977936 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.935990095 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:23:59.936431885 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:23:59.936436892 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.019968987 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.020029068 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.020087957 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.020320892 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.020342112 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.020358086 CEST	49802	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.020366907 CEST	443	49802	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.022514105 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.022578955 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.022604942 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.022633076 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.022680998 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.022696972 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.022943974 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.022953987 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.022969961 CEST	49801	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.022972107 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.022975922 CEST	443	49801	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.023000002 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.023020029 CEST	49804	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.023027897 CEST	443	49804	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.025042057 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.025077105 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.025152922 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.025654078 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.025660992 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.025727987 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.025770903 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.025780916 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.025847912 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.025856018 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.026372910 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.026420116 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.026484966 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.026654959 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.026670933 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.029217005 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.029262066 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.029310942 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.029481888 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.029481888 CEST	49803	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.029496908 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.029505968 CEST	443	49803	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.031975031 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.032015085 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.032082081 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.032241106 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.032255888 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.038002014 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.038084030 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.038140059 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.038211107 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.038211107 CEST	49800	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.038218021 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.038223982 CEST	443	49800	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.040184975 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.040215015 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.040364027 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.040510893 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.040523052 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.658931971 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.659445047 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.659461021 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.659889936 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.659893036 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.660280943 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.660500050 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.660505056 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.660816908 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.660820007 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.661052942 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.661257982 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.661287069 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.661577940 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.661583900 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.671327114 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.671586037 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.671613932 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.671917915 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.671926975 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.678174973 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.678469896 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.678495884 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.678801060 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.678807974 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.759113073 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.759166956 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.759251118 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.759450912 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.759465933 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.759475946 CEST	49805	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.759481907 CEST	443	49805	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.760446072 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.760495901 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.760497093 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.760540962 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.760576010 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.760616064 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.760808945 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.760813951 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.760824919 CEST	49806	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.760828018 CEST	443	49806	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.761779070 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.761801004 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.761814117 CEST	49807	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.761820078 CEST	443	49807	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.763911963 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.763956070 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.764029980 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.764349937 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.764364958 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.765117884 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.765158892 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.765223026 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.765322924 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.765335083 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.766107082 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.766144991 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.767700911 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.767801046 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.767812967 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.771370888 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.771435022 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.771599054 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.772011042 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.772011042 CEST	49808	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.772032976 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.772044897 CEST	443	49808	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.773891926 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.773914099 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.774730921 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.774971962 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.774981976 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.776958942 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.777041912 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.777103901 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.778847933 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.778856993 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.778868914 CEST	49809	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.778872967 CEST	443	49809	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.780963898 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.780972958 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:00.781037092 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.781152010 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:00.781161070 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.397403955 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.398053885 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.398087025 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.398101091 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.398313046 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.398338079 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.398572922 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.398577929 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.398689032 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.398695946 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.435942888 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.436386108 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.436413050 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.436780930 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.436788082 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.439618111 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.439903021 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.439918995 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.440259933 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.440263987 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.444988966 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.445310116 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.445322990 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.445708990 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.445713997 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.497066021 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.497200012 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.497361898 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.497406960 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.497426987 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.497437000 CEST	49812	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.497443914 CEST	443	49812	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.497958899 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.498018026 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.498063087 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.498702049 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.498719931 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.498732090 CEST	49810	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.498737097 CEST	443	49810	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.500861883 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.500881910 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.500948906 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.501260042 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.501271963 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.502191067 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.502233028 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.502289057 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.502387047 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.502403021 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.539927006 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.540071964 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.540142059 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.540170908 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.540186882 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.540198088 CEST	49811	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.540203094 CEST	443	49811	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.542215109 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.542246103 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.542309999 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.542424917 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.542433977 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.543076992 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.543154001 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.543204069 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.543257952 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.543288946 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.543318987 CEST	49813	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.543334007 CEST	443	49813	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.544996977 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.545006990 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.545068979 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.545162916 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.545170069 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.548269987 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.548341036 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.548398972 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.548475981 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.548475981 CEST	49814	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.548499107 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.548520088 CEST	443	49814	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.550137043 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.550168991 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:01.550236940 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.550339937 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:01.550349951 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.150480986 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.151045084 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.151074886 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.151431084 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.151438951 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.175750017 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.176187992 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.176223040 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.176666975 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.176672935 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.178495884 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.178822994 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.178899050 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.179135084 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.179147959 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.204574108 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.204910994 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.204942942 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.205327034 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.205332994 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.219438076 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.219777107 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.219801903 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.219995975 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.220005035 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.251673937 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.251878977 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.251976013 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.251976013 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.252058983 CEST	49816	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.252072096 CEST	443	49816	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.254719019 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.254767895 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.254865885 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.254951954 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.254964113 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.288964033 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.289127111 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.289191008 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.289268970 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.289289951 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.289304972 CEST	49817	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.289309978 CEST	443	49817	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.291924953 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.291960955 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.292061090 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.292180061 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.292191982 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.305370092 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.305506945 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.305562019 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.305771112 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.305788994 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.305799961 CEST	49819	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.305804968 CEST	443	49819	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.308037996 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.308068037 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.308249950 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.308249950 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.308274984 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.319303036 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.319370031 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.319422007 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.320487976 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.320502996 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.320529938 CEST	49815	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.320534945 CEST	443	49815	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.322484016 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.322508097 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.322561979 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.322679043 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.322688103 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.324767113 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.324843884 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.324896097 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.324951887 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.324969053 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.324980021 CEST	49818	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.324985981 CEST	443	49818	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.326514959 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.326548100 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:02.326606035 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.326961040 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:02.326976061 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.300606012 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.301131010 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.301157951 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.301351070 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.301575899 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.301584005 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.302200079 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.302200079 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.302221060 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.302232027 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.316704988 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.317136049 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.317150116 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.317543983 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.317548990 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.318036079 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.318254948 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.318270922 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.318557978 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.318562984 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.321208000 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.323694944 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.323709965 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.327406883 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.327411890 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.562053919 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.562114954 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.562206030 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.562344074 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.562493086 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.562689066 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.563519955 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.563596964 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.563638926 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.563736916 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.563904047 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.563950062 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.564532042 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.564604044 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.564811945 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.634495974 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.634495974 CEST	49823	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.634525061 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.634536028 CEST	443	49823	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.637959003 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.637964964 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.638000011 CEST	49824	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.638005972 CEST	443	49824	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.647218943 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.647253036 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.647264957 CEST	49822	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.647270918 CEST	443	49822	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.654887915 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.654887915 CEST	49821	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.654896975 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.654903889 CEST	443	49821	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.658632040 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.658652067 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.658664942 CEST	49820	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.658670902 CEST	443	49820	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.677393913 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.677443981 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.677521944 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.678006887 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.678018093 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.678977013 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.678985119 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.679039955 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.679373980 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.679382086 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.679958105 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.680002928 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.680047035 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.680166006 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.680175066 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.680517912 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.680551052 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.680597067 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.680681944 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.680696011 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.682528973 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.682564020 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:03.682631016 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.682722092 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:03.682730913 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.313395977 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.313767910 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.313790083 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.314341068 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.314346075 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.316225052 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.316549063 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.316591024 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.316870928 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.316883087 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.331160069 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.331502914 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.331516027 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.331840038 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.331844091 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.333919048 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.334235907 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.334258080 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.334544897 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.334549904 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.355405092 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.355705023 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.355715036 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.356087923 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.356091976 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.416868925 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.416949034 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.417011023 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.417145967 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.417185068 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.417212009 CEST	49827	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.417227030 CEST	443	49827	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.419823885 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.419862032 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.419950008 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.420095921 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.420109034 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.421147108 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.421235085 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.421274900 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.421338081 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.421349049 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.421359062 CEST	49828	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.421364069 CEST	443	49828	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.423265934 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.423295975 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.423404932 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.423527956 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.423536062 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.429971933 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.430042982 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.430088043 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.430195093 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.430211067 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.430221081 CEST	49825	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.430227041 CEST	443	49825	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.432025909 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.432059050 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.432136059 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.432254076 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.432267904 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.434053898 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.434181929 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.434247017 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.434322119 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.434322119 CEST	49829	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.434362888 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.434406042 CEST	443	49829	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.436048031 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.436085939 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.436165094 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.436265945 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.436281919 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.461306095 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.461360931 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.461406946 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.461549044 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.461556911 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.461568117 CEST	49826	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.461572886 CEST	443	49826	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.463697910 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.463722944 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:04.463803053 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.463928938 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:04.463937998 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.052381039 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.054999113 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.055026054 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.055769920 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.055774927 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.059556007 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.059993982 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.060008049 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.060404062 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.060409069 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.100219011 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.102154970 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.102169037 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.102694988 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.102701902 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.106075048 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.106554985 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.106564999 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.107012033 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.107018948 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.123982906 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.124759912 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.124783993 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.125164986 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.125169992 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.151670933 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.151755095 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.151839972 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.152045965 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.152056932 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.152070045 CEST	49831	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.152075052 CEST	443	49831	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.156217098 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.156255007 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.156338930 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.156563044 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.156579018 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.159502029 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.159584045 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.159642935 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.159760952 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.159770966 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.159782887 CEST	49832	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.159787893 CEST	443	49832	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.162549973 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.162581921 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.162664890 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.162836075 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.162852049 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.206537008 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.206705093 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.206809044 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.207086086 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.207122087 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.207153082 CEST	49834	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.207169056 CEST	443	49834	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.211576939 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.211618900 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.211707115 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.211896896 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.211910963 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.212304115 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.212378979 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.212430000 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.212558031 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.212575912 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.212658882 CEST	49833	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.212670088 CEST	443	49833	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.215157986 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.215203047 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.215444088 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.215574980 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.215588093 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.227628946 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.227694035 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.227751017 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.227940083 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.227961063 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.227974892 CEST	49835	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.227981091 CEST	443	49835	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.231375933 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.231424093 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.231528997 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.231657982 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.231668949 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.922908068 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.923866034 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.923897982 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:05.924793005 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:05.924798965 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.002901077 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.003565073 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.003597021 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.004107952 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.004116058 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.007921934 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.008650064 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.008668900 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.009197950 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.009205103 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.017399073 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.017730951 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.017750025 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.017771959 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.018418074 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.018424034 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.018769026 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.018794060 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.019229889 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.019238949 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.026102066 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.026273012 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.026331902 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.026515007 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.026530981 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.026541948 CEST	49836	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.026547909 CEST	443	49836	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.031891108 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.031930923 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.032167912 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.032380104 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.032392025 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.102615118 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.102708101 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.102881908 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.109397888 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.109468937 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.109587908 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.121205091 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.121289015 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.121437073 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.121591091 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.121665001 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.122759104 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.189924955 CEST	49840	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.189963102 CEST	443	49840	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.191240072 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.191261053 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.191274881 CEST	49838	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.191281080 CEST	443	49838	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.192322016 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.192327023 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.192337990 CEST	49837	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.192341089 CEST	443	49837	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.193531036 CEST	49839	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.193561077 CEST	443	49839	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.197797060 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.197839022 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.198090076 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.199213028 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.199248075 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.199377060 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.199706078 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.199717045 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.202775955 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.202788115 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.216010094 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.216048956 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.216216087 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.216408968 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.216422081 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.217401028 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.217431068 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:06.217483044 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.219959021 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:06.219969988 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.019362926 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.020401001 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.020422935 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.020801067 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.020804882 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.020951986 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.021193981 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.021207094 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.021512032 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.021518946 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.022541046 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.023296118 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.023319960 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.023694992 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.023704052 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.024533033 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.024863005 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.024873972 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.025193930 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.025197029 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.025470018 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.025777102 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.025790930 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.026678085 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.026683092 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.119028091 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.119151115 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.121620893 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.121745110 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.121769905 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.121773005 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.121788979 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.121794939 CEST	49841	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.121799946 CEST	443	49841	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.121838093 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.121938944 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.121938944 CEST	49845	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.121984005 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.122010946 CEST	443	49845	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.122843027 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.122901917 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.122968912 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.123322964 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.123339891 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.123346090 CEST	49843	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.123351097 CEST	443	49843	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.125452042 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.125482082 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.125500917 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.125505924 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.125587940 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.125760078 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.125760078 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.125771046 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.125782013 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.125792027 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.126311064 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.126344919 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.127790928 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.127831936 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.127896070 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.127913952 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.127927065 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.127948999 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.128017902 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.128031969 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.128067017 CEST	49842	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.128072023 CEST	443	49842	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.129853964 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.129894972 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.130058050 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.130215883 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.130227089 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.198576927 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.198653936 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.199117899 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.199117899 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.199399948 CEST	49844	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.199415922 CEST	443	49844	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.202560902 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.202600002 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.202709913 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.202861071 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.202871084 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.226967096 CEST	49724	80	192.168.2.4	199.232.210.172
Oct 7, 2024 13:24:07.232038021 CEST	80	49724	199.232.210.172	192.168.2.4
Oct 7, 2024 13:24:07.234824896 CEST	49724	80	192.168.2.4	199.232.210.172
Oct 7, 2024 13:24:07.757056952 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.758474112 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.758474112 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.758501053 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.758519888 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.759335041 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.759814978 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.759850979 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.760199070 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.760204077 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.777164936 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.777920008 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.777935982 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.778419018 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.778424025 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.810425043 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.811068058 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.811108112 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.811379910 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.811387062 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.848932981 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.849489927 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.849510908 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.850498915 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.850502014 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.856174946 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.856262922 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.856321096 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.856709957 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.856709957 CEST	49847	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.856725931 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.856735945 CEST	443	49847	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.859383106 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.859477043 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.859648943 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.859796047 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.859816074 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.859829903 CEST	49846	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.859837055 CEST	443	49846	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.861825943 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.861856937 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.861927032 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.862076998 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.862090111 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.862679958 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.862715960 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.862786055 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.863028049 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.863040924 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.878849030 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.878933907 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.878985882 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.879064083 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.879071951 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.879084110 CEST	49848	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.879095078 CEST	443	49848	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.881927013 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.881963015 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.882030010 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.882204056 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.882215977 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.915460110 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.915532112 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.915626049 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.915919065 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.915939093 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.915950060 CEST	49849	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.915956020 CEST	443	49849	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.919397116 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.919433117 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.919528961 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.919744968 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.919754982 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.950103998 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.950184107 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.950340986 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.950742006 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.950764894 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.950776100 CEST	49850	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.950783014 CEST	443	49850	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.954312086 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.954396963 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:07.954525948 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.954768896 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:07.954799891 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.455666065 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.456347942 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.456361055 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.456880093 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.456883907 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.495127916 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.495548010 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.495568991 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.496105909 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.496110916 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.524688005 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.525258064 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.525274992 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.525722027 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.525727987 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.559288979 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.559370995 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.559442043 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.559674025 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.559690952 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.559708118 CEST	49853	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.559712887 CEST	443	49853	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.563147068 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.563191891 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.563370943 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.563426018 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.563437939 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.579164028 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.579579115 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.579585075 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.580056906 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.580060005 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.594150066 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.594180107 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.594230890 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.594283104 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.594424009 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.594436884 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.594449043 CEST	49851	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.594455004 CEST	443	49851	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.594640970 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.594702959 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.595005989 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.595021963 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.596971035 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.597012043 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.597111940 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.597233057 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.597243071 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.627330065 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.627507925 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.627593994 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.627640009 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.627670050 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.627698898 CEST	49852	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.627715111 CEST	443	49852	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.629923105 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.629940033 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.630017042 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.630179882 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.630191088 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.682295084 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.682368994 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.682456970 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.682723999 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.682742119 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.682754040 CEST	49854	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.682759047 CEST	443	49854	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.685925961 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.685969114 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.686063051 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.686230898 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.686244011 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.694644928 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.694700003 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.694766045 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.695871115 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.695871115 CEST	49855	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.695904016 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.695926905 CEST	443	49855	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.698807955 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.698856115 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.698942900 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.699106932 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:08.699131966 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:08.940184116 CEST	49861	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:24:08.940227985 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:08.940304041 CEST	49861	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:24:08.940519094 CEST	49861	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:24:08.940535069 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:09.201931953 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.202467918 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.202500105 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.202939034 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.202945948 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.231323004 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.231822968 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.231853008 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.232321978 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.232326031 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.289458990 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.290010929 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.290036917 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.290460110 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.290465117 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.301573992 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.301647902 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.301714897 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.301839113 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.301860094 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.301876068 CEST	49856	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.301882982 CEST	443	49856	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.304830074 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.304863930 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.304941893 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.305124044 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.305134058 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.322628975 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.323178053 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.323199034 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.323668003 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.323673964 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.330317020 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.330374002 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.330424070 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.330763102 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.330775976 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.330821037 CEST	49857	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.330826044 CEST	443	49857	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.333313942 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.333362103 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.333446980 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.333585978 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.333599091 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.373358965 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.373800993 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.373830080 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.374252081 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.374258995 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.390701056 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.390779018 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.390836000 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.391011000 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.391022921 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.391033888 CEST	49858	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.391037941 CEST	443	49858	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.394865036 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.394901037 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.394989967 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.395106077 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.395116091 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.422516108 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.422574043 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.422858953 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.422889948 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.422904968 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.422920942 CEST	49859	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.422928095 CEST	443	49859	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.425620079 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.425654888 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.425719976 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.425843000 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.425854921 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.482335091 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.482407093 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.482474089 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.482614994 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.482669115 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.482700109 CEST	49860	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.482718945 CEST	443	49860	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.485244036 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.485275984 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.485528946 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.485528946 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:09.485558033 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:09.590162039 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:09.590549946 CEST	49861	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:24:09.590567112 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:09.590888977 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:09.591190100 CEST	49861	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:24:09.591243029 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:09.630984068 CEST	49861	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:24:10.263876915 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.264440060 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.264506102 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.264941931 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.264956951 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.265351057 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.265578032 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.265603065 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.265862942 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.265867949 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.269361973 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.269584894 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.269646883 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.269840002 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.269855022 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.275850058 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.276205063 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.276216030 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.276510000 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.276514053 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.283600092 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.283870935 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.283879995 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.284143925 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.284147978 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.363425016 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.363445044 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.363579035 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.363609076 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.363763094 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.363877058 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.363878012 CEST	49863	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.363915920 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.363944054 CEST	443	49863	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.366615057 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.366630077 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.366705894 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.366710901 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.366755962 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.367168903 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.367168903 CEST	49866	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.367204905 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.367227077 CEST	443	49866	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.368510962 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.368577003 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.368652105 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.369523048 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.369553089 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.369612932 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.369652987 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.369676113 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.369704008 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.369837999 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.369847059 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.369858980 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.369906902 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.369950056 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.369950056 CEST	49864	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.369975090 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.369997025 CEST	443	49864	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.371529102 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.371618986 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.371700048 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.371807098 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.371829987 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.377964020 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.378130913 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.378187895 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.378211975 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.378212929 CEST	49862	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.378221989 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.378231049 CEST	443	49862	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.379728079 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.379750967 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.379822016 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.379923105 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.379942894 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.389149904 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.389287949 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.389350891 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.389513016 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.389513016 CEST	49865	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.389528990 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.389549017 CEST	443	49865	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.390893936 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.390909910 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:10.390974045 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.391069889 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:10.391074896 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.003808975 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.004244089 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.004261971 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.004667997 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.004672050 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.017060041 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.017394066 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.017419100 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.017735958 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.017740011 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.030392885 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.030690908 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.030718088 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.031023979 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.031030893 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.036317110 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.036618948 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.036629915 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.037008047 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.037014008 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.037291050 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.037575006 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.037580967 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.037921906 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.037925959 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.103076935 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.103106976 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.103291035 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.103300095 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.103337049 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.103367090 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.103389978 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.103404999 CEST	49868	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.103410959 CEST	443	49868	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.108639002 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.108671904 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.108741045 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.108871937 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.108879089 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.117249012 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.117356062 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.117500067 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.117758036 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.117779016 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.117794037 CEST	49870	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.117799044 CEST	443	49870	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.119570971 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.119621992 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.119703054 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.119807005 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.119822025 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.134998083 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.135271072 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.135327101 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.135538101 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.135538101 CEST	49871	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.135545969 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.135554075 CEST	443	49871	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.137079954 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.137093067 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.137161016 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.137250900 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.137262106 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.137861013 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.137882948 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.137927055 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.137945890 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.137957096 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.137981892 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.137995958 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.138008118 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.138037920 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.138037920 CEST	49867	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.138045073 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.138051987 CEST	443	49867	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.139555931 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.139575005 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.139638901 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.139735937 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.139745951 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.143721104 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.144061089 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.144114017 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.144144058 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.144144058 CEST	49869	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.144157887 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.144167900 CEST	443	49869	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.145695925 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.145742893 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.145812035 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.145911932 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.145925045 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.747142076 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.747643948 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.747658968 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.748080969 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.748085022 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.768568039 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.769134045 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.769229889 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.769540071 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.769557953 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.787633896 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.788072109 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.788083076 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.788590908 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.788594961 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.789788961 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.790097952 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.790141106 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.790488958 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.790494919 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.796082973 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.796416998 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.796439886 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.796797991 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.796804905 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.861890078 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.861963034 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.862010956 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.862190962 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.862207890 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.862217903 CEST	49872	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.862224102 CEST	443	49872	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.864845991 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.864891052 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.864969969 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.865309954 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.865325928 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.869322062 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.871090889 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.871176004 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.871268988 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.871268988 CEST	49873	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.871316910 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.871349096 CEST	443	49873	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.873512030 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.873522997 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.873589039 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.873708010 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.873719931 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.890047073 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.890191078 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.890247107 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.890367985 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.890386105 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.890398979 CEST	49875	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.890403986 CEST	443	49875	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.893039942 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.893083096 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.893140078 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.893285990 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.893296003 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.893835068 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.893903971 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.893961906 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.894043922 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.894045115 CEST	49874	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.894089937 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.894119978 CEST	443	49874	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.896461010 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.896500111 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.896560907 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.896708965 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.896723032 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.937035084 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.937634945 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.937680006 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.937724113 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.937742949 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.937757969 CEST	49876	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.937763929 CEST	443	49876	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.939881086 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.939917088 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:11.939996958 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.940125942 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:11.940135956 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.515762091 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.516205072 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.516225100 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.516670942 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.516679049 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.519740105 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.520001888 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.520011902 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.520405054 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.520411015 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.539454937 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.539864063 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.539951086 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.540235996 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.540251970 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.540266037 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.540560007 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.540633917 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.540946007 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.540958881 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.577918053 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.578305006 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.578322887 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.578747034 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.578752041 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.622769117 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.623481989 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.623549938 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.623614073 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.623614073 CEST	49877	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.623639107 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.623652935 CEST	443	49877	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.624047995 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.624195099 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.624257088 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.624428034 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.624428034 CEST	49878	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.624435902 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.624445915 CEST	443	49878	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.626401901 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.626436949 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.626497030 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.626838923 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.626847982 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.627433062 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.627517939 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.627604961 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.627697945 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.627722025 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.642371893 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.642872095 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.642970085 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.643018007 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.643018007 CEST	49880	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.643042088 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.643064976 CEST	443	49880	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.644845009 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.644881010 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.644951105 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.645041943 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.645056009 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.647556067 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.647584915 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.647619963 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.647627115 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.647664070 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.647821903 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.647821903 CEST	49879	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.647836924 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.647844076 CEST	443	49879	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.649487019 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.649578094 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.649749041 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.649882078 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.649916887 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.679887056 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.679968119 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.680089951 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.680144072 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.680248022 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.680248022 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.680269957 CEST	49881	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.680284977 CEST	443	49881	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.682552099 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.682568073 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:12.682629108 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.682796955 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:12.682811022 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.264611959 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.265173912 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.265189886 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.265687943 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.265692949 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.269853115 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.270206928 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.270272017 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.270602942 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.270622969 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.302010059 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.302581072 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.302597046 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.303059101 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.303062916 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.311609983 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.312107086 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.312171936 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.312529087 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.312544107 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.325860023 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.328144073 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.328162909 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.328547001 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.328557968 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.364336014 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.365278959 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.365371943 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.365688086 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.365704060 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.365736961 CEST	49882	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.365742922 CEST	443	49882	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.369029045 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.369065046 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.369158983 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.369277954 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.369283915 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.369357109 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.369549036 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.369616985 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.369743109 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.369756937 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.369765997 CEST	49883	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.369771957 CEST	443	49883	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.372025967 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.372054100 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.372126102 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.372232914 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.372243881 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.402462006 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.402612925 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.402726889 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.402954102 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.402968884 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.402978897 CEST	49884	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.402982950 CEST	443	49884	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.405709028 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.405803919 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.405906916 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.406039953 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.406069994 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.414911032 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.415061951 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.415108919 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.415179968 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.415249109 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.415435076 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.415435076 CEST	49885	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.415463924 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.415486097 CEST	443	49885	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.418200970 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.418287039 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.418402910 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.418541908 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.418570042 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.425045967 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.426561117 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.426698923 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.426978111 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.426978111 CEST	49886	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.427016020 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.427040100 CEST	443	49886	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.430529118 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.430557966 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:13.431895018 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.432195902 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:13.432210922 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.003772020 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.004530907 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.004561901 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.005124092 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.005131006 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.019706011 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.020353079 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.020378113 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.020873070 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.020878077 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.462219954 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.462291956 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.462407112 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.462830067 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.462946892 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.462946892 CEST	49887	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.462965965 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.462974072 CEST	443	49887	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.462999105 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.463049889 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.463705063 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.463720083 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.463730097 CEST	49888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.463737011 CEST	443	49888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.467086077 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.467140913 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.467190981 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.467209101 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.467281103 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.467341900 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.467351913 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.467356920 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.467500925 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.467535973 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.468218088 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.468569040 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.468609095 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.468621016 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.468889952 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.468911886 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.469038963 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.469044924 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.469341993 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.469348907 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.472229004 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.472667933 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.472687960 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.473014116 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.473021984 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.571851015 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.572999001 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.573055983 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.573075056 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.573131084 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.573235035 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.573257923 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.573267937 CEST	49889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.573273897 CEST	443	49889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.573570013 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.573915005 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.573982000 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.574059010 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.574063063 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.574071884 CEST	49890	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.574074984 CEST	443	49890	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.575539112 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.575634956 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.575712919 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.575731039 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.575752020 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.575797081 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.576229095 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.576245070 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.576258898 CEST	49891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.576265097 CEST	443	49891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.577258110 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.577307940 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.577378035 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.578032970 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.578077078 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.578155994 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.578226089 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.578233004 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.578249931 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.578273058 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.578316927 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.578331947 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.578337908 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:14.578507900 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:14.578522921 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.052824974 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.053953886 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.053977966 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.054589987 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.054594994 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.125247002 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.125952005 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.126020908 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.126410007 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.126424074 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.155461073 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.156104088 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.156196117 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.156286001 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.156308889 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.156323910 CEST	49893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.156332016 CEST	443	49893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.159487009 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.159529924 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.159615993 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.159759998 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.159775972 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.224302053 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.225316048 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.225352049 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.228235006 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.229087114 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.229091883 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.229573965 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.229607105 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.229959965 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.229969025 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.230221033 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.230468988 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.230529070 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.230822086 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.230835915 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.323901892 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.324196100 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.324315071 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.324394941 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.324421883 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.324431896 CEST	49896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.324438095 CEST	443	49896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.327883005 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.327924013 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.328003883 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.328154087 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.328165054 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.328946114 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.329044104 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.329097986 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.329124928 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.329158068 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.329207897 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.329238892 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.329263926 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.329276085 CEST	49894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.329282999 CEST	443	49894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.331334114 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.331362963 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.331430912 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.331551075 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.331564903 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.340981007 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.341095924 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.341156960 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.341216087 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.341237068 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.341250896 CEST	49895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.341258049 CEST	443	49895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.343101978 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.343142033 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.343210936 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.343307972 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.343319893 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.358827114 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.359008074 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.359076977 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.359116077 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.359123945 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.359137058 CEST	49892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.359142065 CEST	443	49892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.361021042 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.361088037 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.361172915 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.361282110 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.361309052 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.798316956 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.799102068 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.799144030 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.799607038 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.799612999 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.898391008 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.898454905 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.898545980 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.898821115 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.898838997 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.898848057 CEST	49897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.898854971 CEST	443	49897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.902348995 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.902425051 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.902537107 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.902720928 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.902760983 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.966784954 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.967598915 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.967673063 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.968028069 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.968050003 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.977817059 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.978452921 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.978476048 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:15.979063034 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:15.979068041 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.021478891 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.022497892 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.022552013 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.023026943 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.023031950 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.026742935 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.027165890 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.027228117 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.027481079 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.027498007 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.066657066 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.066728115 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.066838026 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.066870928 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.066948891 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.067213058 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.067234993 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.067246914 CEST	49899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.067253113 CEST	443	49899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.071198940 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.071240902 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.071321011 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.071474075 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.071490049 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.080349922 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.080446005 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.080506086 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.080744028 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.080744028 CEST	49898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.080761909 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.080773115 CEST	443	49898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.083192110 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.083235979 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.083353043 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.083538055 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.083554983 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.127032042 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.127124071 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.127216101 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.127458096 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.127482891 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.127495050 CEST	49900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.127501011 CEST	443	49900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.129513025 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.129744053 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.129829884 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.129905939 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.129905939 CEST	49901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.129939079 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.129967928 CEST	443	49901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.130960941 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.131052017 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.131145954 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.131340981 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.131378889 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.132127047 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.132148027 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.132221937 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.132329941 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.132354021 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.535299063 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.536000967 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.536067963 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.536493063 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.536499023 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.637691975 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.637751102 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.637842894 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.638129950 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.638145924 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.638161898 CEST	49902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.638169050 CEST	443	49902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.641791105 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.641843081 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.641931057 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.642122984 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.642137051 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.726056099 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.726659060 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.726685047 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.727313995 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.727322102 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.755845070 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.756323099 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.756345034 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.757215977 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.757221937 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.773240089 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.773797035 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.773838043 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.775736094 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.775744915 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.793077946 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.793508053 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.793564081 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.794071913 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.794087887 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.824457884 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.824642897 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.824723959 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.824826956 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.824847937 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.824860096 CEST	49904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.824867010 CEST	443	49904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.828066111 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.828111887 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.828208923 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.828383923 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.828398943 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.859812975 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.859884977 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.859951019 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.859970093 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.860002995 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.860059977 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.860193968 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.860193968 CEST	49903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.860214949 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.860232115 CEST	443	49903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.863605976 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.863651037 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.863740921 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.863909960 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.863926888 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.874521971 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.874599934 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.874677896 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.874825954 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.874849081 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.874865055 CEST	49906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.874876022 CEST	443	49906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.878030062 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.878091097 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.878154993 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.878353119 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.878372908 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.902904034 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.903018951 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.903084993 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.903218031 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.903260946 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.903287888 CEST	49905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.903306961 CEST	443	49905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.906737089 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.906815052 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:16.906903982 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.907057047 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:16.907084942 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.308705091 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.309415102 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.309449911 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.310020924 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.310029030 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.376266956 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:17.376384020 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:17.376485109 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:17.376758099 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:17.376796007 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:17.412094116 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.412166119 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.412211895 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.412218094 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.412313938 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.412535906 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.412573099 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.412600040 CEST	49908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.412612915 CEST	443	49908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.416049004 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.416095972 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.416187048 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.416426897 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.416438103 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.478518963 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.479043007 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.479084015 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.479639053 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.479645967 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.540764093 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.541323900 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.541418076 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.541790962 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.541807890 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.543626070 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.544019938 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.544055939 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.544850111 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.544862032 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.574825048 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.575270891 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.575288057 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.575809002 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.575814962 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.577390909 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.577542067 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.577608109 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.577693939 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.577713013 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.577725887 CEST	49909	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.577732086 CEST	443	49909	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.580717087 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.580792904 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.580888033 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.581063032 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.581084013 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.639703035 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.639731884 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.639770985 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.639832020 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.639883041 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.640104055 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.640137911 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.640166044 CEST	49912	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.640181065 CEST	443	49912	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.643316031 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.643346071 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.643434048 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.643627882 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.643640041 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.654913902 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.656263113 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.656337976 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.656398058 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.656398058 CEST	49911	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.656433105 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.656455994 CEST	443	49911	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.659148932 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.659249067 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.659360886 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.659533978 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.659565926 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.698194027 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.698267937 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.698338032 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.698360920 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.698384047 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.698451042 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.698621035 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.698635101 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.698647976 CEST	49910	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.698653936 CEST	443	49910	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.701770067 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.701865911 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:17.701978922 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.702159882 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:17.702183962 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.049649954 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:18.076687098 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.099828959 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:18.131042004 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.218913078 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.271800995 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.274995089 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.275007010 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.275557995 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.275563002 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.275815964 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:18.275847912 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:18.277384996 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:18.298773050 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.298827887 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.299241066 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.299261093 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.303792953 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.315439939 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:18.315630913 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:18.315640926 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:18.315653086 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:18.315680027 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:18.316359997 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.316375971 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.316884041 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.316889048 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.324820995 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.325228930 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.325292110 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.325764894 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.325778961 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.365421057 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:18.375152111 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.375427008 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.375478029 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.375524998 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.375538111 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.375549078 CEST	49914	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.375554085 CEST	443	49914	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.379139900 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.379173994 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.379240990 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.379446983 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.379457951 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.394735098 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.394927979 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.394993067 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.395028114 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.395133972 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.395154953 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.395178080 CEST	49915	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.395214081 CEST	443	49915	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.397933006 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.397960901 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.398050070 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.398195028 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.398207903 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.400290012 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.400746107 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.400825977 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.401382923 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.401400089 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.411319971 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.411537886 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.411596060 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.411631107 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.411642075 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.411653042 CEST	49916	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.411659002 CEST	443	49916	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.414314985 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.414371014 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.414475918 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.414602041 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.414628029 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.428670883 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.429238081 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.429280996 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.429307938 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.429356098 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.429408073 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.429445028 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.429471016 CEST	49917	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.429486036 CEST	443	49917	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.432101965 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.432138920 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.432243109 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.432375908 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.432403088 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.504740000 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.504951000 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.505045891 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.505258083 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.505284071 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.505299091 CEST	49918	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.505306959 CEST	443	49918	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.508563042 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.508603096 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.508692026 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.508878946 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:18.508893967 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:18.621171951 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:18.621757030 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:18.621843100 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:18.622215986 CEST	49913	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:18.622236013 CEST	443	49913	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:19.039716959 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.040260077 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.040285110 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.040735960 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.040740967 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.051639080 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.052004099 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.052037001 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.052553892 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.052563906 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.063621998 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.063977957 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.063987970 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.064364910 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.064371109 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.077924013 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.078294039 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.078310966 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.078835011 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.078839064 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.142919064 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.143054008 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.143095016 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.143392086 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.143414021 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.143424988 CEST	49919	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.143430948 CEST	443	49919	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.146470070 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.146574974 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.146661043 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.146804094 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.146841049 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.163573027 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.163644075 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.163733006 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.164028883 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.164380074 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.164401054 CEST	49922	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.164416075 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.164422989 CEST	443	49922	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.164442062 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.164465904 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.164676905 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.164681911 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.164700985 CEST	49921	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.164706945 CEST	443	49921	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.167363882 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.167397022 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.167598963 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.167706013 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.167722940 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.167803049 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.167819023 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.167865038 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.167948008 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.167953014 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.171740055 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.172096014 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.172110081 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.172668934 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.172672987 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.182630062 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.183322906 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.183389902 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.183418989 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.183433056 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.183442116 CEST	49920	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.183446884 CEST	443	49920	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.185623884 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.185720921 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.185808897 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.186121941 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.186153889 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.274451017 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.274528027 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.274580956 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.274602890 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.274637938 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.274684906 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.274785042 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.274796963 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.274804115 CEST	49923	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.274808884 CEST	443	49923	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.277076006 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.277169943 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.277259111 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.277380943 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.277401924 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.336718082 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:19.336827040 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:19.336925030 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:19.337224960 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:19.337260008 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:19.493927002 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:19.494075060 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:19.494159937 CEST	49861	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:24:19.798342943 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.798948050 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.798979044 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.799544096 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.799550056 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.819139004 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.819533110 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.819576025 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.820065975 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.820071936 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.839447021 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.839818001 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.839834929 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.840341091 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.840346098 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.874639034 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.875003099 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.875026941 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.875511885 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.875518084 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.903737068 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.904203892 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.904266119 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.904309034 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.904325962 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.904333115 CEST	49925	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.904337883 CEST	443	49925	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.907109976 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.907149076 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.907212973 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.907368898 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.907378912 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.942771912 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.942833900 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.942878962 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.942985058 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.942995071 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.943001986 CEST	49926	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.943005085 CEST	443	49926	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.947305918 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.947416067 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.947504044 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.947674036 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.947704077 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.948117971 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.948482037 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.948513985 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.948972940 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.948982954 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.969142914 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:19.969438076 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:19.969456911 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:19.969970942 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:19.970320940 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:19.970402956 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:19.970513105 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:19.970534086 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:19.970549107 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:19.970937014 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.971049070 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.971091986 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.971163988 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.971184969 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.971200943 CEST	49924	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.971209049 CEST	443	49924	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.973555088 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.973597050 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.973650932 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.973798990 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.973815918 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.978805065 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.978898048 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.978943110 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.978954077 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.979043007 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.979063034 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.979077101 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.979099989 CEST	49927	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.979110003 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.979119062 CEST	443	49927	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.982168913 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.982198954 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:19.982259035 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.982419014 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:19.982429981 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.058667898 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.058819056 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.058878899 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.058931112 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.058931112 CEST	49928	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.058959007 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.058983088 CEST	443	49928	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.061305046 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.061321020 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.061371088 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.061530113 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.061542988 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.266717911 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:20.267308950 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:20.267399073 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:20.267714977 CEST	49929	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:20.267777920 CEST	443	49929	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:20.542077065 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.542556047 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.542577028 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.542958975 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.542964935 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.582581043 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.583113909 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.583195925 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.583437920 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.583453894 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.613094091 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.616719007 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.616760015 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.617330074 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.617337942 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.631094933 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.631411076 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.631452084 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.632205963 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.632215977 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.642225027 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.642255068 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.642303944 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.642314911 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.642358065 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.642529964 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.642543077 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.642553091 CEST	49930	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.642556906 CEST	443	49930	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.644908905 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.644948959 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.645035028 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.645167112 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.645174980 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.682523012 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.683140993 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.683228016 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.683341026 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.683378935 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.683428049 CEST	49931	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.683444023 CEST	443	49931	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.685319901 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.685352087 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.685528994 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.685668945 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.685676098 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.712184906 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.712241888 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.712349892 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.712574005 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.712589025 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.712600946 CEST	49932	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.712606907 CEST	443	49932	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.715044975 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.715138912 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.715229988 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.715356112 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.715394020 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.731847048 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.732074976 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.732132912 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.732316971 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.732341051 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.732355118 CEST	49933	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.732362986 CEST	443	49933	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.734379053 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.734401941 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.734483957 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.734575033 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.734596968 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.751429081 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.751784086 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.751827002 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.752212048 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.752219915 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.859124899 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.859277010 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.859428883 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.859525919 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.859555006 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.859574080 CEST	49934	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.859582901 CEST	443	49934	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.862202883 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.862226963 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:20.862287998 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.862458944 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:20.862468958 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.325817108 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.326458931 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.326494932 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.326559067 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.326858044 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.326865911 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.327040911 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.327069998 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.327322960 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.327327967 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.393572092 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.394284010 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.394371986 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.394778967 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.394794941 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.395237923 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.395536900 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.395576954 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.395884991 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.395896912 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.428198099 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.428586006 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.428646088 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.428723097 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.428740978 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.428749084 CEST	49936	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.428755045 CEST	443	49936	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.431051016 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.431298971 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.431360960 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.432868004 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.432885885 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.432900906 CEST	49935	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.432909012 CEST	443	49935	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.435630083 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.435708046 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.435781002 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.435925961 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.435960054 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.436140060 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.436177015 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.436235905 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.436486006 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.436501026 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.496345043 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.496443987 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.496510029 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.496571064 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.496606112 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.496663094 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.496846914 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.496886015 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.496915102 CEST	49938	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.496927977 CEST	443	49938	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.498797894 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.498867035 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.498929977 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.499717951 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.499752998 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.499814034 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.499893904 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.499912024 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.499929905 CEST	49937	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.499938965 CEST	443	49937	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.500886917 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.500902891 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.501910925 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.501983881 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.502060890 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.502161026 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.502192974 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.510446072 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.514089108 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.514101028 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.514549017 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.514553070 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.610892057 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.611043930 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.611114025 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.611366034 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.611366034 CEST	49939	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.611392021 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.611404896 CEST	443	49939	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.614523888 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.614603996 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:21.614706039 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.614873886 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:21.614911079 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.070924044 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.071624994 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.071687937 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.072290897 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.072307110 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.102705956 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.103156090 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.103174925 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.103642941 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.103648901 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.139254093 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.139735937 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.139777899 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.140178919 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.140189886 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.170206070 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.170268059 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.170329094 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.170603037 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.170634985 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.170660019 CEST	49940	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.170675993 CEST	443	49940	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.173465014 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.173542976 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.173620939 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.173755884 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.173774958 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.180010080 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.180357933 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.180377960 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.180813074 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.180818081 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.205238104 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.205362082 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.205421925 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.205631018 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.205647945 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.205657959 CEST	49941	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.205662966 CEST	443	49941	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.212007999 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.212074041 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.212152958 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.212595940 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.212618113 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.251837015 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.251863956 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.251918077 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.252042055 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.252042055 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.252202034 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.252249956 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.252283096 CEST	49943	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.252300978 CEST	443	49943	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.255084038 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.255172014 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.255253077 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.255373001 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.255409002 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.259933949 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.260334015 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.260370016 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.260797024 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.260807991 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.298357010 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.298410892 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.298465967 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.298479080 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.298533916 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.298579931 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.298676014 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.298686981 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.298712015 CEST	49942	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.298717022 CEST	443	49942	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.301551104 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.301589012 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.301657915 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.301789045 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.301798105 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.359729052 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.359817028 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.359922886 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.360018015 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.360224009 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.360275984 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.360306978 CEST	49944	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.360323906 CEST	443	49944	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.363775015 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.363862991 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.363976002 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.364152908 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.364186049 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.808758974 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.827564955 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.827615976 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.828042984 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.828057051 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.851103067 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.855467081 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.855509043 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.855947971 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.855963945 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.923060894 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.923201084 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.924010992 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.926660061 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.926698923 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.926727057 CEST	49945	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.926742077 CEST	443	49945	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.929131985 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.930630922 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.930674076 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.931102037 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.931116104 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.935902119 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.935995102 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.936089993 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.936240911 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.936275005 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.944160938 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.948380947 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.948402882 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.948821068 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.948831081 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.950134039 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.950191021 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.950256109 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.950278997 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.950349092 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.950416088 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.950445890 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.950469971 CEST	49946	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.950483084 CEST	443	49946	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.953891993 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.953931093 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:22.954015017 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.954839945 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:22.954852104 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.004221916 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.004702091 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.004762888 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.005162954 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.005176067 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.033932924 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.034086943 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.034425020 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.034558058 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.034600019 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.034626961 CEST	49947	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.034641027 CEST	443	49947	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.040186882 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.040226936 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.040293932 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.040476084 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.040489912 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.044224024 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.044262886 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.044322014 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.044334888 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.044478893 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.044563055 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.044580936 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.044593096 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.044598103 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.044641018 CEST	49948	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.044645071 CEST	443	49948	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.047209978 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.047291994 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.047350883 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.047492981 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.047504902 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.104221106 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.104253054 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.104304075 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.104315042 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.104377985 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.104538918 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.104538918 CEST	49949	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.104582071 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.104609966 CEST	443	49949	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.107462883 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.107512951 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.107584000 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.107750893 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.107774973 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.569938898 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.570564032 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.570647955 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.571032047 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.571048021 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.633207083 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.633892059 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.633935928 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.634414911 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.634421110 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.669110060 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.669177055 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.669224024 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.669262886 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.669347048 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.669543982 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.669589996 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.669620991 CEST	49950	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.669639111 CEST	443	49950	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.672903061 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.672935009 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.673022032 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.673177958 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.673191071 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.688807964 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.689229965 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.689270020 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.689681053 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.689692020 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.705333948 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.705723047 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.705740929 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.706043005 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.706047058 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.737942934 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.738032103 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.738116026 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.738459110 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.738487959 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.738498926 CEST	49951	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.738504887 CEST	443	49951	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.742443085 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.742552042 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.742851019 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.742851019 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.742945910 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.774182081 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.774947882 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.775005102 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.778356075 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.778367996 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.789273977 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.789371967 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.789464951 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.789577007 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.789608955 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.789634943 CEST	49953	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.789649963 CEST	443	49953	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.792723894 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.792773962 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:23.792869091 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.793013096 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:23.793029070 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.850061893 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.850140095 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.850229025 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.850517988 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.850521088 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.850554943 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.850559950 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.850573063 CEST	49952	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.850579977 CEST	443	49952	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.850610018 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.850605011 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.850667000 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.851511002 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.851563931 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.851594925 CEST	49954	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.851614952 CEST	443	49954	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.855410099 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.855451107 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.855524063 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.855941057 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.855952024 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.856688976 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.856786013 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:24.856875896 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.857002020 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:24.857037067 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.038398027 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.038537979 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.042999029 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.055664062 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.055715084 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.056102037 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.056113958 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.056293964 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.056314945 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.056607962 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.056612015 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.056889057 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.056905985 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.057195902 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.057200909 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.151680946 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.151756048 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.151861906 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.151881933 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.151954889 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.244330883 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.244380951 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.244607925 CEST	49956	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.244626045 CEST	443	49956	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.246665001 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.246764898 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.246823072 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.324616909 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.324650049 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.324661016 CEST	49955	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.324667931 CEST	443	49955	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.341545105 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.341593027 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.341666937 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.341691017 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.341773987 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.341855049 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.341960907 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.341979980 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.342040062 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.342072964 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.496562958 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.497114897 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.497165918 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.497606993 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.497620106 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.507282019 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.507833958 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.507863045 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.508373976 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.508383036 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.596523046 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.597400904 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.597482920 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.597539902 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.597539902 CEST	49959	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.597573996 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.597601891 CEST	443	49959	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.600477934 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.600512028 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.600585938 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.600737095 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.600747108 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.607533932 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.607620955 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.607682943 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.607712030 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.607738972 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.607789040 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.607847929 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.607862949 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.607871056 CEST	49958	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.607876062 CEST	443	49958	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.610253096 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.610358000 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.610449076 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.610611916 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.610652924 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.676280022 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.676389933 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.676460981 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.676615953 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.676635981 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.676649094 CEST	49957	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.676655054 CEST	443	49957	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.680393934 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.680434942 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.680499077 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.680660963 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.680674076 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.988765955 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.989439964 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.989521027 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:25.989787102 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:25.989804029 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.008399963 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.008800983 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.008821964 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.009196997 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.009202957 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.095053911 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.095202923 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.095273018 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.095447063 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.095472097 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.095487118 CEST	49960	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.095494032 CEST	443	49960	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.099036932 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.099101067 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.099205971 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.099395990 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.099415064 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.153080940 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.153166056 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.153239012 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.153472900 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.153493881 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.153506041 CEST	49961	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.153512001 CEST	443	49961	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.156677008 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.156790018 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.156898975 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.157032967 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.157063961 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.233942986 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.234781981 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.234801054 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.235198975 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.235203981 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.298753977 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.299530983 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.299612999 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.300019979 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.300035954 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.321429968 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.324661016 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.324682951 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.325212002 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.325216055 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.333703995 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.333837032 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.333911896 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.333986044 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.334000111 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.334011078 CEST	49962	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.334016085 CEST	443	49962	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.340310097 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.340357065 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.340445042 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.340581894 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.340594053 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.404362917 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.404472113 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.404598951 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.404756069 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.404757023 CEST	49963	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.404804945 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.404834986 CEST	443	49963	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.408211946 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.408267021 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.408355951 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.408605099 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.408620119 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.420819044 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.421044111 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.421116114 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.421134949 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.421165943 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.421231031 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.421256065 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.421264887 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.421278954 CEST	49964	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.421283007 CEST	443	49964	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.424551010 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.424660921 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.424765110 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.424947023 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.424983978 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.741254091 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.742247105 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.742311954 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.743201017 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.743215084 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.788579941 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.789535999 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.789629936 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.789961100 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.789978027 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.840687037 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.840766907 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.840852976 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.841032982 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.841085911 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.841116905 CEST	49965	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.841134071 CEST	443	49965	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.844171047 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.844279051 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.844386101 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.844552040 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.844583988 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.887367964 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.887464046 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.887512922 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.887670040 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.887670994 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.887770891 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.887770891 CEST	49966	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.887814045 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.887847900 CEST	443	49966	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.890376091 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.890417099 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.890500069 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.890645981 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.890661001 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.976183891 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.980452061 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.980540037 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:26.981035948 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:26.981040955 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.077208996 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.077281952 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.077356100 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.077526093 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.077543020 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.077554941 CEST	49967	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.077559948 CEST	443	49967	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.079056025 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.079478025 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.079549074 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.080190897 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.080205917 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.082062960 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.082118034 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.082186937 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.082580090 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.082598925 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.086832047 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.090965033 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.091042995 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.093713045 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.093719959 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.180495977 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.180660963 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.180727005 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.180797100 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.180810928 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.180819988 CEST	49969	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.180824995 CEST	443	49969	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.183773041 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.183805943 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.183881998 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.184092045 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.184106112 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.203310966 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.203340054 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.203398943 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.203402042 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.203448057 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.203666925 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.203685045 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.203697920 CEST	49968	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.203705072 CEST	443	49968	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.206337929 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.206348896 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.206435919 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.206568003 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.206581116 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.479626894 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.482656956 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.482686043 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.483273983 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.483278990 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.539303064 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.549314976 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.549356937 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.549906015 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.549913883 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.578579903 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.578635931 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.578694105 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.578720093 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.578784943 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.601870060 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.601913929 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.601959944 CEST	49970	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.601975918 CEST	443	49970	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.606111050 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.606165886 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.606437922 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.606673002 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.606714010 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.646827936 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.646920919 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.647082090 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.659307957 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.659333944 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.659351110 CEST	49971	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.659359932 CEST	443	49971	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.670500994 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.670599937 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.670703888 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.671427965 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.671466112 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.729916096 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.766868114 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.766952991 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.767431974 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.767448902 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.840576887 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.847223997 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.847237110 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.847827911 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.847835064 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.857954025 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.861824036 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.861850023 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.866545916 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.866554976 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.870261908 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.870289087 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.870357990 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.870378971 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.870454073 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.871591091 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.871634007 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.871668100 CEST	49972	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.871685982 CEST	443	49972	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.913573980 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.913613081 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.913707972 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.941762924 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.941786051 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.943223000 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.943710089 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.943751097 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.943773985 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.943821907 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.943854094 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.943873882 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.943886042 CEST	49974	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.943892002 CEST	443	49974	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.946855068 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.946892977 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.946963072 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.947104931 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.947118044 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.965399027 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.965456963 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.965528965 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.965540886 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.965881109 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.965944052 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.990294933 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.990323067 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:27.990345001 CEST	49973	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:27.990350962 CEST	443	49973	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.005491018 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.005542994 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.005625963 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.010760069 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.010797977 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.246392012 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.247107983 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.247179031 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.247716904 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.247734070 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.333709002 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.334578037 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.334641933 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.335184097 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.335202932 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.344593048 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.344753981 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.344944000 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.345026970 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.345027924 CEST	49975	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.345074892 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.345109940 CEST	443	49975	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.348418951 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.348469973 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.348572016 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.348752975 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.348772049 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.436486959 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.436531067 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.436594009 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.436625004 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.436697960 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.436954021 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.437006950 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.437041044 CEST	49976	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.437061071 CEST	443	49976	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.440710068 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.440808058 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.440922976 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.441148996 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.441179037 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.604552031 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.608371019 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.608397961 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.609318018 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.609323978 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.611052036 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.611417055 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.611422062 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.611947060 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.611951113 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.657807112 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.658386946 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.658423901 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.659147978 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.659161091 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.707833052 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.707916975 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.707997084 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.708281040 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.708300114 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.708314896 CEST	49977	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.708319902 CEST	443	49977	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.712654114 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.712749004 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.712873936 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.713089943 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.713119984 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.714755058 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.714790106 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.714833021 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.714876890 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.714991093 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.715044022 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.715044022 CEST	49978	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.715055943 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.715065002 CEST	443	49978	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.717675924 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.717713118 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.717797041 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.717972040 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.717983007 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.758714914 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.758882999 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.758970022 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.759129047 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.759162903 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.759176970 CEST	49979	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.759185076 CEST	443	49979	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.762924910 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.762979031 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.763103008 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.763307095 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.763340950 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.984875917 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.985637903 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.985676050 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:28.986176014 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:28.986186981 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.080765963 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.082057953 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.082137108 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.083756924 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.083772898 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.084103107 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.084176064 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.084235907 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.084276915 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.084301949 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.084355116 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.084487915 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.084510088 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.084521055 CEST	49980	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.084526062 CEST	443	49980	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.091944933 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.091984034 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.092070103 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.096657991 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.096671104 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.203046083 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.203140020 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.203221083 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.203576088 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.203598976 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.203617096 CEST	49981	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.203624010 CEST	443	49981	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.207829952 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.207859993 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.207932949 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.208161116 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.208175898 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.358493090 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.359122038 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.359139919 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.359838009 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.359843016 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.390607119 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.391273975 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.391355038 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.391715050 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.391732931 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.406163931 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.406857967 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.406923056 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.407150984 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.407166004 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.457793951 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.457920074 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.458009958 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.458304882 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.458304882 CEST	49983	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.458333969 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.458345890 CEST	443	49983	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.462918997 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.463006973 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.463107109 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.463295937 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.463329077 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.493572950 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.493606091 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.493654013 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.493707895 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.493767023 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.493956089 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.493998051 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.494025946 CEST	49982	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.494043112 CEST	443	49982	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.496853113 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.496881962 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.496967077 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.497101068 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.497108936 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.505013943 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.505244970 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.505469084 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.505469084 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.505469084 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.508353949 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.508405924 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.508508921 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.508642912 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.508662939 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.767844915 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.773412943 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.773428917 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.773948908 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.773957014 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.818715096 CEST	49984	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.818789959 CEST	443	49984	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.863900900 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.864485979 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.864521980 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.865158081 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.865165949 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.872709036 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.872769117 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.872822046 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.872839928 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.872873068 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.872924089 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.873126984 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.873140097 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.873155117 CEST	49985	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.873159885 CEST	443	49985	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.877295971 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.877389908 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.877501965 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.877640963 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.877660990 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.970319033 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.970457077 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.970532894 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.970799923 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.970818996 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.970849037 CEST	49986	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.970854998 CEST	443	49986	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.974827051 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.974870920 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:29.974967957 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.975169897 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:29.975188017 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.127594948 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.128318071 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.128420115 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.129117966 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.129132032 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.143446922 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.144619942 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.144634008 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.146059990 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.146064997 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.147675037 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.148538113 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.148570061 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.149936914 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.149952888 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.231453896 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.231637001 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.231759071 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.232090950 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.232090950 CEST	49987	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.232148886 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.232181072 CEST	443	49987	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.236010075 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.236082077 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.236187935 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.236382961 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.236402035 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.244894981 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.245007992 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.245055914 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.245074987 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.245134115 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.247879982 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.248039961 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.248109102 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.248318911 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.248337984 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.248348951 CEST	49988	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.248354912 CEST	443	49988	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.248553991 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.248575926 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.248589993 CEST	49989	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.248596907 CEST	443	49989	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.327500105 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.327584028 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.327702999 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.327888012 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.327899933 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.327960014 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.328032017 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.328049898 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.328104019 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.328119993 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.518405914 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.522346020 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.522408962 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.525146008 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.525161982 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.614061117 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.615107059 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.615164042 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.615863085 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.615880013 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.620117903 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.620153904 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.620209932 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.620238066 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.620301008 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.620601892 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.620621920 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.620637894 CEST	49990	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.620645046 CEST	443	49990	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.624255896 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.624299049 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.624407053 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.624622107 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.624634027 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.713745117 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.713922977 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.714025021 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.714173079 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.714201927 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.714215994 CEST	49991	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.714224100 CEST	443	49991	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.717595100 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.717650890 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.717741013 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.717902899 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.717922926 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.879143953 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.880105972 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.880140066 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.880687952 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.880698919 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.976538897 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.977191925 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.977242947 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.977596045 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.977608919 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.979208946 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.979530096 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.979598999 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.979686975 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.979686975 CEST	49992	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.979736090 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.979768038 CEST	443	49992	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.982861042 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.982908010 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.982995987 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.983143091 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.983160973 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.994263887 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.994760990 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.994795084 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:30.995183945 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:30.995193958 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.078171015 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.078258991 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.078334093 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.078634024 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.078634024 CEST	49994	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.078681946 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.078707933 CEST	443	49994	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.084789991 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.084839106 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.084911108 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.085933924 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.085953951 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.098701954 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.098773956 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.098891973 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.098912954 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.098954916 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.099016905 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.099041939 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.099066019 CEST	49993	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.099081993 CEST	443	49993	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.104319096 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.104384899 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.104451895 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.104676962 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.104702950 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.277057886 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.277674913 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.277703047 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.278227091 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.278239965 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.367475033 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.368175983 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.368252039 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.368709087 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.368730068 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.469083071 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.469110966 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.469141960 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.469260931 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.469511986 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.469559908 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.469594955 CEST	49996	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.469614029 CEST	443	49996	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.472806931 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.472903967 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.473012924 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.473164082 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.473200083 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.601599932 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.601946115 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.602121115 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.602121115 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.602121115 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.605221987 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.605276108 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.605361938 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.605519056 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.605535030 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.622725010 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.623289108 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.623311996 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.623939037 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.623951912 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.725034952 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.725334883 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.725414991 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.726584911 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.726623058 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.726639032 CEST	49997	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.726648092 CEST	443	49997	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.730037928 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.730101109 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.730179071 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.730319977 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.730338097 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.736206055 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.736558914 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.736583948 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.737019062 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.737027884 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.742100954 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.742568970 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.742599964 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.742974043 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.742981911 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.838211060 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.838284016 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.838360071 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.838453054 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.838748932 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.838748932 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.841998100 CEST	49998	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.842022896 CEST	443	49998	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.842017889 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.842106104 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.842201948 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.842363119 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.842396021 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.843373060 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.843585014 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.843673944 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.843738079 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.843738079 CEST	49999	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.843780041 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.843808889 CEST	443	49999	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.846159935 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.846203089 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.846290112 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.846436024 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.846452951 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:31.912969112 CEST	49995	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:31.913008928 CEST	443	49995	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.107444048 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.108084917 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.108170986 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.108748913 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.108766079 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.206574917 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.206669092 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.206864119 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.207004070 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.207060099 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.207093000 CEST	50000	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.207110882 CEST	443	50000	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.210689068 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.210791111 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.210902929 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.211047888 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.211087942 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.242571115 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.243196964 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.243220091 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.243762016 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.243767977 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.341828108 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.341916084 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.341967106 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.342170000 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.342197895 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.342212915 CEST	50001	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.342220068 CEST	443	50001	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.345333099 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.345390081 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.345463991 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.345613003 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.345629930 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.392429113 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.393038988 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.393071890 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.393553019 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.393563032 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.441289902 CEST	49861	443	192.168.2.4	142.250.185.68
Oct 7, 2024 13:24:32.441324949 CEST	443	49861	142.250.185.68	192.168.2.4
Oct 7, 2024 13:24:32.494980097 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.495738983 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.495765924 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.496227980 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.496232033 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.507450104 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.507582903 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.507647038 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.507652044 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.507714033 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.508271933 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.508306026 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.508336067 CEST	50002	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.508342981 CEST	443	50002	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.511838913 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.511873007 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.511962891 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.512125015 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.512132883 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.527510881 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.528069973 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.528120995 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.528595924 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.528609991 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.593262911 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.593338966 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.593408108 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.593431950 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.593456030 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.593513966 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.593765020 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.593780994 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.593791008 CEST	50004	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.593799114 CEST	443	50004	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.596937895 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.597001076 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.597064972 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.597265005 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.597290039 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.632215977 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.632481098 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.632590055 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.634023905 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.634068012 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.634099960 CEST	50003	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.634116888 CEST	443	50003	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.638201952 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.638302088 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.638426065 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.638577938 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.638607979 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.872677088 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:32.915846109 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:32.983830929 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.026040077 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.026083946 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.026679993 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.026695013 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.029078007 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.029115915 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.029639006 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.029650927 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.125814915 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.125843048 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.125900984 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.125953913 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.125955105 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.126610994 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.126703024 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.126759052 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.128766060 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.128766060 CEST	50006	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.128812075 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.128839016 CEST	443	50006	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.139830112 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.139858961 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.139883995 CEST	50005	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.139898062 CEST	443	50005	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.148984909 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.159208059 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.159223080 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.159591913 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.159595966 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.166124105 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.166177988 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.166248083 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.166493893 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.166508913 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.168967009 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.169015884 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.169068098 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.171822071 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.171843052 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.249211073 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.256048918 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.256102085 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.256442070 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.256449938 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.274154902 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.274648905 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.274678946 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.275032997 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.275038958 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.290498018 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.290649891 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.290796041 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.290831089 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.290853977 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.290865898 CEST	50007	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.290873051 CEST	443	50007	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.293976068 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.294037104 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.294122934 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.294308901 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.294328928 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.353427887 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.353606939 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.353696108 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.353966951 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.353991985 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.354031086 CEST	50008	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.354039907 CEST	443	50008	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.357060909 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.357109070 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.357202053 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.357434034 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.357446909 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.375683069 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.376218081 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.376302004 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.376348972 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.376374006 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.376393080 CEST	50009	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.376401901 CEST	443	50009	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.378828049 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.378840923 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.378928900 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.379163027 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.379173994 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.831631899 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.832139015 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.832181931 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.832581043 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.832588911 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.832632065 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.832895994 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.832968950 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.833225965 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.833240986 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.933669090 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.934150934 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.934200048 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.934556007 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.934565067 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.935347080 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.935426950 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.935477972 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.935573101 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.935591936 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.935623884 CEST	50011	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.935631037 CEST	443	50011	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.936096907 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.936136007 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.936186075 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.936196089 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.936239958 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.936320066 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.936343908 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.936358929 CEST	50010	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.936367035 CEST	443	50010	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.937922001 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.937967062 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.938044071 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.938043118 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.938086987 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.938143015 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.938147068 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.938160896 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:33.938286066 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:33.938296080 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.051476002 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.051621914 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.051769972 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.051856995 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.051856995 CEST	50012	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.051909924 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.051938057 CEST	443	50012	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.053155899 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.053988934 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.054024935 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.054349899 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.054380894 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.054428101 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.054431915 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.054461002 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.054555893 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.054558992 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.058028936 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.058320045 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.058332920 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.058655977 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.058659077 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.157726049 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.158041000 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.158143997 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.158385992 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.158456087 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.158456087 CEST	50013	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.158476114 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.158483982 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.158485889 CEST	443	50013	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.158535004 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.159477949 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.159482956 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.159492016 CEST	50014	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.159498930 CEST	443	50014	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.161678076 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.161760092 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.161844015 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.162348986 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.162360907 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.162383080 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.162401915 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.162508965 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.162555933 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.162564039 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.249387980 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.251972914 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.252542019 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.252621889 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.252826929 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.252841949 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.253000975 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.253031015 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.253305912 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.253318071 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.352823973 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.352914095 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.353012085 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.356637955 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.356998920 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.357084990 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.365751028 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.365751028 CEST	50017	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.365803003 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.365833998 CEST	443	50017	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.366950035 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.366950989 CEST	50016	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.366995096 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.367022038 CEST	443	50016	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.369426966 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.369527102 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.369621038 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.370354891 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.370378017 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.370450020 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.370524883 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.370559931 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.370637894 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.370662928 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.699306011 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.699855089 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.699911118 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.700154066 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.700165033 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.798093081 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.799485922 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.799668074 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.799668074 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.799668074 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.801886082 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.801929951 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.802001953 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.802141905 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.802159071 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.805694103 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.806014061 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.806042910 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.806360006 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.806370974 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.844269991 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.844594002 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.844626904 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.845004082 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.845016956 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.905229092 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.905630112 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.905739069 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.905826092 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.905846119 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.905846119 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.907627106 CEST	50020	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.907639980 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.907646894 CEST	443	50020	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.907713890 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.907790899 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.907881975 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.907900095 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.947727919 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.947973967 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.948159933 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.948160887 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.948160887 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.949692011 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.949789047 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:35.949881077 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.950009108 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:35.950045109 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.007433891 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.008069038 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.008153915 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.008588076 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.008604050 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.031716108 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.032006025 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.032049894 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.032335043 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.032347918 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.100567102 CEST	50018	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.100609064 CEST	443	50018	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.106652021 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.106688976 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.106739044 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.106767893 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.106785059 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.106849909 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.107042074 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.107080936 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.107108116 CEST	50021	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.107125998 CEST	443	50021	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.110877991 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.110946894 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.111026049 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.111198902 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.111217022 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.135097980 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.135763884 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.135862112 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.136010885 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.136039019 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.136065960 CEST	50022	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.136079073 CEST	443	50022	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.139570951 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.139599085 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.139658928 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.139945984 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.139955044 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.256769896 CEST	50019	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.256846905 CEST	443	50019	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.447771072 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.448244095 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.448285103 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.448611975 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.448618889 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.547744989 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.547815084 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.547916889 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.547928095 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.547988892 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.548051119 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.548074961 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.548114061 CEST	50023	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.548119068 CEST	443	50023	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.550549030 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.550616026 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.550694942 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.550827980 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.550834894 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.583518028 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.583848000 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.583940983 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.584165096 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.584186077 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.585930109 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.586167097 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.586214066 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.586457014 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.586468935 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.683178902 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.683530092 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.683732033 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.683732986 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.683830976 CEST	50025	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.683872938 CEST	443	50025	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.686330080 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.686367989 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.686429024 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.686549902 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.686558962 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.691054106 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.691112041 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.691162109 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.691441059 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.691456079 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.691468000 CEST	50024	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.691473007 CEST	443	50024	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.694726944 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.694740057 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.694827080 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.695029974 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.695045948 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.757157087 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.757803917 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.757869959 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.758142948 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.758158922 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.792737007 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.793705940 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.793735027 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.794414043 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.794426918 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.858656883 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.858874083 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.858985901 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.859168053 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.859215975 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.859246969 CEST	50026	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.859265089 CEST	443	50026	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.863020897 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.863059998 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.863159895 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.863348007 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.863359928 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.893610954 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.893676996 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.893779993 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.893798113 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.893935919 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.894234896 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.894272089 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.894300938 CEST	50027	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.894315958 CEST	443	50027	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.897934914 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.898020029 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:36.898114920 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.898298979 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:36.898333073 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.246160984 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.246675968 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.246716976 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.247179985 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.247201920 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.320219040 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.320815086 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.320863962 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.321259975 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.321268082 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.355573893 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.358010054 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.358084917 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.358417034 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.358424902 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.363929987 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.364099979 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.364187956 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.364299059 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.364326954 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.364339113 CEST	50028	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.364343882 CEST	443	50028	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.367679119 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.367727995 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.367834091 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.367964029 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.367969990 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.418515921 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.418916941 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.419049978 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.419104099 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.419104099 CEST	50029	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.419130087 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.419145107 CEST	443	50029	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.422343016 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.422363997 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.422466993 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.422653913 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.422669888 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.473342896 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.473361969 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.473402023 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.473479986 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.473520994 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.473804951 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.473829031 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.473840952 CEST	50030	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.473845959 CEST	443	50030	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.477134943 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.477215052 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.477330923 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.477462053 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.477482080 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.498761892 CEST	62887	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:24:37.499587059 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.500072002 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.500093937 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.500516891 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.500520945 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.504426003 CEST	53	62887	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:37.504508972 CEST	62887	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:24:37.504548073 CEST	62887	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:24:37.509449959 CEST	53	62887	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:37.568259954 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.569091082 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.569147110 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.569612026 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.569623947 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.672957897 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.673011065 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.673103094 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.673135042 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.673198938 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.673397064 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.673444986 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.673476934 CEST	50032	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.673492908 CEST	443	50032	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.676136017 CEST	62888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.676163912 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.676230907 CEST	62888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.676359892 CEST	62888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.676371098 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.916196108 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.916359901 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.916419983 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.969759941 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.969782114 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.969795942 CEST	50031	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.969800949 CEST	443	50031	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.977457047 CEST	62889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.977557898 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:37.977648973 CEST	62889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.977840900 CEST	62889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:37.977865934 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.201661110 CEST	53	62887	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:38.203021049 CEST	62887	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:24:38.208327055 CEST	53	62887	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:38.208420992 CEST	62887	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:24:38.295630932 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.296178102 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.296195030 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.296688080 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.296693087 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.381850958 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.383263111 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.383339882 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.383683920 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.383698940 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.395648003 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.395701885 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.395793915 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.395814896 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.395834923 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.395977020 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.396120071 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.396147966 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.396161079 CEST	50033	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.396168947 CEST	443	50033	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.399708986 CEST	62891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.399734974 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.399801970 CEST	62891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.399959087 CEST	62891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.399969101 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.418119907 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.418601990 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.418615103 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.419157982 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.419162989 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.485871077 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.485883951 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.486001015 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.486098051 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.486099005 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.486227989 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.486263037 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.486293077 CEST	50035	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.486310959 CEST	443	50035	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.489300966 CEST	62892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.489382029 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.489481926 CEST	62892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.489624023 CEST	62892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.489656925 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.574922085 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.575561047 CEST	62888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.575575113 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.576200962 CEST	62888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.576205015 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.634644985 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.635135889 CEST	62889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.635231018 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.635375023 CEST	62889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.635394096 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.679274082 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.679461002 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.679528952 CEST	62888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.679668903 CEST	62888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.679713011 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.679744005 CEST	62888	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.679759979 CEST	443	62888	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.682657003 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.682701111 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.682777882 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.682915926 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.682928085 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.716932058 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.716989040 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.717045069 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.717063904 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.717171907 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.717225075 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.717272997 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.717287064 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.717294931 CEST	50034	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.717299938 CEST	443	50034	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.720050097 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.720067978 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.720185995 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.720316887 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.720347881 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.733697891 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.733854055 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.733935118 CEST	62889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.734019041 CEST	62889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.734019041 CEST	62889	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.734062910 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.734090090 CEST	443	62889	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.736236095 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.736295938 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:38.736399889 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.736534119 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:38.736565113 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.037766933 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.038378954 CEST	62891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.038393974 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.039221048 CEST	62891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.039225101 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.122626066 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.123459101 CEST	62892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.123547077 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.123980999 CEST	62892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.123996973 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.141222000 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.141377926 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.141434908 CEST	62891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.145414114 CEST	62891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.145425081 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.145432949 CEST	62891	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.145437002 CEST	443	62891	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.153115988 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.153198957 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.153311014 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.153449059 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.153471947 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.231604099 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.232599020 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.232664108 CEST	62892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.232830048 CEST	62892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.232831001 CEST	62892	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.232847929 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.232861042 CEST	443	62892	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.235593081 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.235641003 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.235704899 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.235841036 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.235857010 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.349400043 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.349957943 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.349981070 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.351465940 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.351474047 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.368767977 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.370778084 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.370798111 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.371187925 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.371193886 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.383368969 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.384836912 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.384855032 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.385209084 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.385215044 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.453480005 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.453535080 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.453627110 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.453644037 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.453676939 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.453736067 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.453877926 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.453897953 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.453910112 CEST	62893	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.453916073 CEST	443	62893	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.456809998 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.456841946 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.456943989 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.457109928 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.457127094 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.471483946 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.471522093 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.471577883 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.471611977 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.471645117 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.471832037 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.471849918 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.471860886 CEST	62894	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.471865892 CEST	443	62894	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.473903894 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.473980904 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.474061966 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.474186897 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.474220037 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.488985062 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.489007950 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.489022970 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.489082098 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.489100933 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.489156961 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.572817087 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.572875023 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.573044062 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.573044062 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.575728893 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.575776100 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.575809956 CEST	62895	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.575825930 CEST	443	62895	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.579221964 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.579307079 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.579404116 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.579667091 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.579703093 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.801292896 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.801896095 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.801949978 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.802720070 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.802732944 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.867881060 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.871887922 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.871910095 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.900113106 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.900124073 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.903049946 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.903073072 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.903152943 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.903187037 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.903522015 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.905411005 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.905456066 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.905487061 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.905487061 CEST	62896	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.905509949 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.905529022 CEST	443	62896	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.917272091 CEST	62901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.917390108 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:39.917495966 CEST	62901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.917640924 CEST	62901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:39.917680025 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.002137899 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.002161026 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.002274990 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.002476931 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.002477884 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.002510071 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.002566099 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.087255955 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.087311983 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.087326050 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.087362051 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.087413073 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.087651014 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.087673903 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.087685108 CEST	62897	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.087691069 CEST	443	62897	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.098210096 CEST	62902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.098259926 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.098351002 CEST	62902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.110812902 CEST	62902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.110833883 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.115667105 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.118067026 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.118134975 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.118715048 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.118731022 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.126271009 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.126655102 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.126678944 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.127336025 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.127341032 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.213722944 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.213776112 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.213845015 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.213876963 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.213915110 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.213992119 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.214265108 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.214301109 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.214332104 CEST	62899	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.214346886 CEST	443	62899	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.222619057 CEST	62903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.222707033 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.222801924 CEST	62903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.222969055 CEST	62903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.223002911 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.227833986 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.227885962 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.227902889 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.227987051 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.227998972 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.228142977 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.228199959 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.272329092 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.279644012 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.279683113 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.279695034 CEST	62898	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.279700994 CEST	443	62898	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.281295061 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.281307936 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.281866074 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.281877041 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.284878016 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.284939051 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.285152912 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.285476923 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.285495996 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.555756092 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.555919886 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.556008101 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.556170940 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.556216955 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.556248903 CEST	62900	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.556266069 CEST	443	62900	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.559317112 CEST	62905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.559355974 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.559442043 CEST	62905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.559601068 CEST	62905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.559617043 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.751348972 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.752180099 CEST	62902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.752268076 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.752912045 CEST	62902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.752927065 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.754894018 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.755364895 CEST	62901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.755382061 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.755908012 CEST	62901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.755919933 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.850697041 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.850893974 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.851037979 CEST	62902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.851238966 CEST	62902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.851280928 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.851309061 CEST	62902	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.851324081 CEST	443	62902	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.854798079 CEST	62906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.854897022 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.855007887 CEST	62906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.855222940 CEST	62906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.855262041 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.857495070 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.857651949 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.857723951 CEST	62901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.857754946 CEST	62901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.857772112 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.857793093 CEST	62901	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.857804060 CEST	443	62901	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.860167027 CEST	62907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.860209942 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.860299110 CEST	62907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.860457897 CEST	62907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.860472918 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.868040085 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.868498087 CEST	62903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.868556976 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.869054079 CEST	62903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.869067907 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.953810930 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.954334021 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.954370975 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.954758883 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.954766035 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.968288898 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.968455076 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.968568087 CEST	62903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.968631029 CEST	62903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.968664885 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.968712091 CEST	62903	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.968728065 CEST	443	62903	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.971246004 CEST	62908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.971358061 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:40.971450090 CEST	62908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.971626997 CEST	62908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:40.971666098 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.055808067 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.055876017 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.055986881 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.055990934 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.056046009 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.056329966 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.056349993 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.056361914 CEST	62904	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.056366920 CEST	443	62904	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.216681957 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.217225075 CEST	62905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.217257023 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.217787981 CEST	62905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.217793941 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.316668987 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.316822052 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.317003965 CEST	62905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.317075968 CEST	62905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.317097902 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.317110062 CEST	62905	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.317117929 CEST	443	62905	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.502175093 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.502604008 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.502787113 CEST	62907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.502832890 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.503082037 CEST	62906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.503175020 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.503218889 CEST	62907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.503223896 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.503659964 CEST	62906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.503675938 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.604010105 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.604288101 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.604393959 CEST	62907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.604463100 CEST	62907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.604463100 CEST	62907	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.604502916 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.604530096 CEST	443	62907	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.604823112 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.605014086 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.605096102 CEST	62906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.605355978 CEST	62906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.605355978 CEST	62906	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.605403900 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.605437994 CEST	443	62906	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.613387108 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.613883018 CEST	62908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.613918066 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.614275932 CEST	62908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.614305019 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.711654902 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.711827993 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.711931944 CEST	62908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.712280035 CEST	62908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.712327957 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:41.712359905 CEST	62908	443	192.168.2.4	13.107.246.45
Oct 7, 2024 13:24:41.712377071 CEST	443	62908	13.107.246.45	192.168.2.4
Oct 7, 2024 13:24:49.355189085 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:49.355293036 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:49.355484009 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:49.357461929 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:49.357546091 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:49.920595884 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:49.920708895 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:49.921041965 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:49.921160936 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:49.921194077 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:50.988590002 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:50.989305973 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:50.989371061 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:50.990128994 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:50.990561962 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:50.990621090 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:50.990644932 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:50.990667105 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:50.990672112 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.031431913 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.038254976 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.066421032 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.066962004 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.067023039 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.067806005 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.068294048 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.068341970 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.068341970 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.068362951 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.068393946 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.116120100 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.290990114 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.291202068 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.291371107 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.291863918 CEST	62910	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.291908979 CEST	443	62910	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.372792006 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.373131037 CEST	443	62909	142.250.186.110	192.168.2.4
Oct 7, 2024 13:24:51.373200893 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.373684883 CEST	62909	443	192.168.2.4	142.250.186.110
Oct 7, 2024 13:24:51.373708010 CEST	443	62909	142.250.186.110	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 13:23:04.490978003 CEST	53	61843	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:04.511553049 CEST	49188	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:04.511794090 CEST	52327	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:04.518644094 CEST	53	49188	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:04.519665956 CEST	53	49608	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:04.528271914 CEST	53	52327	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:05.706773996 CEST	63000	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:05.706896067 CEST	54940	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:05.713967085 CEST	53	54940	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:05.713977098 CEST	53	63000	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:05.719521999 CEST	53	64002	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:08.881088972 CEST	64525	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:08.881247044 CEST	49792	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:08.892936945 CEST	53	49792	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:08.892950058 CEST	53	64525	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:11.220211029 CEST	53	54108	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:14.749054909 CEST	61557	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:14.749171972 CEST	63512	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:14.756349087 CEST	53	61557	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:14.756369114 CEST	53	63512	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:15.816301107 CEST	57435	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:15.816466093 CEST	59502	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:23:15.823663950 CEST	53	57435	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:15.823678017 CEST	53	59502	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:16.829144001 CEST	53	53325	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:18.669130087 CEST	138	138	192.168.2.4	192.168.2.255
Oct 7, 2024 13:23:22.671767950 CEST	53	63901	1.1.1.1	192.168.2.4
Oct 7, 2024 13:23:41.594727993 CEST	53	64186	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:04.205929041 CEST	53	53614	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:04.311774015 CEST	53	49620	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:16.519414902 CEST	53	51081	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:17.368278027 CEST	62604	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:24:17.368480921 CEST	64546	53	192.168.2.4	1.1.1.1
Oct 7, 2024 13:24:17.375216961 CEST	53	64546	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:17.375715017 CEST	53	62604	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:32.449207067 CEST	53	62097	1.1.1.1	192.168.2.4
Oct 7, 2024 13:24:37.498275042 CEST	53	64753	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 13:23:04.511553049 CEST	192.168.2.4	1.1.1.1	0xc212	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:04.511794090 CEST	192.168.2.4	1.1.1.1	0xd388	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 13:23:05.706773996 CEST	192.168.2.4	1.1.1.1	0x3c31	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.706896067 CEST	192.168.2.4	1.1.1.1	0xdfa2	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 13:23:08.881088972 CEST	192.168.2.4	1.1.1.1	0xc2e2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:08.881247044 CEST	192.168.2.4	1.1.1.1	0xe42	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 13:23:14.749054909 CEST	192.168.2.4	1.1.1.1	0x66d4	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:14.749171972 CEST	192.168.2.4	1.1.1.1	0xc588	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 13:23:15.816301107 CEST	192.168.2.4	1.1.1.1	0x861a	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:15.816466093 CEST	192.168.2.4	1.1.1.1	0x6051	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 13:24:17.368278027 CEST	192.168.2.4	1.1.1.1	0x67ca	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:24:17.368480921 CEST	192.168.2.4	1.1.1.1	0x3f77	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 13:23:04.518644094 CEST	1.1.1.1	192.168.2.4	0xc212	No error (0)	youtube.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:04.528271914 CEST	1.1.1.1	192.168.2.4	0xd388	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 13:23:05.713967085 CEST	1.1.1.1	192.168.2.4	0xdfa2	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713967085 CEST	1.1.1.1	192.168.2.4	0xdfa2	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:05.713977098 CEST	1.1.1.1	192.168.2.4	0x3c31	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:08.892936945 CEST	1.1.1.1	192.168.2.4	0xe42	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 13:23:08.892950058 CEST	1.1.1.1	192.168.2.4	0xc2e2	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:14.756349087 CEST	1.1.1.1	192.168.2.4	0x66d4	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 13:23:14.756349087 CEST	1.1.1.1	192.168.2.4	0x66d4	No error (0)	www3.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:23:14.756369114 CEST	1.1.1.1	192.168.2.4	0xc588	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 13:23:15.823663950 CEST	1.1.1.1	192.168.2.4	0x861a	No error (0)	play.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 13:24:17.375715017 CEST	1.1.1.1	192.168.2.4	0x67ca	No error (0)	play.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

accounts.youtube.com

www.google.com

play.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	172.217.16.142	443	7832	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:05 UTC	851	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 11:23:05 UTC	1704	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 11:23:05 GMT Date: Mon, 07 Oct 2024 11:23:05 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Server: ESF Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	172.217.18.110	443	7832	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:06 UTC	869	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 11:23:06 UTC	2634	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 11:23:06 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Content-Security-Policy: require-trusted-types-for 'script' Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 11:53:06 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=YiOm4y6Te4w; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=OU2QjVRJuBc; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 11:23:06 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgOQ%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 11:23:06 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 11:23:10 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=192152 Date: Mon, 07 Oct 2024 11:23:10 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 11:23:11 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=192087 Date: Mon, 07 Oct 2024 11:23:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 11:23:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49757	216.58.206.46	443	7832	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:15 UTC	1236	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-528144849&timestamp=1728300193684 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 11:23:15 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-3dP3yVugZ18Y3uFwmKB8IA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 11:23:15 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmII0pBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIh2NxZ_8ONoEXD3_OZlLSS8ovjM9MSc0rySypTMnPTczMS87Pz85MLS5OLSpLLYo3MjAyMbA0stQzsIgvMAAA4O4tkg" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 37 36 31 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 33 64 50 33 79 56 75 67 5a 31 38 59 33 75 46 77 6d 4b 42 38 49 41 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 7615<html><head><script nonce="3dP3yVugZ18Y3uFwmKB8IA">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
2024-10-07 11:23:15 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	142.250.185.68	443	7832	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:18 UTC	1017	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 11:23:18 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 10:09:04 GMT Expires: Tue, 15 Oct 2024 10:09:04 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 4454 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 11:23:18 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 11:23:18 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 11:23:18 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 11:23:18 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 11:23:18 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49769	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:19 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=VHV8A9Yd+22nUsD&MD=9zWC1dr4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 11:23:19 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 3f4d6b05-ebbb-4e34-a2c2-c697424ab6ed MS-RequestId: c7b9924d-f18d-46eb-8baa-85374bd10cfe MS-CV: Rl0S14NTaUayMBKN.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 11:23:19 GMT Connection: close Content-Length: 24490
2024-10-07 11:23:19 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 11:23:19 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:55 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:55 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:55 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 04 Oct 2024 23:21:50 GMT ETag: "0x8DCE4CB535A72FA" x-ms-request-id: 4dad204e-401e-005b-4bf5-169c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112355Z-1657d5bbd48jwrqbupe3ktsx9w00000003fg00000000gtd2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:55 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 11:23:55 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:56 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:56 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112356Z-1657d5bbd48vlsxxpe15ac3q7n00000003ag00000000c327 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:56 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:56 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:56 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112356Z-1657d5bbd482krtfgrg72dfbtn000000038g000000000vdc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:56 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:56 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:56 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112356Z-1657d5bbd48lknvp09v995n79000000002x000000000gp40 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:56 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:56 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:56 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c62b5fc1-401e-0067-3a60-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112356Z-1657d5bbd48dfrdj7px744zp8s000000034000000000amsc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:56 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:57 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:57 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112357Z-1657d5bbd48tnj6wmberkg2xy800000003dg00000000cxsd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:57 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:57 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:57 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112357Z-1657d5bbd48cpbzgkvtewk0wu000000003eg00000000b8sc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:57 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49792	13.107.246.45	443	7832	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:57 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:57 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112357Z-1657d5bbd487nf59mzf5b3gk8n000000034g000000001tay x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:57 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:57 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:57 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112357Z-1657d5bbd4824mj9d6vp65b6n400000003gg00000000f998 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:57 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:57 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:57 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b27588a3-a01e-003d-6001-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112357Z-1657d5bbd48lknvp09v995n790000000031g000000008eat x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:57 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49794	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:58 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=VHV8A9Yd+22nUsD&MD=9zWC1dr4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 11:23:59 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: e95771a2-6c76-486b-9455-e20a5e3cc944 MS-RequestId: 484d2d0e-43d5-4dff-abee-5863b74717d5 MS-CV: A7W3QPHe6E68GUSm.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 11:23:58 GMT Connection: close Content-Length: 30005
2024-10-07 11:23:59 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-07 11:23:59 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:58 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:58 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112358Z-1657d5bbd48vhs7r2p1ky7cs5w00000003mg00000000f8bu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:59 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:58 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:58 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112358Z-1657d5bbd48xdq5dkwwugdpzr000000003ug000000000gtr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:59 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:58 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:58 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112358Z-1657d5bbd482lxwq1dp2t1zwkc000000033000000000dfc6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:59 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:58 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:58 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112358Z-1657d5bbd482krtfgrg72dfbtn0000000360000000005t8c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:59 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:58 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:23:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:58 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112358Z-1657d5bbd48jwrqbupe3ktsx9w00000003n0000000007s57 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:23:59 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:59 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:59 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112359Z-1657d5bbd48xdq5dkwwugdpzr000000003qg00000000ape0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:59 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:59 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112359Z-1657d5bbd48xsz2nuzq4vfrzg800000003bg000000002k15 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:59 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:59 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112359Z-1657d5bbd4824mj9d6vp65b6n400000003gg00000000f9d0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:59 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:59 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112359Z-1657d5bbd48762wn1qw4s5sd300000000390000000008szc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:23:59 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:23:59 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112359Z-1657d5bbd4824mj9d6vp65b6n400000003h000000000cuwa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:00 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:00 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112400Z-1657d5bbd48vhs7r2p1ky7cs5w00000003u0000000001wc3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:00 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:00 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112400Z-1657d5bbd48jwrqbupe3ktsx9w00000003n0000000007s7f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:00 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:00 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112400Z-1657d5bbd48lknvp09v995n79000000002z000000000dm25 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:00 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:00 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112400Z-1657d5bbd48f7nlxc7n5fnfzh000000002z000000000efdx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:00 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:00 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: d112c6a6-a01e-000d-2160-17d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112400Z-1657d5bbd48lknvp09v995n79000000002z000000000dm27 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:00 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:01 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:01 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112401Z-1657d5bbd48sdh4cyzadbb3748000000037g000000009yu2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:01 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:01 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:01 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112401Z-1657d5bbd48lknvp09v995n790000000032g000000005wct x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:01 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:01 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:01 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112401Z-1657d5bbd48xdq5dkwwugdpzr000000003r00000000097hy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:01 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:01 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:01 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112401Z-1657d5bbd48jwrqbupe3ktsx9w00000003m000000000a97a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:01 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:01 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:01 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112401Z-1657d5bbd48f7nlxc7n5fnfzh000000002y000000000fqw9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:01 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:02 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:02 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 13aa935b-d01e-0014-4baa-18ed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112402Z-1657d5bbd48hzllksrq1r6zsvs00000000gg0000000085y3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:02 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:02 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:02 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:02 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 13be5939-001e-0082-5bab-185880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112402Z-1657d5bbd48hzllksrq1r6zsvs00000000m000000000702a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-07 11:24:02 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:02 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:02 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112402Z-1657d5bbd48xlwdx82gahegw4000000003m0000000009yv5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:02 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:02 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:02 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 92e59db7-001e-002b-6700-1799f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112402Z-1657d5bbd48jwrqbupe3ktsx9w00000003kg00000000b1gy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:02 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:02 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:02 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112402Z-1657d5bbd48f7nlxc7n5fnfzh00000000310000000009fd4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:02 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:03 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:03 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112403Z-1657d5bbd48vhs7r2p1ky7cs5w00000003m000000000h1rr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:03 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:03 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:03 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 6e15f9ce-e01e-0052-649d-18d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112403Z-1657d5bbd48hzllksrq1r6zsvs00000000hg0000000071vk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:03 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:03 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:03 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112403Z-1657d5bbd48t66tjar5xuq22r800000003e0000000004yft x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:03 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:03 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:03 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 11b227e2-601e-0002-7f6b-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112403Z-1657d5bbd48762wn1qw4s5sd300000000390000000008t42 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:03 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:03 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:03 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112403Z-1657d5bbd48qjg85buwfdynm5w00000003f000000000awtu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:03 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:04 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:04 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112404Z-1657d5bbd487nf59mzf5b3gk8n00000002z000000000c0sh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:04 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:04 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:04 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112404Z-1657d5bbd48tqvfc1ysmtbdrg0000000036000000000e0w2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:04 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:04 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:04 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 1be548a6-001e-00a2-4166-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112404Z-1657d5bbd482krtfgrg72dfbtn000000032000000000ebgu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:04 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:04 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:04 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5a5a1e5c-a01e-001e-18f5-1649ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112404Z-1657d5bbd48xsz2nuzq4vfrzg8000000038g000000009r7d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:04 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:04 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:04 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 678daa67-201e-00aa-3f60-173928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112404Z-1657d5bbd48f7nlxc7n5fnfzh00000000350000000000f3v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:04 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:05 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:05 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112405Z-1657d5bbd48q6t9vvmrkd293mg00000003fg000000001chn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:05 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:05 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:05 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112405Z-1657d5bbd48xdq5dkwwugdpzr000000003r00000000097s2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:05 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:05 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:05 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112405Z-1657d5bbd482lxwq1dp2t1zwkc000000037g0000000032q3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:05 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:05 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:05 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 04801829-801e-00ac-6301-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112405Z-1657d5bbd48tqvfc1ysmtbdrg0000000039g000000006r1s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:05 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:05 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:05 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112405Z-1657d5bbd482krtfgrg72dfbtn000000034g000000008wg6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:05 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:05 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:05 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112405Z-1657d5bbd48tnj6wmberkg2xy800000003kg000000002f1q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:06 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:06 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:06 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112406Z-1657d5bbd482lxwq1dp2t1zwkc000000036g000000005gru x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:06 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:06 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112406Z-1657d5bbd48tnj6wmberkg2xy800000003d000000000dq01 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:06 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:06 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:06 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 678513bd-b01e-0053-4460-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112406Z-1657d5bbd48dfrdj7px744zp8s000000034000000000an3x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:06 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:06 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 46a5aa72-701e-0032-6004-17a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112406Z-1657d5bbd48t66tjar5xuq22r800000003a000000000d00g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:06 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48qjg85buwfdynm5w00000003gg00000000830y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd482lxwq1dp2t1zwkc000000031g00000000f9zr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48gqrfwecymhhbfm8000000026g00000000ambf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48wd55zet5pcra0cg00000003fg0000000014x7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48xdq5dkwwugdpzr000000003tg000000003e3m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48xlwdx82gahegw4000000003m0000000009z2c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48tqvfc1ysmtbdrg000000003bg000000002aey x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48jwrqbupe3ktsx9w00000003mg000000008pgn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48q6t9vvmrkd293mg00000003a000000000d86g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:07 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:07 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112407Z-1657d5bbd48q6t9vvmrkd293mg00000003b000000000bq4d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:07 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:08 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:08 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: bfab55ab-401e-0015-6202-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112408Z-1657d5bbd48tnj6wmberkg2xy800000003m00000000015w7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:08 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:08 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:08 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112408Z-1657d5bbd482tlqpvyz9e93p5400000003g0000000007qpg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:08 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:08 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112408Z-1657d5bbd48gqrfwecymhhbfm8000000026g00000000amdn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:08 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:08 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112408Z-1657d5bbd48vhs7r2p1ky7cs5w00000003qg000000009mam x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:08 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:08 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:08 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112408Z-1657d5bbd48tqvfc1ysmtbdrg0000000035000000000eyzy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:08 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:09 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:09 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112409Z-1657d5bbd48tqvfc1ysmtbdrg0000000039g000000006r5x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:09 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:09 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:09 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 3c7823fd-401e-0015-0c60-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112409Z-1657d5bbd48lknvp09v995n7900000000310000000009m1n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:09 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:09 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:09 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112409Z-1657d5bbd48t66tjar5xuq22r800000003b000000000b0re x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:09 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:09 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:09 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112409Z-1657d5bbd48wd55zet5pcra0cg000000039g00000000e8k0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:09 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:09 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:09 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 488e22d8-201e-003c-6178-1830f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112409Z-1657d5bbd48hzllksrq1r6zsvs00000000q0000000004yqb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:09 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:10 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:10 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112410Z-1657d5bbd48xlwdx82gahegw4000000003k000000000bxwq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:10 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:10 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:10 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112410Z-1657d5bbd48brl8we3nu8cxwgn00000003r0000000008f4g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:10 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:10 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:10 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112410Z-1657d5bbd482krtfgrg72dfbtn000000033g00000000arac x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:10 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:10 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:10 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112410Z-1657d5bbd48dfrdj7px744zp8s000000033g00000000bvwb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:10 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:10 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:10 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112410Z-1657d5bbd48xdq5dkwwugdpzr000000003s0000000006rwf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:10 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48sdh4cyzadbb3748000000038g00000000772v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48jwrqbupe3ktsx9w00000003q000000000390b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48vhs7r2p1ky7cs5w00000003qg000000009me8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48xlwdx82gahegw4000000003pg000000003ns2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48f7nlxc7n5fnfzh000000002z000000000eg10 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48wd55zet5pcra0cg00000003bg000000009vyx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48jwrqbupe3ktsx9w00000003qg000000002563 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48q6t9vvmrkd293mg00000003bg00000000a5ag x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49876	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 6ed4a116-c01e-0034-079f-182af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48hzllksrq1r6zsvs00000000p0000000006hmw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:11 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:11 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112411Z-1657d5bbd48vlsxxpe15ac3q7n000000039000000000dxgz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:11 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49877	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:12 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:12 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112412Z-1657d5bbd48q6t9vvmrkd293mg00000003eg000000003qn3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:12 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:12 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:12 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112412Z-1657d5bbd48wd55zet5pcra0cg00000003fg00000000156q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:12 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:12 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:12 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112412Z-1657d5bbd48gqrfwecymhhbfm8000000025g00000000bqm0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:12 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:12 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:12 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: c7b66cba-b01e-005c-04ff-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112412Z-1657d5bbd48brl8we3nu8cxwgn00000003n000000000e9hr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:12 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:12 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:12 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 6bee43b5-001e-00a2-2106-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112412Z-1657d5bbd48xlwdx82gahegw4000000003n00000000078xt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:12 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:13 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:13 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112413Z-1657d5bbd48xdq5dkwwugdpzr000000003u00000000023k6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:13 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:13 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:13 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112413Z-1657d5bbd48cpbzgkvtewk0wu000000003eg00000000b9ng x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:13 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:13 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:13 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112413Z-1657d5bbd48sqtlf1huhzuwq700000000370000000002t20 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:13 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:13 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:13 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112413Z-1657d5bbd48t66tjar5xuq22r800000003b000000000b0xd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:13 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:13 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:13 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fcca05a5-501e-00a0-3202-179d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112413Z-1657d5bbd48vhs7r2p1ky7cs5w00000003p000000000cxh9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:13 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:14 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:14 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 31868579-401e-008c-0af2-1686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112414Z-1657d5bbd48jwrqbupe3ktsx9w00000003r0000000000ef7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:14 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:14 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:14 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: fbb49b00-e01e-00aa-4806-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112414Z-1657d5bbd48tqvfc1ysmtbdrg0000000035000000000ez66 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:14 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:14 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:14 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112414Z-1657d5bbd48xlwdx82gahegw4000000003hg00000000ctud x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:14 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:14 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:14 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112414Z-1657d5bbd48762wn1qw4s5sd30000000038g00000000a523 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:14 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:14 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:14 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112414Z-1657d5bbd48qjg85buwfdynm5w00000003k0000000003yge x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:14 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:15 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:15 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112415Z-1657d5bbd48dfrdj7px744zp8s000000033000000000c5ts x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:15 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:15 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:15 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112415Z-1657d5bbd48vlsxxpe15ac3q7n000000039000000000dxqd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:15 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:15 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:15 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112415Z-1657d5bbd48tqvfc1ysmtbdrg000000003ag000000004pb1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:15 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:15 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:15 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 4d5cca78-701e-0021-6ae5-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112415Z-1657d5bbd48qjg85buwfdynm5w00000003dg00000000e2sc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:15 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:15 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:15 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112415Z-1657d5bbd487nf59mzf5b3gk8n00000003100000000099qw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:15 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:15 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:15 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 635e2ff4-801e-0035-1973-17752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112415Z-1657d5bbd48762wn1qw4s5sd30000000039g0000000076bp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:15 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:15 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112416Z-1657d5bbd48q6t9vvmrkd293mg00000003f0000000002k1r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:15 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:15 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112415Z-1657d5bbd48xdq5dkwwugdpzr000000003qg00000000aq69 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:16 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112416Z-1657d5bbd48tqvfc1ysmtbdrg000000003b0000000003fsk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:16 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:16 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112416Z-1657d5bbd4824mj9d6vp65b6n400000003fg00000000h341 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:16 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:16 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112416Z-1657d5bbd48dfrdj7px744zp8s000000034000000000anh5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:16 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112416Z-1657d5bbd482lxwq1dp2t1zwkc000000032g00000000dznp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:16 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112416Z-1657d5bbd48lknvp09v995n79000000003500000000000gq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:16 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:16 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112416Z-1657d5bbd48lknvp09v995n790000000034g0000000017tt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:16 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:16 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112416Z-1657d5bbd482krtfgrg72dfbtn000000034g000000008x1d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:16 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:17 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:17 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112417Z-1657d5bbd48vhs7r2p1ky7cs5w00000003ng00000000dtx1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:17 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49909	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:17 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:17 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112417Z-1657d5bbd48sqtlf1huhzuwq700000000380000000000e7n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:17 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49912	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:17 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:17 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112417Z-1657d5bbd482krtfgrg72dfbtn000000034g000000008x27 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:17 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49911	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:17 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:17 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112417Z-1657d5bbd48qjg85buwfdynm5w00000003hg00000000591n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:17 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:17 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:17 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112417Z-1657d5bbd48xsz2nuzq4vfrzg800000003a0000000005gds x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:17 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49914	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:18 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:18 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112418Z-1657d5bbd48qjg85buwfdynm5w00000003h0000000006eyy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:18 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49915	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:18 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:18 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 9ee449bf-c01e-0079-5e9f-18e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112418Z-1657d5bbd48hzllksrq1r6zsvs00000000mg000000007kvc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:18 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	49913	142.250.186.110	443	7832	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:18 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1416 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=UwKxF1J0Ty-rCTFpiJigHwx9qSYUjdENylT2S5EBu-d7HIQNmkiBrs4abkKIikW5MuMg8y8ds6lU-LU8nv4jiRSmeAnRyNtpYQ1RYL_SOj8r5MNcOIINVzxGlKqjlDWV01cqxRWVKHaXdZjqwunWYK87d5fkyKvT0B_we7awexcXtsvmvVa4I2zfww
2024-10-07 11:24:18 UTC	1416	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 30 30 32 35 36 34 30 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728300256404",null,null,null
2024-10-07 11:24:18 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 11:24:18 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 11:24:18 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 11:24:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49916	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:18 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112418Z-1657d5bbd48gqrfwecymhhbfm8000000023g00000000gt93 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49917	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:18 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:18 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 2d26e6ec-001e-0066-1e78-18561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112418Z-1657d5bbd48hzllksrq1r6zsvs00000000g0000000007096 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:18 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49918	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:18 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:18 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112418Z-1657d5bbd48f7nlxc7n5fnfzh000000002y000000000frfb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:18 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49919	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48q6t9vvmrkd293mg00000003dg0000000061f3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49921	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 770fdf22-501e-0035-0d02-17c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48f7nlxc7n5fnfzh000000002z000000000egm2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49922	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: c55b1dc3-701e-0097-42e9-16b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48sdh4cyzadbb374800000003a00000000046t1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	49920	13.107.246.45	443	7832	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: b1fbfe33-a01e-003d-4fd4-1698d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48dfrdj7px744zp8s000000035g0000000072pd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49923	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 4543d13f-701e-0050-5a04-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd482tlqpvyz9e93p5400000003d000000000ccsk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49925	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: 961c0255-701e-005c-1406-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48gqrfwecymhhbfm8000000027g000000008a1x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49924	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: fba86ca6-e01e-00aa-5200-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48dfrdj7px744zp8s000000035g0000000072x6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49926	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule700150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE54CA33F" x-ms-request-id: 401481e1-301e-0099-6a5a-176683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48qjg85buwfdynm5w00000003m00000000020kd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49927	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule703451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:19 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC438CF" x-ms-request-id: 7cb43a82-e01e-0033-45fe-164695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48tqvfc1ysmtbdrg000000003bg000000002b5s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:19 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49928	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	192	OUT	GET /rules/rule703450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 11:24:20 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 11:24:19 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6669CA7" x-ms-request-id: 9139889b-001e-0079-22f3-1612e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T112419Z-1657d5bbd48xdq5dkwwugdpzr000000003u00000000023wx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 11:24:20 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	49929	142.250.186.110	443	7832	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 11:24:19 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1159 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=UwKxF1J0Ty-rCTFpiJigHwx9qSYUjdENylT2S5EBu-d7HIQNmkiBrs4abkKIikW5MuMg8y8ds6lU-LU8nv4jiRSmeAnRyNtpYQ1RYL_SOj8r5MNcOIINVzxGlKqjlDWV01cqxRWVKHaXdZjqwunWYK87d5fkyKvT0B_we7awexcXtsvmvVa4I2zfww
2024-10-07 11:24:19 UTC	1159	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 30 30 32 35 38 33 37 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728300258372",null,null,null
2024-10-07 11:24:20 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 11:24:20 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 11:24:20 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 11:24:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xeb0000
File size:	919'040 bytes
MD5 hash:	6D09B95CC7D01AFE4997AF5E6E550580
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x7d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x7d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x7d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x7d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:23:00
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	07:23:01
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x7d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	07:23:01
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:23:02
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	07:23:02
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	07:23:14
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	07:23:14
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1936,i,4378290034050703555,17962560962937059959,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.5%
Total number of Nodes:	1646
Total number of Limit Nodes:	66

Executed Functions

Function 00EB42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00EB430D

Part of subcall function 00EB6B57: _wcslen.LIBCMT ref: 00EB6B6A

GetCurrentProcess.KERNEL32(?,00F4CB64,00000000,?,?), ref: 00EB4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00EB4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00EB4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00EB4466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00EB4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00EB447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00EB44A0

Strings

kernel32.dll, xrefs: 00EB444F
GetNativeSystemInfo, xrefs: 00EB4460
|O, xrefs: 00EF36F8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 634d9e2fb9a655a6c9fae9f748d9eb5fc22cc0e77a62d4d291aa9d9ab229ce17
Instruction ID: 689bf5a2e02b77920906a5ace3cc22245b76037777ef65e254349ffb6dbd2f79
Opcode Fuzzy Hash: 634d9e2fb9a655a6c9fae9f748d9eb5fc22cc0e77a62d4d291aa9d9ab229ce17
Instruction Fuzzy Hash: D7A1B6B590A2CCDFC722D7B97C411F67FEC7B36704B086AA9D481A3A62D2604506FB61

Function 00EB42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00EB50AA,?,?,00000000,00000000), ref: 00EB42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00EB50AA,?,?,00000000,00000000), ref: 00EB42C9
LoadResource.KERNEL32(?,00000000,?,?,00EB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00EB4F20), ref: 00EF35BE
SizeofResource.KERNEL32(?,00000000,?,?,00EB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00EB4F20), ref: 00EF35D3
LockResource.KERNEL32(00EB50AA,?,?,00EB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00EB4F20,?), ref: 00EF35E6

Strings

SCRIPT, xrefs: 00EB42BF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 3558b38ba0e38668b9f97ae596dc1ade0bcb48bb581d7f4bfdc2f187ef6b95f9
Instruction ID: 4140d2c7af929dd023135617062be0c9699a12a50728f813bc76900733069425
Opcode Fuzzy Hash: 3558b38ba0e38668b9f97ae596dc1ade0bcb48bb581d7f4bfdc2f187ef6b95f9
Instruction Fuzzy Hash: 9911CEB4201704BFE7219FA5DC49F677BB9EBC6B51F104169F802E62A0DBB1DC00A660

Function 00F1DBBE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,"R), ref: 00F1DBCE
GetFileAttributesW.KERNELBASE(?), ref: 00F1DBDD
FindFirstFileW.KERNEL32(?,?), ref: 00F1DBEE
FindClose.KERNEL32(00000000), ref: 00F1DBFA

Strings

"R, xrefs: 00F1DBCA

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID: "R
API String ID: 2695905019-1746183819
Opcode ID: 72adc52f4b305e968ff592eecb68b3e1f361d6df44fa514e562b4cb7263aa879
Instruction ID: 21e71461e2d2a0f44cb356eca37071c6d34f14828e529a6f45db59b5b3afd06e
Opcode Fuzzy Hash: 72adc52f4b305e968ff592eecb68b3e1f361d6df44fa514e562b4cb7263aa879
Instruction Fuzzy Hash: 3BF0E53981191857C2206B7CAC0D8EA377C9E42334B105B02FD36C20F0EBF15E94E6D5

Function 00EF2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00EB2B6B

Part of subcall function 00EB3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F81418,?,00EB2E7F,?,?,?,00000000), ref: 00EB3A78

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00F72224), ref: 00EF2C10
ShellExecuteW.SHELL32(00000000,?,?,00F72224), ref: 00EF2C17

Strings

runas, xrefs: 00EF2C0B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: a4eb8343b6d47d7a905e27d49f926cb321b7424eb341a25356e0de02f6080e02
Instruction ID: b4ada2b7892d31cc81edcd7779f7a9f35e0e3ab731c5afc6abf1c87ed8ec8d54
Opcode Fuzzy Hash: a4eb8343b6d47d7a905e27d49f926cb321b7424eb341a25356e0de02f6080e02
Instruction Fuzzy Hash: 62118E312083056AC705FF70D8929FFBBE8AF91700F44352DB686620A3DF20854AA752

Function 00ED4CE8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00EE28E9,(,00ED4CBE,00000000,00F788B8,0000000C,00ED4E15,(,00000002,00000000,?,00EE28E9,00000003,00EE2DF7,?,?), ref: 00ED4D09
TerminateProcess.KERNEL32(00000000,?,00EE28E9,00000003,00EE2DF7,?,?,?,00EDE6D1,?,00F78A48,00000010,00EB4F4A,?,?,00000000), ref: 00ED4D10
ExitProcess.KERNEL32 ref: 00ED4D22

Strings

(, xrefs: 00ED4CEA

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID: (
API String ID: 1703294689-2063206799
Opcode ID: 1f28e4040ee5d981ef29868c6fe90c3e55105760571915d3988952f00cc3e06d
Instruction ID: 98567dea9eb942c7cd2664008e0bfb6c4129b0bccee8244e3de184b51e8add9b
Opcode Fuzzy Hash: 1f28e4040ee5d981ef29868c6fe90c3e55105760571915d3988952f00cc3e06d
Instruction Fuzzy Hash: F1E0B6B500118CABCF61AF64DD09A583B6AEB62785B146015FC05AB2A2CB35DD42DA80

Function 00F3A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00F3A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00F3A6BA

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Process32NextW.KERNEL32(00000000,?), ref: 00F3A79C
CloseHandle.KERNELBASE(00000000), ref: 00F3A7AB

Part of subcall function 00ECCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00EF3303,?), ref: 00ECCE8A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: e34d559652e187f412c6de18bea5752b2371627a16cce710c35b109fd4aa86b1
Instruction ID: 4db10e18274411efdc88788c1a881ff91b308b663f2988befcfd4e1dd3b35baa
Opcode Fuzzy Hash: e34d559652e187f412c6de18bea5752b2371627a16cce710c35b109fd4aa86b1
Instruction Fuzzy Hash: E8515C71508300AFD714EF24C886E6BBBE8FF89754F00592DF985A7292EB35D905CB92

Function 00F3AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00F3B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F3B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F3B1D4
_wcslen.LIBCMT ref: 00F3B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F3B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F3B236
_wcslen.LIBCMT ref: 00F3B332

Part of subcall function 00F205A7: GetStdHandle.KERNEL32(000000F6), ref: 00F205C6

_wcslen.LIBCMT ref: 00F3B34B
_wcslen.LIBCMT ref: 00F3B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F3B3B6
GetLastError.KERNEL32(00000000), ref: 00F3B407
CloseHandle.KERNEL32(?), ref: 00F3B439
CloseHandle.KERNEL32(00000000), ref: 00F3B44A
CloseHandle.KERNEL32(00000000), ref: 00F3B45C
CloseHandle.KERNEL32(00000000), ref: 00F3B46E
CloseHandle.KERNEL32(?), ref: 00F3B4E3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: ffac67580e307ca0af258cc2db07354fc8511e421411fdb2ce019ab2cc87618c
Instruction ID: 8598544fc7dcc8434203eae12334522dcb1f8a0eab48bf282f57ab4243a585e9
Opcode Fuzzy Hash: ffac67580e307ca0af258cc2db07354fc8511e421411fdb2ce019ab2cc87618c
Instruction Fuzzy Hash: 32F1A071A083409FC724EF24C8A1B6FBBE5AF85320F14855DF9959B2A2CB31EC45DB52

Function 00EBD730 Relevance: 21.6, APIs: 14, Instructions: 624windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00EBD807
timeGetTime.WINMM ref: 00EBDA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EBDB28
TranslateMessage.USER32(?), ref: 00EBDB7B
DispatchMessageW.USER32(?), ref: 00EBDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EBDB9F
Sleep.KERNELBASE(0000000A), ref: 00EBDBB1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 2b98e8892882695e0bd106fb2d6f867593d03e040b62c0a3de1b0d4050bf2d70
Instruction ID: ea6ba25b8f8a9bd09933bc074a35d9c4c4262dfc5b85ad1b918bbfd6e736380e
Opcode Fuzzy Hash: 2b98e8892882695e0bd106fb2d6f867593d03e040b62c0a3de1b0d4050bf2d70
Instruction Fuzzy Hash: 92420370608245DFD729CF24CC88BEBBBE0BF85314F14961DE855A7291E7B4E844EB92

Function 00EB2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00EB2D07
RegisterClassExW.USER32(00000030), ref: 00EB2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00EB2D42
InitCommonControlsEx.COMCTL32(?), ref: 00EB2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00EB2D6F
LoadIconW.USER32(000000A9), ref: 00EB2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00EB2D94

Strings

+, xrefs: 00EB2CF0
AutoIt v3 GUI, xrefs: 00EB2D23
0, xrefs: 00EB2CE9
TaskbarCreated, xrefs: 00EB2D37

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 141f807468c2da49a4ccb27eb15eef85e3085aa534f617c0b533b75e31141770
Instruction ID: 215f5f8c72329d1be9c5a13811d15df2210fc13253beb6a9aa922502f0a1751a
Opcode Fuzzy Hash: 141f807468c2da49a4ccb27eb15eef85e3085aa534f617c0b533b75e31141770
Instruction Fuzzy Hash: EC21C4B591231CAFDB40DFA4EC49BEDBBB8FB09700F00521AF911A62A0D7B54545EF91

Function 00EF065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF039A: CreateFileW.KERNELBASE(00000000,00000000,?,00EF0704,?,?,00000000,?,00EF0704,00000000,0000000C), ref: 00EF03B7

GetLastError.KERNEL32 ref: 00EF076F
__dosmaperr.LIBCMT ref: 00EF0776
GetFileType.KERNELBASE(00000000), ref: 00EF0782
GetLastError.KERNEL32 ref: 00EF078C
__dosmaperr.LIBCMT ref: 00EF0795
CloseHandle.KERNEL32(00000000), ref: 00EF07B5
CloseHandle.KERNEL32(?), ref: 00EF08FF
GetLastError.KERNEL32 ref: 00EF0931
__dosmaperr.LIBCMT ref: 00EF0938

Strings

H, xrefs: 00EF08BD

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 0fd3f4160be89a7b6c98cdf89f8e61a1f98d9af762d7dd07d7c2554c6a91c6d9
Instruction ID: 1b0720d535d361b44af03c69cd90fd0324c541a50fc79c707a0d21c5e4f589d4
Opcode Fuzzy Hash: 0fd3f4160be89a7b6c98cdf89f8e61a1f98d9af762d7dd07d7c2554c6a91c6d9
Instruction Fuzzy Hash: 88A13332A0010C8FDF19EF68D851BBE7BE0EB46324F14515AF915AB3E2DA318912DB91

Function 00EB344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EB3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00F81418,?,00EB2E7F,?,?,?,00000000), ref: 00EB3A78

Part of subcall function 00EB3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00EB3379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00EB356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00EF318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00EF31CE
RegCloseKey.ADVAPI32(?), ref: 00EF3210
_wcslen.LIBCMT ref: 00EF3277
_wcslen.LIBCMT ref: 00EF3286

Strings

Include, xrefs: 00EF3184, 00EF31C5
\Include\, xrefs: 00EB3527
\, xrefs: 00EF328C
Software\AutoIt v3\AutoIt, xrefs: 00EB3560

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 2dada09d7b3a781d4089910428dd53c0a7773848475a02868a15e243e9017236
Instruction ID: d8cdf7e6f544871c2a1bcab5f89ada807861a2de253cb2be4b61395046957946
Opcode Fuzzy Hash: 2dada09d7b3a781d4089910428dd53c0a7773848475a02868a15e243e9017236
Instruction Fuzzy Hash: 7271C1714053089EC354EF69EC929EBBBE8FF85740F40242EF545A31B1EB34AA48DB52

Function 00EB2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00EB2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00EB2B9D
LoadIconW.USER32(00000063), ref: 00EB2BB3
LoadIconW.USER32(000000A4), ref: 00EB2BC5
LoadIconW.USER32(000000A2), ref: 00EB2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00EB2BEF
RegisterClassExW.USER32(?), ref: 00EB2C40

Part of subcall function 00EB2CD4: GetSysColorBrush.USER32(0000000F), ref: 00EB2D07
Part of subcall function 00EB2CD4: RegisterClassExW.USER32(00000030), ref: 00EB2D31
Part of subcall function 00EB2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00EB2D42
Part of subcall function 00EB2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00EB2D5F
Part of subcall function 00EB2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00EB2D6F
Part of subcall function 00EB2CD4: LoadIconW.USER32(000000A9), ref: 00EB2D85
Part of subcall function 00EB2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00EB2D94

Strings

AutoIt v3, xrefs: 00EB2C2F
0, xrefs: 00EB2C0F
#, xrefs: 00EB2C16

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 20b1e53f7455c173b7cbd27635ca45c58892eb18f87f233954ecd84508ba9b12
Instruction ID: f93a0e91f95151d641a8967962cf6398220d35847ffa353ea296a0a4ecef529d
Opcode Fuzzy Hash: 20b1e53f7455c173b7cbd27635ca45c58892eb18f87f233954ecd84508ba9b12
Instruction Fuzzy Hash: 10212974E0131CABDB109FA5EC55AEE7FB8FB48B50F04021AEA00A66A0D7B10541EF90

Function 00EB3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00EB316A,?,?), ref: 00EB31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00EB316A,?,?), ref: 00EB3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00EB3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00EB316A,?,?), ref: 00EB3232
CreatePopupMenu.USER32 ref: 00EB3246
PostQuitMessage.USER32(00000000), ref: 00EB3267

Strings

TaskbarCreated, xrefs: 00EB322D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 896bd1ecacf9c4f9d1c13f5f02974bee687d736c6c686ae27449c62a6f4a69ea
Instruction ID: a75f8faa518f12c0df4480a7cb920c176ae529a78108554e8672914d45ef3b5c
Opcode Fuzzy Hash: 896bd1ecacf9c4f9d1c13f5f02974bee687d736c6c686ae27449c62a6f4a69ea
Instruction Fuzzy Hash: AE41273524120CA7DB152B78DC0FBFB3A5DFB06304F043229FA41B62A2CB718A41B7A1

Function 00EB1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00EB1459
CoUninitialize.COMBASE ref: 00EB14F8
UnregisterHotKey.USER32(?), ref: 00EB16DD
DestroyWindow.USER32(?), ref: 00EF24B9
FreeLibrary.KERNEL32(?), ref: 00EF251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00EF254B

Strings

close all, xrefs: 00EB1454

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 2527128ddf870587aadae7ee66fa091ea397dc770ff54137d0b525eeff8e4031
Instruction ID: 8214ff66873025b99e022240441404dee6ba16e97eadce01dd9e449479beae43
Opcode Fuzzy Hash: 2527128ddf870587aadae7ee66fa091ea397dc770ff54137d0b525eeff8e4031
Instruction Fuzzy Hash: 12D18F31702212CFCB19DF14C4A5BAAF7A0BF05714F5561ADEA4A7B252CB31AD12CF91

Function 00EB2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00EB2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00EB2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00EB1CAD,?), ref: 00EB2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00EB1CAD,?), ref: 00EB2CCF

Strings

AutoIt v3, xrefs: 00EB2C89, 00EB2C8E, 00EB2C8F
edit, xrefs: 00EB2CAC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: 3d117b5dca2aa460c24996979a4f2ae5606b5856624b62471c6000c4a53fcdcf
Instruction ID: d0d5960dba6579fa8c16f50c085354401a2ddeb5ccd423d35bfc49618f8d2ca0
Opcode Fuzzy Hash: 3d117b5dca2aa460c24996979a4f2ae5606b5856624b62471c6000c4a53fcdcf
Instruction Fuzzy Hash: 8DF0DA756413987AEB711717AC08EB73EBDE7C7F50B00115AF900A35A0C6761852FBB0

Function 00EB3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00EB3B0F,SwapMouseButtons,00000004,?), ref: 00EB3B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00EB3B0F,SwapMouseButtons,00000004,?), ref: 00EB3B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00EB3B0F,SwapMouseButtons,00000004,?), ref: 00EB3B83

Strings

Control Panel\Mouse, xrefs: 00EB3B3E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: e023fb4b96248455d1607a36542fffe705e7baa1d149778f65dd84d1b8f549ea
Instruction ID: 83660b4d20b37f74a03c96d70ca2a04d5f56cc725077ec96350d9ad9e2cb2e07
Opcode Fuzzy Hash: e023fb4b96248455d1607a36542fffe705e7baa1d149778f65dd84d1b8f549ea
Instruction Fuzzy Hash: 3E115AB5511208FFDB218FA8DC85AEFBBB8EF01744B105559A801E7114D6319E40A7A0

Function 00EB3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00EF33A2

Part of subcall function 00EB6B57: _wcslen.LIBCMT ref: 00EB6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EB3A04

Strings

Line: , xrefs: 00EF33EB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: adb12eda72c8c4a9ee92b1e728b5c049c95f156a7735f6fff9c186ffe06f792c
Instruction ID: 6045f32074c47cbb97bc58cb0fa4205d8f4ab782521896150188a6c8d2be4aa0
Opcode Fuzzy Hash: adb12eda72c8c4a9ee92b1e728b5c049c95f156a7735f6fff9c186ffe06f792c
Instruction Fuzzy Hash: 2F31F671408304ABD325EB20DC46BEBB7DCAB84714F10662AF599A3191EF709649C7C2

Function 00ECFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00ED0668

Part of subcall function 00ED32A4: RaiseException.KERNEL32(?,?,?,00ED068A,?,00F81444,?,?,?,?,?,?,00ED068A,00EB1129,00F78738,00EB1129), ref: 00ED3304

__CxxThrowException@8.LIBVCRUNTIME ref: 00ED0685

Strings

Unknown exception, xrefs: 00ED0692

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: bd1fd29525a7b9ecc0d8054f586bded8493e2d1a9869fabaec8dcd8bf728c4c5
Instruction ID: 5d31bda138b6da59d4729694a618882c6c3212ee9d9ae61ed47ff9040b8dace6
Opcode Fuzzy Hash: bd1fd29525a7b9ecc0d8054f586bded8493e2d1a9869fabaec8dcd8bf728c4c5
Instruction Fuzzy Hash: 12F0A434900209778B00B674E84AE9D7BADDE00354B645137B828B6AD1EF71DA178582

Function 00EB10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00EB1BF4
Part of subcall function 00EB1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00EB1BFC
Part of subcall function 00EB1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00EB1C07
Part of subcall function 00EB1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00EB1C12
Part of subcall function 00EB1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00EB1C1A
Part of subcall function 00EB1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00EB1C22

Part of subcall function 00EB1B4A: RegisterWindowMessageW.USER32(00000004,?,00EB12C4), ref: 00EB1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00EB136A
OleInitialize.OLE32 ref: 00EB1388
CloseHandle.KERNEL32(00000000,00000000), ref: 00EF24AB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 40a2e4ecc230ce646dcacc6325038efc4277a4aeeead0011d9a6372e9f45b073
Instruction ID: 5b3d96eed5c1d421c2e59fa915df14f6a2db52b46f3d3e0bdcaeab7f75f6ed34
Opcode Fuzzy Hash: 40a2e4ecc230ce646dcacc6325038efc4277a4aeeead0011d9a6372e9f45b073
Instruction Fuzzy Hash: F6719CB49012088EC784EF79ED566F63AE8BB89354758932AD40ADB262EB304447FF45

Function 00F1C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00EB3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00F1C259
KillTimer.USER32(?,00000001,?,?), ref: 00F1C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F1C270

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: ff38fc3a9851a3b0c577bff00362cbc1588a2c4447515eb9133ed9c3576855b7
Instruction ID: 89c3beef2b5285e77e88eccfc3f0020a101ccf81a3fa0456a193793e32c67406
Opcode Fuzzy Hash: ff38fc3a9851a3b0c577bff00362cbc1588a2c4447515eb9133ed9c3576855b7
Instruction Fuzzy Hash: 6E31C371944384AFEB328F648855BEBBBECAB17304F00149ED6DAA3241C7745AC5EF91

Function 00EE86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00EE85CC,?,00F78CC8,0000000C), ref: 00EE8704
GetLastError.KERNEL32(?,00EE85CC,?,00F78CC8,0000000C), ref: 00EE870E
__dosmaperr.LIBCMT ref: 00EE8739

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: ca1942bee5b1f77918cd963e02d86da6bb6312ad99c06c22486983c793a80a3d
Instruction ID: 056b74ed9e917358f23b678a713d47ffed8002ad4aea595cc182440883e48263
Opcode Fuzzy Hash: ca1942bee5b1f77918cd963e02d86da6bb6312ad99c06c22486983c793a80a3d
Instruction Fuzzy Hash: 48016B336052EC16D26062366A4577E77898B8277CF39311AF81CFB1D2DEA08C818290

Function 00EBDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00EBDB7B
DispatchMessageW.USER32(?), ref: 00EBDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00EBDB9F
Sleep.KERNELBASE(0000000A), ref: 00EBDBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00F01CC9

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: b709d21ea70d258b5a0032a01f4cf5feda32e5163109b04effd2bf1933ad6a0f
Instruction ID: cea17bd176af1b57d3fb1f71a6d1f545b7f0f06881928deec4eb241262f690cb
Opcode Fuzzy Hash: b709d21ea70d258b5a0032a01f4cf5feda32e5163109b04effd2bf1933ad6a0f
Instruction Fuzzy Hash: 02F05E306493449BEB74CB608C89FEB77ACFB45314F105628E60AA30D0EB309489AB65

Function 00EC1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00EC17F6

Strings

CALL, xrefs: 00EC17C6

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 78130f49761059cf5592cc55d757d8a436160b737fe4ca032c91cbdabaffeef9
Instruction ID: 98aaae104f7b82b83b241fe395092ddab22018dbbeca4b2d11cb121d87159f45
Opcode Fuzzy Hash: 78130f49761059cf5592cc55d757d8a436160b737fe4ca032c91cbdabaffeef9
Instruction Fuzzy Hash: 20227C706082419FC714DF14C980F6ABBF1BF86314F18995DF496AB3A2D732E852DB92

Function 00EB2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00EF2C8C

Part of subcall function 00EB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EB3A97,?,?,00EB2E7F,?,?,?,00000000), ref: 00EB3AC2

Part of subcall function 00EB2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00EB2DC4

Strings

X, xrefs: 00EF2C5A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: a7d63c142e50d8ed700166a2fae19c883b6707aa9d83c182932623a64c3163f1
Instruction ID: 28f85245bc5b5f4e6c6ab80208d4dfa1c667f8b181f7975dec0a9803cb5538ad
Opcode Fuzzy Hash: a7d63c142e50d8ed700166a2fae19c883b6707aa9d83c182932623a64c3163f1
Instruction Fuzzy Hash: 16219371A0025C9FDB01DF94C845BEE7BF8AF49304F00905AE609F7241DBB49A499FA1

Function 00EB3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00EB3908

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 0023cabf02f88cae5b72686c853d78f9702fe9f148a39ee1880993159897fcc5
Instruction ID: d7d84ee05da531c20b32fc5663f3dc75480caf294fe5f70c3e53dd402d85f22a
Opcode Fuzzy Hash: 0023cabf02f88cae5b72686c853d78f9702fe9f148a39ee1880993159897fcc5
Instruction Fuzzy Hash: 2831B1705043059FD320DF34D8857E7BBE8FB49308F00092EF69993290E771AA44DB92

Function 00ECF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00ECF661

Part of subcall function 00EBD730: GetInputState.USER32 ref: 00EBD807

Sleep.KERNEL32(00000000), ref: 00F0F2DE

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 8118881efa8996b50c8b160dbc934aa2d3c53c1e8a84be8abb132b2b99d8d6b5
Instruction ID: 8765a33f6d90b4665852d60194235eaa3ea37533a2f0445558c1172c5df011c1
Opcode Fuzzy Hash: 8118881efa8996b50c8b160dbc934aa2d3c53c1e8a84be8abb132b2b99d8d6b5
Instruction Fuzzy Hash: 87F0A7352402059FD350EF75D445F9AB7E9FF55760F001029E85AD7361DB70A800DB91

Function 00EBB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00EBBB4E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 13d193dbcac92253f32fb47698919c5139e72f2a87bd18c468cdfd64c0a41a27
Instruction ID: a27a27b236b537376042caf9d3961e655ff14f969f52dc1f5d6ac503c5e3f5ba
Opcode Fuzzy Hash: 13d193dbcac92253f32fb47698919c5139e72f2a87bd18c468cdfd64c0a41a27
Instruction Fuzzy Hash: 3C329B31A04209DFDB24CF54C894BFEB7B9EF44314F189069E905BB2A1CBB5AD41EB91

Function 00EB4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EB4EDD,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4E9C
Part of subcall function 00EB4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00EB4EAE
Part of subcall function 00EB4E90: FreeLibrary.KERNEL32(00000000,?,?,00EB4EDD,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4EFD

Part of subcall function 00EB4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EF3CDE,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4E62
Part of subcall function 00EB4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00EB4E74
Part of subcall function 00EB4E59: FreeLibrary.KERNEL32(00000000,?,?,00EF3CDE,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4E87

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 31d51a5b5b808c15f51126899a0bdfb4fb8d68e4b83741d1aa42b79e8c129269
Instruction ID: 10b7dacd4d69e5afc00e74cfcb5cbef98699604149abac0d5e482e604df77d5a
Opcode Fuzzy Hash: 31d51a5b5b808c15f51126899a0bdfb4fb8d68e4b83741d1aa42b79e8c129269
Instruction Fuzzy Hash: DC11C172700205AACB14BB64DD02BFE77E5AF40B10F10A42AF542BB1D2EEB0DA459B90

Function 00EE8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00EE8440

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 57879157ca4b86cd5cb6062eccba1b2165c0592962d5d39b13f7ad48038d2782
Instruction ID: d6fc8212e219d6be2249333e13f2f772ac1a432589f3d76446c690e8ce5c6df8
Opcode Fuzzy Hash: 57879157ca4b86cd5cb6062eccba1b2165c0592962d5d39b13f7ad48038d2782
Instruction Fuzzy Hash: F011187590410EAFCB05DF59E9419EE7BF5EF48314F104059F818AB352DA31DA11CBA5

Function 00EE5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00EE4C7D: RtlAllocateHeap.NTDLL(00000008,00EB1129,00000000,?,00EE2E29,00000001,00000364,?,?,?,00EDF2DE,00EE3863,00F81444,?,00ECFDF5,?), ref: 00EE4CBE

_free.LIBCMT ref: 00EE506C

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: 963d3d8914faf2a72cc941b6525f9b1aa7ccf0c8759e919af123ad23492daf39
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: C90126732047486BE3218E669885A9AFBECFB89374F25051DF194A32C0EA70A905C6B4

Function 00F429BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,00F414B5,?), ref: 00F42A01

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 382ec36a4a3e82eb92c24bbb6fcf773dfdec3233ecd27ede2cdcb0a7546f1acb
Instruction ID: 83ac06d729f9728c7ae2ecaae0e95dc055053a36742e88cf6ec9083ca63258e2
Opcode Fuzzy Hash: 382ec36a4a3e82eb92c24bbb6fcf773dfdec3233ecd27ede2cdcb0a7546f1acb
Instruction Fuzzy Hash: 7D01B5367006419FD3A4CA2CC494B223B92EF85324FA98478EC478B251D73AEC42E7A0

Function 00EDE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: abd21c0fde4d2215804bf7c06b2e90c166ff3798f4b18d56d579138c9b0c2cd8
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 93F0F432510A1896D6313A6A8D09B9A33DCDF92338F10275BF535BA3D2DB74E80386A5

Function 00EE4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00EB1129,00000000,?,00EE2E29,00000001,00000364,?,?,?,00EDF2DE,00EE3863,00F81444,?,00ECFDF5,?), ref: 00EE4CBE

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c5b722fd0a9fba6b57b700303c22422c79b11c8264991448b2d726afc198e52f
Instruction ID: 219751c1f2bb5334159d7f1d946fabb45fe898be1143441d1173c1907570e5c5
Opcode Fuzzy Hash: c5b722fd0a9fba6b57b700303c22422c79b11c8264991448b2d726afc198e52f
Instruction Fuzzy Hash: 49F0967160216C67EB215F639C05F56B7C8AB51764B387112A815B76D1CA30D80196D0

Function 00EE3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00F81444,?,00ECFDF5,?,?,00EBA976,00000010,00F81440,00EB13FC,?,00EB13C6,?,00EB1129), ref: 00EE3852

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 47b5d040fa68b372001340d9464dfa021331003f2f14c0c677175929582c985c
Instruction ID: 188703db140547998a88b0c9c7abd40d204ffbeb91fcf356e4a6dbc6b0aeb74d
Opcode Fuzzy Hash: 47b5d040fa68b372001340d9464dfa021331003f2f14c0c677175929582c985c
Instruction Fuzzy Hash: 5DE0E5311016AC67D63526779C09BDA37C8EB827B4F153322BC05B75D1CB20DD0282E8

Function 00EB4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4F6D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: a860c01cdd40a82cfd3b5179b1d4111227648ae3c9e80b2e1c6ae596194f9c1e
Instruction ID: f180ed2d737033c45faf1af5a5abc8d20736903a8f4c2a9d4719669a39cf1241
Opcode Fuzzy Hash: a860c01cdd40a82cfd3b5179b1d4111227648ae3c9e80b2e1c6ae596194f9c1e
Instruction Fuzzy Hash: 18F085B0205312CFDB349F60D4908A3BBE0FF10329320A96EE1EAA3662C7319844DF00

Function 00F42A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00F42A66

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: c9f1d541b68b065369d4613127690e9f89c63eddb5913a22b6849f196fe3d02f
Instruction ID: 023cd4a9c766c43ce813ae02799ba395ed42cb11052760bc6e9812ee0474333d
Opcode Fuzzy Hash: c9f1d541b68b065369d4613127690e9f89c63eddb5913a22b6849f196fe3d02f
Instruction Fuzzy Hash: 10E0DF3635012AAAC790EA30EC849FA775CEB603917404436BC1AC3100DF389A82A2E0

Function 00EB30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00EB314E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 5c17722e869913ecf12c3d0ba4b0ae2b2b1a41fe53e026b948f38c5fda016063
Instruction ID: 0126515c37b4fcc2187a21bde7a2ebfa32886226eb7ce5259d397ff39c3247c5
Opcode Fuzzy Hash: 5c17722e869913ecf12c3d0ba4b0ae2b2b1a41fe53e026b948f38c5fda016063
Instruction Fuzzy Hash: FFF037709143189FE752DB24DC467E67BFCB70170CF0001E9A648A6291D7745789DF51

Function 00EB2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00EB2DC4

Part of subcall function 00EB6B57: _wcslen.LIBCMT ref: 00EB6B6A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 9aec8c6be4978e0c393a7dd453479a3603b39565ac6391bf6a0b614d6833ad9b
Instruction ID: 88870b110a7cfefd3954a40469cf1cb1080822435b7372a2d520faa89aada20a
Opcode Fuzzy Hash: 9aec8c6be4978e0c393a7dd453479a3603b39565ac6391bf6a0b614d6833ad9b
Instruction Fuzzy Hash: B6E0CD766011285BC71092589C05FEA77EDDFC8790F0500B1FD09E7248D9A4AD808590

Function 00EB2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00EB3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00EB3908

Part of subcall function 00EBD730: GetInputState.USER32 ref: 00EBD807

SetCurrentDirectoryW.KERNEL32(?), ref: 00EB2B6B

Part of subcall function 00EB30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00EB314E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 49944721876957172361eba968e36d1433bd2e01368b6c8bde2007257fef7402
Instruction ID: 25f0bb64c755d439431bf15611a88218fb30bc0e8899e7c7b9b2988adafc181c
Opcode Fuzzy Hash: 49944721876957172361eba968e36d1433bd2e01368b6c8bde2007257fef7402
Instruction Fuzzy Hash: 74E0862530424806CA08BB7498535FFB7D99FD2355F40363EF542A31A3DE2445464352

Function 00EF039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00EF0704,?,?,00000000,?,00EF0704,00000000,0000000C), ref: 00EF03B7

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c8739f8648ce2ed3b2203aa1a29d05e342ea41591a7d1a7e9478d657f8fe6f26
Instruction ID: e5054f69853299d75313eece56791018ce857e5270c1874b59d3e21f1001b8c5
Opcode Fuzzy Hash: c8739f8648ce2ed3b2203aa1a29d05e342ea41591a7d1a7e9478d657f8fe6f26
Instruction Fuzzy Hash: 33D06C3204010DBBDF028F84DD06EDA3BAAFB88714F014000BE1856020C732E821AB90

Function 00EB1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00EB1CBC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 65f51c38636fc508d68742eb3df6a28f26b6a300fc837202564ae3bc6273c091
Instruction ID: 6551f9c887f11a69437ae2362a9892819851219d35ffbd6f37b0a157947bdaea
Opcode Fuzzy Hash: 65f51c38636fc508d68742eb3df6a28f26b6a300fc837202564ae3bc6273c091
Instruction Fuzzy Hash: 84C09B352C030C9FF2544780FC4EFA47754B358B00F084001F709595E3D7A12410F750

Non-executed Functions

Function 00F49576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EC9BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00F4961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F4965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00F4969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F496C9
SendMessageW.USER32 ref: 00F496F2
GetKeyState.USER32(00000011), ref: 00F4978B
GetKeyState.USER32(00000009), ref: 00F49798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00F497AE
GetKeyState.USER32(00000010), ref: 00F497B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F497E9
SendMessageW.USER32 ref: 00F49810
SendMessageW.USER32(?,00001030,?,00F47E95), ref: 00F49918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00F4992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00F49941
SetCapture.USER32(?), ref: 00F4994A
ClientToScreen.USER32(?,?), ref: 00F499AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00F499BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00F499D6
ReleaseCapture.USER32 ref: 00F499E1
GetCursorPos.USER32(?), ref: 00F49A19
ScreenToClient.USER32(?,?), ref: 00F49A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00F49A80
SendMessageW.USER32 ref: 00F49AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00F49AEB
SendMessageW.USER32 ref: 00F49B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00F49B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00F49B4A
GetCursorPos.USER32(?), ref: 00F49B68
ScreenToClient.USER32(?,?), ref: 00F49B75
GetParent.USER32(?), ref: 00F49B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00F49BFA
SendMessageW.USER32 ref: 00F49C2B
ClientToScreen.USER32(?,?), ref: 00F49C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00F49CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00F49CDE
SendMessageW.USER32 ref: 00F49D01
ClientToScreen.USER32(?,?), ref: 00F49D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00F49D82

Part of subcall function 00EC9944: GetWindowLongW.USER32(?,000000EB), ref: 00EC9952

GetWindowLongW.USER32(?,000000F0), ref: 00F49E05

Strings

@GUI_DRAGID, xrefs: 00F4997D
F, xrefs: 00F49D07

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: f7c408f7326fc1a54c974f12ac4fd30ec116839e6331573edd3b7d59f21e5a14
Instruction ID: 9d64922815cb0dfd18708f4ebab5ddafe385198dd07d92aa5c1558c24944561e
Opcode Fuzzy Hash: f7c408f7326fc1a54c974f12ac4fd30ec116839e6331573edd3b7d59f21e5a14
Instruction Fuzzy Hash: AE42AD34608205AFDB20CF24CC44EABBFE5FF49320F154619FA99972A1D7B1A851EF91

Function 00F44873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00F448F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00F44908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00F44927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00F4494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00F4495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00F4497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00F449AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00F449D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00F44A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00F44A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00F44A7E
IsMenu.USER32(?), ref: 00F44A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F44AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F44B20
GetWindowLongW.USER32(?,000000F0), ref: 00F44B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00F44BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00F44C82
wsprintfW.USER32 ref: 00F44CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F44CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00F44CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00F44D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F44D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00F44D5A

Strings

%d/%02d/%02d, xrefs: 00F44CA8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 756f58c04737754436a4be3fa812aaec2db2253c2d6d6b25fc99e979daf78a38
Instruction ID: 3485d790aeb3d105b35c3b2f6fbb094e924c14299f63605677dd41bce1763c49
Opcode Fuzzy Hash: 756f58c04737754436a4be3fa812aaec2db2253c2d6d6b25fc99e979daf78a38
Instruction Fuzzy Hash: DC12CF75A00218ABEB249F24CC49FAE7FF8EB45720F144129FD19EB2E1D774A941EB50

Function 00ECF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00ECF998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F0F474
IsIconic.USER32(00000000), ref: 00F0F47D
ShowWindow.USER32(00000000,00000009), ref: 00F0F48A
SetForegroundWindow.USER32(00000000), ref: 00F0F494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F0F4AA
GetCurrentThreadId.KERNEL32 ref: 00F0F4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F0F4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00F0F4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00F0F4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00F0F4DE
SetForegroundWindow.USER32(00000000), ref: 00F0F4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00F0F4F6
keybd_event.USER32(00000012,00000000), ref: 00F0F501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00F0F50B
keybd_event.USER32(00000012,00000000), ref: 00F0F510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00F0F519
keybd_event.USER32(00000012,00000000), ref: 00F0F51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00F0F528
keybd_event.USER32(00000012,00000000), ref: 00F0F52D
SetForegroundWindow.USER32(00000000), ref: 00F0F530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00F0F557

Strings

Shell_TrayWnd, xrefs: 00F0F46F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 1adc344d06cab314148da67e1f761c3da4f759f48b26d353a7c5ffa0232d3589
Instruction ID: b2b791d328e192b498319858578f50bbb92a8b0c7c149686240d4c7e583394fb
Opcode Fuzzy Hash: 1adc344d06cab314148da67e1f761c3da4f759f48b26d353a7c5ffa0232d3589
Instruction Fuzzy Hash: EA317075A4121CBBEB306BB59C4AFBF7E6CEB45B50F141026FE04E61D1C6B16D00BAA1

Function 00F11201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00F116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F1170D
Part of subcall function 00F116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F1173A
Part of subcall function 00F116C3: GetLastError.KERNEL32 ref: 00F1174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00F11286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00F112A8
CloseHandle.KERNEL32(?), ref: 00F112B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00F112D1
GetProcessWindowStation.USER32 ref: 00F112EA
SetProcessWindowStation.USER32(00000000), ref: 00F112F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00F11310

Part of subcall function 00F110BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F111FC), ref: 00F110D4
Part of subcall function 00F110BF: CloseHandle.KERNEL32(?,?,00F111FC), ref: 00F110E9

Strings

winsta0, xrefs: 00F112CC
default, xrefs: 00F1130B
, xrefs: 00F1125A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 31d7dddedb8112000878979a56312ba4c965bc855a06c6cf9e00ae342240f4eb
Instruction ID: 57c0becbb54ff63a47ae8180fdbb0019cd0dda86cdd28d040dd8d0c7fb9b4c6a
Opcode Fuzzy Hash: 31d7dddedb8112000878979a56312ba4c965bc855a06c6cf9e00ae342240f4eb
Instruction Fuzzy Hash: C7819D71900209AFDF20DFA4DC49FEE7BB9FF06B10F144129FA14A62A0D7758994EB61

Function 00F10B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F11114
Part of subcall function 00F110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F11120
Part of subcall function 00F110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F1112F
Part of subcall function 00F110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F11136
Part of subcall function 00F110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F1114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F10BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F10C00
GetLengthSid.ADVAPI32(?), ref: 00F10C17
GetAce.ADVAPI32(?,00000000,?), ref: 00F10C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F10C6D
GetLengthSid.ADVAPI32(?), ref: 00F10C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F10C8C
HeapAlloc.KERNEL32(00000000), ref: 00F10C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F10CB4
CopySid.ADVAPI32(00000000), ref: 00F10CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F10CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F10D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F10D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F10D45
HeapFree.KERNEL32(00000000), ref: 00F10D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F10D55
HeapFree.KERNEL32(00000000), ref: 00F10D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F10D65
HeapFree.KERNEL32(00000000), ref: 00F10D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00F10D78
HeapFree.KERNEL32(00000000), ref: 00F10D7F

Part of subcall function 00F11193: GetProcessHeap.KERNEL32(00000008,00F10BB1,?,00000000,?,00F10BB1,?), ref: 00F111A1
Part of subcall function 00F11193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F10BB1,?), ref: 00F111A8
Part of subcall function 00F11193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F10BB1,?), ref: 00F111B7

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: eb4b0b487161c5abf03b9da1c2d36ba6251e39c17d21f91f7f5845cb2067407c
Instruction ID: fa7e9d8ccf9e4669cec02d0789fdfaf8669b34ac6898a4782a656ad78fdaacdb
Opcode Fuzzy Hash: eb4b0b487161c5abf03b9da1c2d36ba6251e39c17d21f91f7f5845cb2067407c
Instruction Fuzzy Hash: D8718CB6D0120AABDF10DFA5EC44FEEBBB8BF15310F044115E914E6191DBB1A985EBA0

Function 00F2EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00F4CC08), ref: 00F2EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00F2EB37
GetClipboardData.USER32(0000000D), ref: 00F2EB43
CloseClipboard.USER32 ref: 00F2EB4F
GlobalLock.KERNEL32(00000000), ref: 00F2EB87
CloseClipboard.USER32 ref: 00F2EB91
GlobalUnlock.KERNEL32(00000000), ref: 00F2EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00F2EBC9
GetClipboardData.USER32(00000001), ref: 00F2EBD1
GlobalLock.KERNEL32(00000000), ref: 00F2EBE2
GlobalUnlock.KERNEL32(00000000), ref: 00F2EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00F2EC38
GetClipboardData.USER32(0000000F), ref: 00F2EC44
GlobalLock.KERNEL32(00000000), ref: 00F2EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00F2EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00F2EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00F2ECD2
GlobalUnlock.KERNEL32(00000000), ref: 00F2ECF3
CountClipboardFormats.USER32 ref: 00F2ED14
CloseClipboard.USER32 ref: 00F2ED59

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 94ec57d67351689881fb80ea8436e1441a0dae0468196ab0dfa82c559bc6e5aa
Instruction ID: 93fe08d8d0eea2135a05dfc9b25a1f0d1226a196810014a5c58e81ba5485eb01
Opcode Fuzzy Hash: 94ec57d67351689881fb80ea8436e1441a0dae0468196ab0dfa82c559bc6e5aa
Instruction Fuzzy Hash: 016123352043059FD300EF20E884F6ABBE4EF95710F64541DF846972A2CB71DD05EBA2

Function 00F2698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00F269BE
FindClose.KERNEL32(00000000), ref: 00F26A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F26A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F26A75

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00F26AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00F26ADF

Strings

%03d, xrefs: 00F26DA2
%02d, xrefs: 00F26C00, 00F26C0A, 00F26C5A, 00F26CAA, 00F26CFA, 00F26D4A
%4d, xrefs: 00F26BB1
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00F26B32
%4d%02d%02d%02d%02d%02d, xrefs: 00F26B6A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: ab1e41bc504278751a29e08f5d8d8796a69ff1e9278db6a021939ebae2568a02
Instruction ID: 6c89d4a81ce66b1e5ed4c27a06181407d92098145aa7b36f8c26c4c501bf6f61
Opcode Fuzzy Hash: ab1e41bc504278751a29e08f5d8d8796a69ff1e9278db6a021939ebae2568a02
Instruction Fuzzy Hash: B8D17172508300AFC314EBA4D991EAFB7ECAF98704F04591DF589D7192EB74DA44CBA2

Function 00F29642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00F29663
GetFileAttributesW.KERNEL32(?), ref: 00F296A1
SetFileAttributesW.KERNEL32(?,?), ref: 00F296BB
FindNextFileW.KERNEL32(00000000,?), ref: 00F296D3
FindClose.KERNEL32(00000000), ref: 00F296DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00F296FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00F2974A
SetCurrentDirectoryW.KERNEL32(00F76B7C), ref: 00F29768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00F29772
FindClose.KERNEL32(00000000), ref: 00F2977F
FindClose.KERNEL32(00000000), ref: 00F2978F

Strings

*.*, xrefs: 00F296F5

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: bc59658b59dd8d70a211b9891b125c27af045afe4684892792f80e93846044d3
Instruction ID: 81c641333f5a63e9ede9ae4d80bbfa80fa7ee1d7141daa8c0300cf6872b366d4
Opcode Fuzzy Hash: bc59658b59dd8d70a211b9891b125c27af045afe4684892792f80e93846044d3
Instruction Fuzzy Hash: 3F31C5369056296BDF109FB4EC48ADE77BCAF4A320F104156F915E31A0DBB0DA44AA54

Function 00F2979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00F297BE
FindNextFileW.KERNEL32(00000000,?), ref: 00F29819
FindClose.KERNEL32(00000000), ref: 00F29824
FindFirstFileW.KERNEL32(*.*,?), ref: 00F29840
SetCurrentDirectoryW.KERNEL32(?), ref: 00F29890
SetCurrentDirectoryW.KERNEL32(00F76B7C), ref: 00F298AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00F298B8
FindClose.KERNEL32(00000000), ref: 00F298C5
FindClose.KERNEL32(00000000), ref: 00F298D5

Part of subcall function 00F1DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00F1DB00

Strings

*.*, xrefs: 00F2983B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: f823a5f95cd78e214d5252877c74b96e3662ebb50d7c42fe31ed8030b6869c3a
Instruction ID: b2967752d0f94600eca494ce7a12291eb0366517d03c160c911f3aab4d23f3b8
Opcode Fuzzy Hash: f823a5f95cd78e214d5252877c74b96e3662ebb50d7c42fe31ed8030b6869c3a
Instruction Fuzzy Hash: 4F31F63290562D6ADB14EFB4EC48ADE37BCEF46330F144156E914E31A0DBB0DA85EA60

Function 00F3BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F3C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F3B6AE,?,?), ref: 00F3C9B5
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3C9F1
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3CA68
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F3BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00F3BFA9
RegCloseKey.ADVAPI32(00000000), ref: 00F3BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00F3C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00F3C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F3C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F3C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00F3C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00F3C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F3C382
RegCloseKey.ADVAPI32(00000000), ref: 00F3C38F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: d95a49c68ef57596e0e7c08e341822718ecdf8fe8e907e2d6da845509deff7b4
Instruction ID: 7972fd7aa2946ffcc65844831213707b4acfa90c72f24999245682e67567c043
Opcode Fuzzy Hash: d95a49c68ef57596e0e7c08e341822718ecdf8fe8e907e2d6da845509deff7b4
Instruction Fuzzy Hash: 13025F716042009FD714DF28C895E2ABBE5EF89324F18C49DF84ADB2A2DB31ED45DB91

Function 00F28195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00F28257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00F28267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F28273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F28310
SetCurrentDirectoryW.KERNEL32(?), ref: 00F28324
SetCurrentDirectoryW.KERNEL32(?), ref: 00F28356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F2838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00F28395

Strings

*.*, xrefs: 00F2839B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: df130ebd02a09bfeaf449e5cce45dae8e48a135f0e38f7c8fe0323f72fa64ebd
Instruction ID: aa1a27c73cef6c717c724c5b270151c54bd47e3a00f546e7706315e38ab559e1
Opcode Fuzzy Hash: df130ebd02a09bfeaf449e5cce45dae8e48a135f0e38f7c8fe0323f72fa64ebd
Instruction Fuzzy Hash: 916169725083159FC710EF60D8409AFB3E8FF89360F04892AF98997251EB35E946CB92

Function 00F1D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EB3A97,?,?,00EB2E7F,?,?,?,00000000), ref: 00EB3AC2

Part of subcall function 00F1E199: GetFileAttributesW.KERNEL32(?,00F1CF95), ref: 00F1E19A

FindFirstFileW.KERNEL32(?,?), ref: 00F1D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00F1D1DD
MoveFileW.KERNEL32(?,?), ref: 00F1D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00F1D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00F1D237

Part of subcall function 00F1D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00F1D21C,?,?), ref: 00F1D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00F1D253
FindClose.KERNEL32(00000000), ref: 00F1D264

Strings

\*.*, xrefs: 00F1D0CD, 00F1D0D6, 00F1D0EB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 1f98ccd0701a643063e2d138d2be5f184ab21790445d1f3f790808b6aa0e4a59
Instruction ID: e87168e22b3b64d318dd2144ebd56db4777a3838a5ac7d4c4d361e8950e4f62a
Opcode Fuzzy Hash: 1f98ccd0701a643063e2d138d2be5f184ab21790445d1f3f790808b6aa0e4a59
Instruction Fuzzy Hash: A7617C31C0114DABCF05EBE0DE929EEB7B5AF55300F245169E81277192EB346F49EB60

Function 00F2ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00F2ED91
EmptyClipboard.USER32 ref: 00F2ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00F2EDAC
CloseClipboard.USER32 ref: 00F2EEA3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: bad8abf9e541ef39adf299b2c55b86449cb38bf019235ab6c292748905dd5537
Instruction ID: a08ed1481a9736ee828627b17675b9893759bd23b47114f8e5837f3cc7f4878a
Opcode Fuzzy Hash: bad8abf9e541ef39adf299b2c55b86449cb38bf019235ab6c292748905dd5537
Instruction Fuzzy Hash: F841DF356056219FD310CF15E848B6ABBE1FF54328F26D099E8198B762C771EC41DBD0

Function 00F1E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00F116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F1170D
Part of subcall function 00F116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F1173A
Part of subcall function 00F116C3: GetLastError.KERNEL32 ref: 00F1174A

ExitWindowsEx.USER32(?,00000000), ref: 00F1E932

Strings

SeShutdownPrivilege, xrefs: 00F1E902
, xrefs: 00F1E920
@, xrefs: 00F1E925
, xrefs: 00F1E95C

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 0671a0bb26878217c321eba0a8ed0c6792a0058cd0d4631804e6fe4f1f4d5a0f
Instruction ID: 4c98920eefd9c1552f56f035224294f8ebb043ce2f10408d038dfd91798fbed8
Opcode Fuzzy Hash: 0671a0bb26878217c321eba0a8ed0c6792a0058cd0d4631804e6fe4f1f4d5a0f
Instruction Fuzzy Hash: 7E014933A10315ABEB6422B49C86FFF726CAB18750F540422FD03E30D1D5A95CC0B6E0

Function 00F31204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00F31276
WSAGetLastError.WSOCK32 ref: 00F31283
bind.WSOCK32(00000000,?,00000010), ref: 00F312BA
WSAGetLastError.WSOCK32 ref: 00F312C5
closesocket.WSOCK32(00000000), ref: 00F312F4
listen.WSOCK32(00000000,00000005), ref: 00F31303
WSAGetLastError.WSOCK32 ref: 00F3130D
closesocket.WSOCK32(00000000), ref: 00F3133C

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: 2cb5581a47f9b482e8d04c67e95871ed3b1557455ebc603b381fce087583db35
Instruction ID: e25606e0c82d994172096737d716379256041336dd090460cc12b01015469b1f
Opcode Fuzzy Hash: 2cb5581a47f9b482e8d04c67e95871ed3b1557455ebc603b381fce087583db35
Instruction Fuzzy Hash: 93418135A001049FD710DF64C488B6ABBE6BF86328F188198E8569F2D6C775ED81DBE1

Function 00F1D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EB3A97,?,?,00EB2E7F,?,?,?,00000000), ref: 00EB3AC2

Part of subcall function 00F1E199: GetFileAttributesW.KERNEL32(?,00F1CF95), ref: 00F1E19A

FindFirstFileW.KERNEL32(?,?), ref: 00F1D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00F1D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00F1D481
FindClose.KERNEL32(00000000), ref: 00F1D498
FindClose.KERNEL32(00000000), ref: 00F1D4A1

Strings

\*.*, xrefs: 00F1D3F2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 7bb7ab2835b6946154b17e5efb21a4812fe05ad7d577873bf09098cb50fe414b
Instruction ID: a0e37692245ab0d18f31c58bc2e3d72200789b6805ddf23c79758c4075bf3ba5
Opcode Fuzzy Hash: 7bb7ab2835b6946154b17e5efb21a4812fe05ad7d577873bf09098cb50fe414b
Instruction Fuzzy Hash: 1A31A231009345ABC305EF64D8918EF77F8AE92314F445A2DF4D1A3191EB30AA09E7A3

Function 00EEE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00EEE645

Strings

1#SNAN, xrefs: 00EEF844
1#QNAN, xrefs: 00EEF84B
1#INF, xrefs: 00EEF852
1#IND, xrefs: 00EEF83D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 0ae8edfe1b0ea5ec64c312b03119810073c2ca8112a37b2a8a839635fd3c647a
Instruction ID: 5a9ecf6c83af2fed4aeba68c788452e8d12b3650151ebc3509e57aec80973601
Opcode Fuzzy Hash: 0ae8edfe1b0ea5ec64c312b03119810073c2ca8112a37b2a8a839635fd3c647a
Instruction Fuzzy Hash: 34C24872E0866D8FDB25CE299D407EAB7B5EB48305F1451EAD80DF7281E774AE818F40

Function 00F2648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00F264DC
CoInitialize.OLE32(00000000), ref: 00F26639
CoCreateInstance.OLE32(00F4FCF8,00000000,00000001,00F4FB68,?), ref: 00F26650
CoUninitialize.OLE32 ref: 00F268D4

Strings

.lnk, xrefs: 00F264BA, 00F26524, 00F265E0

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 005fc4e65900c934daa0e52aaf9189dd0a20dcc663044625fd00700d223a2973
Instruction ID: fe184f3b603aa8b027b14935475caab87dcbc5277214104027d358e51f10e676
Opcode Fuzzy Hash: 005fc4e65900c934daa0e52aaf9189dd0a20dcc663044625fd00700d223a2973
Instruction Fuzzy Hash: 92D14A71608211AFC304EF24C8919ABB7E8FF98704F14596DF595DB292EB70ED05CB92

Function 00F322DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00F322E8

Part of subcall function 00F2E4EC: GetWindowRect.USER32(?,?), ref: 00F2E504

GetDesktopWindow.USER32 ref: 00F32312
GetWindowRect.USER32(00000000), ref: 00F32319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00F32355
GetCursorPos.USER32(?), ref: 00F32381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00F323DF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 2bec2d7f1b752760a79794ca82b1724a5a1e96074295c540c3c2a8c3e874ab61
Instruction ID: 8fcdbc9728c1280f6b37997c4179f5554fb2b53140f2f0909815b5d22d3797b2
Opcode Fuzzy Hash: 2bec2d7f1b752760a79794ca82b1724a5a1e96074295c540c3c2a8c3e874ab61
Instruction Fuzzy Hash: A531DC72505319AFD760DF14DC49B9BBBA9FF89320F000A19F98597181DB34EA08DBD2

Function 00F29B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00F29B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00F29C8B

Part of subcall function 00F23874: GetInputState.USER32 ref: 00F238CB
Part of subcall function 00F23874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F23966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00F29BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00F29C75

Strings

*.*, xrefs: 00F29B5D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: e0bd1f1ee7469268cc812832fe901145d3b01f0764cedff996c7a3b18df72de2
Instruction ID: b2a976fd341aae48260fce86e9fc7fdc20766d504d1dfab457ac05d569f25c97
Opcode Fuzzy Hash: e0bd1f1ee7469268cc812832fe901145d3b01f0764cedff996c7a3b18df72de2
Instruction Fuzzy Hash: F8418C71D4421AABCF15DF64D885AEEBBF8EF45310F20406AE815A3191EB709E84DFA1

Function 00EC997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00EC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EC9BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00EC9A4E
GetSysColor.USER32(0000000F), ref: 00EC9B23
SetBkColor.GDI32(?,00000000), ref: 00EC9B36

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: e24998711d3a28e8453980d5433aeef3384d4c5fcbd134f5a04fc0f9c55ab9da
Instruction ID: 84baa03bbd316e4e8f67d9e636d9a25f4bd8a453a0daccc3b0e4ff962e6c74b3
Opcode Fuzzy Hash: e24998711d3a28e8453980d5433aeef3384d4c5fcbd134f5a04fc0f9c55ab9da
Instruction Fuzzy Hash: 03A10871A08544BEE724AA2C8E4DFFB3A9DEB42354B14524DF402E65D3CA27AD03F275

Function 00F31806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00F3304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F3307A
Part of subcall function 00F3304E: _wcslen.LIBCMT ref: 00F3309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00F3185D
WSAGetLastError.WSOCK32 ref: 00F31884
bind.WSOCK32(00000000,?,00000010), ref: 00F318DB
WSAGetLastError.WSOCK32 ref: 00F318E6
closesocket.WSOCK32(00000000), ref: 00F31915

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 2e38e69a6c4e00c0a51f13dea934110322d541b23f90adc90e4d8bac091985f7
Instruction ID: bacee665dfd3c8b65fbe53ec44fe5bb494103f948069c07142d04bff0ca297db
Opcode Fuzzy Hash: 2e38e69a6c4e00c0a51f13dea934110322d541b23f90adc90e4d8bac091985f7
Instruction Fuzzy Hash: 1951C375A00200AFEB10AF24C886F6A77E5AB45728F18909CF9166F3D3C775AD41CBE1

Function 00F41C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00F41CC0
IsWindowEnabled.USER32 ref: 00F41CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00F41CDB
IsIconic.USER32 ref: 00F41CE9
IsZoomed.USER32 ref: 00F41CF7

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 138e95f308ea721e35c197db0cd767abfd5aab8bda09c58ddba91eff57d05ad4
Instruction ID: fba61ca38a1c11ddf3b43279c3243b7a7c8bc82a469a1663c1c9286d6656d1e6
Opcode Fuzzy Hash: 138e95f308ea721e35c197db0cd767abfd5aab8bda09c58ddba91eff57d05ad4
Instruction Fuzzy Hash: A721B131B412115FE7208F1ADC84BAA7FE5FF95325B199068EC4A8B251DB71DC82EBD0

Function 00EB8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00EB83FA
ERCP, xrefs: 00EB813C
VUUU, xrefs: 00EB843C
VUUU, xrefs: 00EB83E8
VUUU, xrefs: 00EF5DF0

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: d70b5111488492b230e62e3efb047ce7e77de667dd50440c043a248e15f8798b
Instruction ID: 167d2879e63e90eff62773470a5cc7dbc5c5cede22f67238ea79f620c30070c2
Opcode Fuzzy Hash: d70b5111488492b230e62e3efb047ce7e77de667dd50440c043a248e15f8798b
Instruction Fuzzy Hash: 5CA26C71A0021ACBDF24CF58C9507FEB7B5BB54318F2491AAEA15B7385EB709D81CB90

Function 00F1AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00F1AAAC
SetKeyboardState.USER32(00000080), ref: 00F1AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00F1AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00F1AB88

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 7ac8677f9ebf1ed2397c66a286ef0efb7103fd9d43ed59e9cd04a98c4b188b24
Instruction ID: a887edfac73fccee3065148696099c04aee85faffc43b4abe56e37f6f4cc8fa4
Opcode Fuzzy Hash: 7ac8677f9ebf1ed2397c66a286ef0efb7103fd9d43ed59e9cd04a98c4b188b24
Instruction Fuzzy Hash: A0316C70E46688AEFF31CB65CC05BFA77A6AF94320F04421AF481521D1D37589C0E7A2

Function 00EEBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00EEBB7F

Part of subcall function 00EE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000), ref: 00EE29DE
Part of subcall function 00EE29C8: GetLastError.KERNEL32(00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000,00000000), ref: 00EE29F0

GetTimeZoneInformation.KERNEL32 ref: 00EEBB91
WideCharToMultiByte.KERNEL32(00000000,?,00F8121C,000000FF,?,0000003F,?,?), ref: 00EEBC09
WideCharToMultiByte.KERNEL32(00000000,?,00F81270,000000FF,?,0000003F,?,?,?,00F8121C,000000FF,?,0000003F,?,?), ref: 00EEBC36

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: b5e0ae6f1d59954eb1992d7e204a9c174aaf8f9bb14b85eed9ac494d1d932665
Instruction ID: 252af90296c5cc3efa94304847be68dce5cd534546bdae921e077a90c9c457c3
Opcode Fuzzy Hash: b5e0ae6f1d59954eb1992d7e204a9c174aaf8f9bb14b85eed9ac494d1d932665
Instruction Fuzzy Hash: C531A37090828DDFCB11DF6ADC818BABBB8FF55310B24525AE050EB2A1D7309D02DB50

Function 00F2CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00F2CE89
GetLastError.KERNEL32(?,00000000), ref: 00F2CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00F2CEFE

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 74e1ea37631f42c22ea0ae1e585ff86731129e5174bb826d04ca5f80acc44d04
Instruction ID: 4073ae4431e405ae1d8c796110b465c297a8b8e27d3b210b820ea1d1e1681762
Opcode Fuzzy Hash: 74e1ea37631f42c22ea0ae1e585ff86731129e5174bb826d04ca5f80acc44d04
Instruction Fuzzy Hash: EF21C171900B159BD720DF65E948BAB77FCEB10368F11441EE546D2151E7B0EE05ABE0

Function 00F18298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00F182AA

Strings

(, xrefs: 00F182F0
|, xrefs: 00F182DA

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 5a6401506f2c85972c3650d15d9bb81ced991834f572b39673485fed39749acf
Instruction ID: 58857b81d41e2998f19b4b6d553a377918f7a878dffa9f1b54e7df02a0c7ee33
Opcode Fuzzy Hash: 5a6401506f2c85972c3650d15d9bb81ced991834f572b39673485fed39749acf
Instruction Fuzzy Hash: 57323975A007059FC728CF59C580AAAB7F0FF48760B15C56EE49ADB3A1DB70E982DB40

Function 00F25C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00F25CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00F25D17
FindClose.KERNEL32(?), ref: 00F25D5F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 99532827771a81104312d4a241f700545a729528564b9485adce8290f918c300
Instruction ID: 056a380b0581269729fb280ff7d15149ac37c416819634168947af999bd8f167
Opcode Fuzzy Hash: 99532827771a81104312d4a241f700545a729528564b9485adce8290f918c300
Instruction Fuzzy Hash: DC51B935A08A019FC714CF28D484E9AB7E4FF49324F54855EE99A8B3A2CB30ED05CF91

Function 00EE2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00EE271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00EE2724
UnhandledExceptionFilter.KERNEL32(?), ref: 00EE2731

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 3208a6be9a47bd75dd06fea4c4ebde0d83d00b4b88afbd1c86f82682a9c4cf9f
Instruction ID: 57a8da56ba820755d681dcc6fe2637823580b2e594a3d403f8fcb9f2b8e8a05c
Opcode Fuzzy Hash: 3208a6be9a47bd75dd06fea4c4ebde0d83d00b4b88afbd1c86f82682a9c4cf9f
Instruction Fuzzy Hash: 3331C27490121CABCB21DF68DD8879CBBB8EF18710F5051EAE91CA6260E7709F818F85

Function 00F251CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00F251DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00F25238
SetErrorMode.KERNEL32(00000000), ref: 00F252A1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: f7345075c2dc78e9312c1ef381561ff23c9f8b67fbb4056367c2425311c1d637
Instruction ID: c560dee5bb828bdb988144940abbec80cc28f7e3ff5fec29ee04cac1359f75cc
Opcode Fuzzy Hash: f7345075c2dc78e9312c1ef381561ff23c9f8b67fbb4056367c2425311c1d637
Instruction Fuzzy Hash: F3314C75A00518DFDB00DF54D884EAEBBF4FF49318F188099E805AB3A2DB31E856CB91

Function 00F116C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00ECFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00ED0668
Part of subcall function 00ECFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00ED0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F1170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F1173A
GetLastError.KERNEL32 ref: 00F1174A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 1312d4934e6c24c2fce86fccb657071ed4caad3b3685ec30579a7aa6aab86fdc
Instruction ID: adac8d3fcbee94db28e2f1581db9eade1e39cef7e4090510a7f8d05d78f489fe
Opcode Fuzzy Hash: 1312d4934e6c24c2fce86fccb657071ed4caad3b3685ec30579a7aa6aab86fdc
Instruction Fuzzy Hash: 8D11C1B2400308AFD7189F54DC86EAABBF9FB04714B20852EE45693291EB71BC818A60

Function 00F1D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F1D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00F1D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F1D650

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: a257fb03c25f0792011bbf6871ea63c81d1df58a85fa631f018028538156c461
Instruction ID: dfe02e16478747253ac4ad24af8a70d1aa1087fd35586e32dd4ff37e1a9811e6
Opcode Fuzzy Hash: a257fb03c25f0792011bbf6871ea63c81d1df58a85fa631f018028538156c461
Instruction Fuzzy Hash: F7113C75E05228BBDB208F959C45FAFBBBCEB45B60F108115F904E7290D6B05A059BA1

Function 00F11663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00F1168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00F116A1
FreeSid.ADVAPI32(?), ref: 00F116B1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: d4fd05275fd035582676eea0d0fa8a8746ad0f1ede072b56ddf31f6b14dde89c
Instruction ID: ff92123127a73b8219b0458e676b95d47b4fd6755ee3436c35cea00c2a585af3
Opcode Fuzzy Hash: d4fd05275fd035582676eea0d0fa8a8746ad0f1ede072b56ddf31f6b14dde89c
Instruction Fuzzy Hash: 14F04475A4130CFBEB00CFE48C89AAEBBBCFB08200F004860E900E2180E330AA449A90

Function 00F0D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00F0D28C

Strings

X64, xrefs: 00F0D2A8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 8a706655e84a32008e5bcbc48ea191d7b7be1c64ce230426447ce4a9c1fa6a2d
Instruction ID: e9882484c0c0837f064218a69c128370a75839fbb7d84e9c92c538ba98867499
Opcode Fuzzy Hash: 8a706655e84a32008e5bcbc48ea191d7b7be1c64ce230426447ce4a9c1fa6a2d
Instruction Fuzzy Hash: 57D0C9B580611DEBCB94CB94DC88ED9B37CBB14305F100155F506E2140D7309549AF10

Function 00EDCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 1266ba10e2e0ee47b0977fda63bfc75975b2d950751ca67c346e06a8d7238f4e
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: 29021C71E0011A9BDF14CFA9C9806ADFBF1EF48354F25926AD919F7380D731AA42CB90

Function 00F268EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00F26918
FindClose.KERNEL32(00000000), ref: 00F26961

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 9dfe2098c7151cbab7fcdb31acd302c9ecfe3c9f91190068d105343c9adcc002
Instruction ID: c9f8f75e4eb3da895f7f508dd1fb4ddbe4368e5f3961388e23a31d4edf7e4e28
Opcode Fuzzy Hash: 9dfe2098c7151cbab7fcdb31acd302c9ecfe3c9f91190068d105343c9adcc002
Instruction Fuzzy Hash: 8D11D0356042109FC710CF29D484A26BBE1FF85328F14C6A9F8698F6A2CB70EC45CBD0

Function 00F237B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00F34891,?,?,00000035,?), ref: 00F237E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00F34891,?,?,00000035,?), ref: 00F237F4

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 8b5ffd249849e33a92396b861e1a1143de19da4f70dcf395da445983b5e6c418
Instruction ID: 2a9571b7ddbea950850a44229d387114520e9aa0fc30683a1be571f1b42530fd
Opcode Fuzzy Hash: 8b5ffd249849e33a92396b861e1a1143de19da4f70dcf395da445983b5e6c418
Instruction Fuzzy Hash: D0F055B170522C2BEB2017A69C4CFEB3AAEEFC5760F000261F608E2281C9A08900C6F0

Function 00F1B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00F1B25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00F1B270

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: da9f8e330e1b6e674bfc8d8b4923aa8f17a0bc773991deda063fdfbbb83df003
Instruction ID: 91f7bdb23f1cb344bf22c36e43cce85fb653408c868bf55a8fbbe355ccf317e8
Opcode Fuzzy Hash: da9f8e330e1b6e674bfc8d8b4923aa8f17a0bc773991deda063fdfbbb83df003
Instruction Fuzzy Hash: B7F06D7580428DABDB058FA0C805BEE7BB0FF05305F008009F951A5191C3798205AF94

Function 00F110BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F111FC), ref: 00F110D4
CloseHandle.KERNEL32(?,?,00F111FC), ref: 00F110E9

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 270f46b1f99682cbfa15a9cddfd4e3dd7cc911b6ceec86b1f973773e5c131573
Instruction ID: f1ba5a9686624311ffe7eb9e99f69078cc93e06584431c0a48fb16cdb342dcc2
Opcode Fuzzy Hash: 270f46b1f99682cbfa15a9cddfd4e3dd7cc911b6ceec86b1f973773e5c131573
Instruction Fuzzy Hash: 25E04F32005610AEF7252B11FC05F737BE9EB04320B10882DF9A6804B1DB726C90EB50

Function 00EBCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00F00C40

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: ee0ae7469be194f2d64fc810d2990ff301023776c9829daa8452f1464a5a9c6f
Instruction ID: a32246c7c761ef1059cc043bef4ee31f8fd9815b350fec918bc64a43b7e3c891
Opcode Fuzzy Hash: ee0ae7469be194f2d64fc810d2990ff301023776c9829daa8452f1464a5a9c6f
Instruction Fuzzy Hash: 8F328D74A04218DBCF14DF90C981BFEB7B5BF04318F245069E806BB292DB75AD45EB61

Function 00EE676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00EE6766,?,?,00000008,?,?,00EEFEFE,00000000), ref: 00EE6998

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: ff3a1c1b0cf0a4f4ddeeaf152ec8bf9e326e87be0e7a40ce2a50e0ca5292f895
Instruction ID: 24185731bde3e08d8d109df6619298c7774bc88aab78016d43e19a30c0012b63
Opcode Fuzzy Hash: ff3a1c1b0cf0a4f4ddeeaf152ec8bf9e326e87be0e7a40ce2a50e0ca5292f895
Instruction Fuzzy Hash: BFB17D31610648CFD719CF29C486BA47BE0FF553A8F259658E8D9DF2A2C336E981CB40

Function 00ECB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00F0851F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 186d0315dc6c24d4a2ac56cbc6fb2fe889ae045253168a1ce912110dce6fae01
Instruction ID: 65aefbced6b0db8e981f801400dcfc17f775a0e1c8f8c4f4cbc8a06b24647919
Opcode Fuzzy Hash: 186d0315dc6c24d4a2ac56cbc6fb2fe889ae045253168a1ce912110dce6fae01
Instruction Fuzzy Hash: C8126275D002299BCB14CF58C941BEEB7F5FF48710F14819AE849EB291EB359E42DB90

Function 00F2EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00F2EABD

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 713bb8ecac047cdaf66fbdd133cf32aa9a3a43ae2a6fd5dd2fa76ad8b96241fb
Instruction ID: fa83d3b1a062c2ee75815c7d85501856e3bd79d7d8a8e611c74957e64606c665
Opcode Fuzzy Hash: 713bb8ecac047cdaf66fbdd133cf32aa9a3a43ae2a6fd5dd2fa76ad8b96241fb
Instruction Fuzzy Hash: 7FE01A362012149FC710EF59E814E9AB7EDAFA9760F10941AFC4AD7251DAB4A8409B91

Function 00ED09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00ED03EE), ref: 00ED09DA

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: f990b3b235f220bbfe2b599d673d0f486e399bd29f9fbae0bea5e78ed981262a
Instruction ID: a5517c89966c8cd0e6e73f58ddd9d90661985fe91b2a162a751f6e3830487c2f
Opcode Fuzzy Hash: f990b3b235f220bbfe2b599d673d0f486e399bd29f9fbae0bea5e78ed981262a
Instruction Fuzzy Hash:

Function 00ED781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00ED798B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 2ed23d75cba27237489c157db71c882bc3eb9deaa6e6480b535f570514d14d78
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 2351337660C6655ADB3C4728896A7BE63D5DB82308F18350BD8C6FB382F611DE43E352

Function 00EE6DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd08e226f1392fdbf78ab07171cfd93c6cff11d8659402f89c6edd091971a56
Instruction ID: 8c3770de671fabf4e3581d6fef2edef6284570955bfaa25c9db47a57bb680b44
Opcode Fuzzy Hash: fdd08e226f1392fdbf78ab07171cfd93c6cff11d8659402f89c6edd091971a56
Instruction Fuzzy Hash: FC326722D28F894ED7239635DC223357249AFB73C6F14E337F85AB59A9EB28C4835100

Function 00ECCC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1021b84dc371406f5e2fb7cb1bbf27614bcfda07ba1e5b2a2eb9434c6ea4de27
Instruction ID: 54dbf14d947dc6dc7d24a8db9a663f1ca99d86161a91561ecb8c0fc7b1bbde48
Opcode Fuzzy Hash: 1021b84dc371406f5e2fb7cb1bbf27614bcfda07ba1e5b2a2eb9434c6ea4de27
Instruction Fuzzy Hash: C532F532E001558BDF28CB28C594B7DB7A1EB45324F38866AD85EDB2D1D235DD82FB81

Function 00EB7920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d48583c0fc06a9f4d7a2f3a111d88904e4bfa36ef2844518a5aa473f07196c
Instruction ID: d52eab1442e50f4aaffc3a332ce168ac74dae579eb3223d3391c3c8857658aaf
Opcode Fuzzy Hash: 66d48583c0fc06a9f4d7a2f3a111d88904e4bfa36ef2844518a5aa473f07196c
Instruction Fuzzy Hash: 5322DF71A0060A9FDF14CF64C981AEEB3F2FF54304F206229E956B7291EB369D01CB50

Function 00EB91C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3038cb5b2f79fc7832d01c5475aeebf144db9de9ac5e6ad1c7f3cd5e8478ca11
Instruction ID: d7eb67e04cc97aa3574d4782f14b3bcec567e1967c8e684146e2569f62006339
Opcode Fuzzy Hash: 3038cb5b2f79fc7832d01c5475aeebf144db9de9ac5e6ad1c7f3cd5e8478ca11
Instruction Fuzzy Hash: 7202A4B0E00209EBDB14DF64D981BEEB7F1FF44304F109169E916AB3A1E731AA51DB91

Function 00EE9EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 043c7e64d9cfed992fe06aa4519cc1ab551ed154f63e234a15474a72f3546944
Instruction ID: 65bd4c31f63e16bcf47375ef73965702a29cafb3e19250d5338419c1105ef845
Opcode Fuzzy Hash: 043c7e64d9cfed992fe06aa4519cc1ab551ed154f63e234a15474a72f3546944
Instruction Fuzzy Hash: B0B1F220D2AF444DD32396398831336B75CAFBB6D6F92D71BFD2674D22EB2286835140

Function 00ED1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 716b6b029dfa54c1f52a3d0e188b0c090945f71c8941f5954be606323d692efd
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 589178722080E359DB2D4639857407DFFE1DA923A631A17DFD8F2DA2C5EE208555D620

Function 00ED1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 21f6c5b1946bdcbc5867cfe1882e36a0fb8645c8b321e6aaf120cb9a7c2ccd59
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: A79198722090A34DDB294239843407DFFE1DAA23A530A57DFD5F2EB2C5EE24C956D620

Function 00ED19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: baefe50b8d892bd4e4d0fcc109cb7638354286799db8e876387e3347352738e8
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: CC91A37220D0A35EDB2D427A857407DFFE1CA923A531A27DFD4F2EA2C1FD248556D620

Function 00ED7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a2055e0735b30b36c316c6030662274ded90993f2f8e594a060de1663d4d253
Instruction ID: a6b0966e023057a1b3e8e18a595cf3418c802d3821e273b9188f418525451712
Opcode Fuzzy Hash: 6a2055e0735b30b36c316c6030662274ded90993f2f8e594a060de1663d4d253
Instruction Fuzzy Hash: 6061367120870996DA349B2889A6BFE63D6DF41708F14391BE8C2FB3C1FA119E438355

Function 00ED7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 277fb2560990b1f4fe70d222b5b009fb7893780cf8538928cf80fa614de4e6ce
Instruction ID: 3aaa3b12f9f76fd6491f4e52bce5655323b917e3db7d9d70661538196d5c8682
Opcode Fuzzy Hash: 277fb2560990b1f4fe70d222b5b009fb7893780cf8538928cf80fa614de4e6ce
Instruction Fuzzy Hash: A761367160870956DA384B288956BBE6396DF4370CF10395FEDC2FB381FA12ED438255

Function 00ED1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 962d8eb0b000f7827c2044fa92000d78f58a2c35d4c3a3adbf2226ecb84d5086
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: EF8195766080E31DDB2D823A853407EFFE1DA923A531A17DFD4F2DA2D1EE248555E620

Function 00F22046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa3e948f322d931540f4ecb66456d2773f8fa7fe3499480804a49b0671af4e32
Instruction ID: 0cf6582c9e7a8bb9c4dc491f367336f3c2c5f1706d1c8f77b50fcfede6dbe7fb
Opcode Fuzzy Hash: aa3e948f322d931540f4ecb66456d2773f8fa7fe3499480804a49b0671af4e32
Instruction Fuzzy Hash: EC21E7327206158BD768CF79C8236BE73E5A754320F14862EE4A7C73D0DE39A904DB80

Function 00F32ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00F32B30
DeleteObject.GDI32(00000000), ref: 00F32B43
DestroyWindow.USER32 ref: 00F32B52
GetDesktopWindow.USER32 ref: 00F32B6D
GetWindowRect.USER32(00000000), ref: 00F32B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00F32CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00F32CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F32CF8
GetClientRect.USER32(00000000,?), ref: 00F32D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00F32D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F32D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F32D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F32D80
GlobalLock.KERNEL32(00000000), ref: 00F32D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F32D98
GlobalUnlock.KERNEL32(00000000), ref: 00F32DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F32DA8
GlobalFree.KERNEL32(00000000), ref: 00F32DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F32DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00F4FC38,00000000), ref: 00F32DDB
GlobalFree.KERNEL32(00000000), ref: 00F32DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00F32E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00F32E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F32E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00F3303F

Strings

static, xrefs: 00F32D3A, 00F32E91
AutoIt v3, xrefs: 00F32CF2
DISPLAY, xrefs: 00F32EA2
, xrefs: 00F32FC5

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: ce4a5141b685f827c0d059bdffed178e2510216c87530a361e346e485698d1b4
Instruction ID: 74885164e267f46c29338149a10551177fae54ffbf494ff28c63ec0615b9213b
Opcode Fuzzy Hash: ce4a5141b685f827c0d059bdffed178e2510216c87530a361e346e485698d1b4
Instruction Fuzzy Hash: 37027075A01208AFDB54DFA4CC89EAE7BB9FF49320F049118F915AB2A1C774DD01DBA0

Function 00F470D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00F4712F
GetSysColorBrush.USER32(0000000F), ref: 00F47160
GetSysColor.USER32(0000000F), ref: 00F4716C
SetBkColor.GDI32(?,000000FF), ref: 00F47186
SelectObject.GDI32(?,?), ref: 00F47195
InflateRect.USER32(?,000000FF,000000FF), ref: 00F471C0
GetSysColor.USER32(00000010), ref: 00F471C8
CreateSolidBrush.GDI32(00000000), ref: 00F471CF
FrameRect.USER32(?,?,00000000), ref: 00F471DE
DeleteObject.GDI32(00000000), ref: 00F471E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00F47230
FillRect.USER32(?,?,?), ref: 00F47262
GetWindowLongW.USER32(?,000000F0), ref: 00F47284

Part of subcall function 00F473E8: GetSysColor.USER32(00000012), ref: 00F47421
Part of subcall function 00F473E8: SetTextColor.GDI32(?,?), ref: 00F47425
Part of subcall function 00F473E8: GetSysColorBrush.USER32(0000000F), ref: 00F4743B
Part of subcall function 00F473E8: GetSysColor.USER32(0000000F), ref: 00F47446
Part of subcall function 00F473E8: GetSysColor.USER32(00000011), ref: 00F47463
Part of subcall function 00F473E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F47471
Part of subcall function 00F473E8: SelectObject.GDI32(?,00000000), ref: 00F47482
Part of subcall function 00F473E8: SetBkColor.GDI32(?,00000000), ref: 00F4748B
Part of subcall function 00F473E8: SelectObject.GDI32(?,?), ref: 00F47498
Part of subcall function 00F473E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00F474B7
Part of subcall function 00F473E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F474CE
Part of subcall function 00F473E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00F474DB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 9f29ad93d710768e2b3ffc029aeb341aeb003ccf7def39e15cec80d4ec4d3749
Instruction ID: 4f65bdd3b6a9c28f4b4f69d92065a8da3a01c4e4508725ee36f2222eac972c1d
Opcode Fuzzy Hash: 9f29ad93d710768e2b3ffc029aeb341aeb003ccf7def39e15cec80d4ec4d3749
Instruction Fuzzy Hash: 34A1D136409305AFD750AF60CC48E6B7BA9FF8A320F141A19FD62A61E1D774E940EF91

Function 00EC8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00EC8E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00F06AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00F06AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00F06F43

Part of subcall function 00EC8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00EC8BE8,?,00000000,?,?,?,?,00EC8BBA,00000000,?), ref: 00EC8FC5

SendMessageW.USER32(?,00001053), ref: 00F06F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00F06F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00F06FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00F06FB7

Strings

0, xrefs: 00F06DCF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 1184c8b1ad115e15d5cf21f642131f4cfd58af4109dffc8572f89c239429cc05
Instruction ID: af233a2c06e51ba8a69f0dc49c2a319da26de3ac745a2517eccddc4ba44de689
Opcode Fuzzy Hash: 1184c8b1ad115e15d5cf21f642131f4cfd58af4109dffc8572f89c239429cc05
Instruction Fuzzy Hash: 7312BC34A01205DFDB25CF14CE44BA9BBE5FB45320F14916DF495DB2A2CB32A862FB91

Function 00F32711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00F3273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00F3286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00F328A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00F328B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00F32900
GetClientRect.USER32(00000000,?), ref: 00F3290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00F32955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00F32964
GetStockObject.GDI32(00000011), ref: 00F32974
SelectObject.GDI32(00000000,00000000), ref: 00F32978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00F32988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F32991
DeleteDC.GDI32(00000000), ref: 00F3299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00F329C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00F329DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00F32A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00F32A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00F32A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00F32A77
GetStockObject.GDI32(00000011), ref: 00F32A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00F32A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00F32A97

Strings

static, xrefs: 00F3294F, 00F32A71
AutoIt v3, xrefs: 00F328F8
msctls_progress32, xrefs: 00F32A13
DISPLAY, xrefs: 00F3295A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 6b460dda8937dcccafb88ecdac5eb5a2ebb1604c32465f8a57ba4314df531866
Instruction ID: 1e9cf3c965252f9a8a32d7e026396b01cdc6aa4029351bbb2ec763dafc5fc3aa
Opcode Fuzzy Hash: 6b460dda8937dcccafb88ecdac5eb5a2ebb1604c32465f8a57ba4314df531866
Instruction Fuzzy Hash: 08B16C75A01209AFEB14DFA8CC49FAE7BA9FB48720F008615F915E7290D774ED40DBA4

Function 00F24ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00F24AED
GetDriveTypeW.KERNEL32(?,00F4CB68,?,\\.\,00F4CC08), ref: 00F24BCA
SetErrorMode.KERNEL32(00000000,00F4CB68,?,\\.\,00F4CC08), ref: 00F24D36

Strings

SSA, xrefs: 00F24CA6
Removable, xrefs: 00F24C10, 00F24C15
ATA, xrefs: 00F24C98
ATAPI, xrefs: 00F24C91
Unknown, xrefs: 00F24BED, 00F24C83
CDROM, xrefs: 00F24BFB
SSD, xrefs: 00F24C4A
1394, xrefs: 00F24C9F
SAS, xrefs: 00F24CC9
USB, xrefs: 00F24CB4
SATA, xrefs: 00F24CD0
PhysicalDrive, xrefs: 00F24B76
Fixed, xrefs: 00F24C09
\\.\, xrefs: 00F24B3F
Virtual, xrefs: 00F24CE5
MMC, xrefs: 00F24CDE
RAID, xrefs: 00F24CBB
Network, xrefs: 00F24C02
iSCSI, xrefs: 00F24CC2
FileBackedVirtual, xrefs: 00F24CEC
RAMDisk, xrefs: 00F24BF4
SCSI, xrefs: 00F24C8A
Fibre, xrefs: 00F24CAD

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: cf4d467ff8ec62fcc9bc47c78e40d573c051f6b85eff82e7588030a005a1dd54
Instruction ID: 010aa875efd019b04d229fb09aa12f115670c0b9bf616bf19c243bcdb0fe676a
Opcode Fuzzy Hash: cf4d467ff8ec62fcc9bc47c78e40d573c051f6b85eff82e7588030a005a1dd54
Instruction Fuzzy Hash: 6A61E6316415159BCB15DF28DA81EAD77B0EB44314B248017F80AEB692DBB5FD41FB43

Function 00F473E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00F47421
SetTextColor.GDI32(?,?), ref: 00F47425
GetSysColorBrush.USER32(0000000F), ref: 00F4743B
GetSysColor.USER32(0000000F), ref: 00F47446
CreateSolidBrush.GDI32(?), ref: 00F4744B
GetSysColor.USER32(00000011), ref: 00F47463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00F47471
SelectObject.GDI32(?,00000000), ref: 00F47482
SetBkColor.GDI32(?,00000000), ref: 00F4748B
SelectObject.GDI32(?,?), ref: 00F47498
InflateRect.USER32(?,000000FF,000000FF), ref: 00F474B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00F474CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00F474DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00F4752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00F47554
InflateRect.USER32(?,000000FD,000000FD), ref: 00F47572
DrawFocusRect.USER32(?,?), ref: 00F4757D
GetSysColor.USER32(00000011), ref: 00F4758E
SetTextColor.GDI32(?,00000000), ref: 00F47596
DrawTextW.USER32(?,00F470F5,000000FF,?,00000000), ref: 00F475A8
SelectObject.GDI32(?,?), ref: 00F475BF
DeleteObject.GDI32(?), ref: 00F475CA
SelectObject.GDI32(?,?), ref: 00F475D0
DeleteObject.GDI32(?), ref: 00F475D5
SetTextColor.GDI32(?,?), ref: 00F475DB
SetBkColor.GDI32(?,?), ref: 00F475E5

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 2ef6696d2a4af076b09c2095782de4e74a1b53dfc3cb4772b0a83efaddf2b080
Instruction ID: 2b79731d1c247b7800b5bdb306dee40e119d5823f117e50117338f55a0dac264
Opcode Fuzzy Hash: 2ef6696d2a4af076b09c2095782de4e74a1b53dfc3cb4772b0a83efaddf2b080
Instruction Fuzzy Hash: 98618A76D01218AFDB00AFA4DC48EAEBFB9EB09320F155115FD15BB2A1D7749940EF90

Function 00F40FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00F41128
GetDesktopWindow.USER32 ref: 00F4113D
GetWindowRect.USER32(00000000), ref: 00F41144
GetWindowLongW.USER32(?,000000F0), ref: 00F41199
DestroyWindow.USER32(?), ref: 00F411B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00F411ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F4120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F4121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00F41232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00F41245
IsWindowVisible.USER32(00000000), ref: 00F412A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00F412BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00F412D0
GetWindowRect.USER32(00000000,?), ref: 00F412E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00F4130E
GetMonitorInfoW.USER32(00000000,?), ref: 00F41328
CopyRect.USER32(?,?), ref: 00F4133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00F413AA

Strings

(, xrefs: 00F4131B
0, xrefs: 00F410D3
tooltips_class32, xrefs: 00F411E6

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 6f85d55fe6a301773e83de7372277f49225ad0eaf6bd6006927f7e3c03c5fc6a
Instruction ID: d1536fab9c29fab2992ec30c921953495e9848d61f103f33e9ba35cf8b27fca8
Opcode Fuzzy Hash: 6f85d55fe6a301773e83de7372277f49225ad0eaf6bd6006927f7e3c03c5fc6a
Instruction Fuzzy Hash: 3CB18C71604341AFD754DF64C884BABBFE8FF85350F008918F999AB2A1C771E884DB92

Function 00EC8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00EC8968
GetSystemMetrics.USER32(00000007), ref: 00EC8970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00EC899B
GetSystemMetrics.USER32(00000008), ref: 00EC89A3
GetSystemMetrics.USER32(00000004), ref: 00EC89C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00EC89E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00EC89F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00EC8A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00EC8A3C
GetClientRect.USER32(00000000,000000FF), ref: 00EC8A5A
GetStockObject.GDI32(00000011), ref: 00EC8A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00EC8A81

Part of subcall function 00EC912D: GetCursorPos.USER32(?), ref: 00EC9141
Part of subcall function 00EC912D: ScreenToClient.USER32(00000000,?), ref: 00EC915E
Part of subcall function 00EC912D: GetAsyncKeyState.USER32(00000001), ref: 00EC9183
Part of subcall function 00EC912D: GetAsyncKeyState.USER32(00000002), ref: 00EC919D

SetTimer.USER32(00000000,00000000,00000028,00EC90FC), ref: 00EC8AA8

Strings

AutoIt v3 GUI, xrefs: 00EC8A20

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: ed17dc5a03953835f4741b5a0be39f51c573c1ed1212b1b45a154736a143d153
Instruction ID: f29789bb93048b337eb841947bff831ca04991d8eb427d74b2e465ce771428eb
Opcode Fuzzy Hash: ed17dc5a03953835f4741b5a0be39f51c573c1ed1212b1b45a154736a143d153
Instruction Fuzzy Hash: 3FB17B35A00209AFDB14DFA8CE45BEE3BB5FB48314F105229FA15E7290DB35A852EB54

Function 00F10D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F11114
Part of subcall function 00F110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F11120
Part of subcall function 00F110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F1112F
Part of subcall function 00F110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F11136
Part of subcall function 00F110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F1114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F10DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F10E29
GetLengthSid.ADVAPI32(?), ref: 00F10E40
GetAce.ADVAPI32(?,00000000,?), ref: 00F10E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F10E96
GetLengthSid.ADVAPI32(?), ref: 00F10EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F10EB5
HeapAlloc.KERNEL32(00000000), ref: 00F10EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F10EDD
CopySid.ADVAPI32(00000000), ref: 00F10EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F10F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F10F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F10F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F10F6E
HeapFree.KERNEL32(00000000), ref: 00F10F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F10F7E
HeapFree.KERNEL32(00000000), ref: 00F10F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F10F8E
HeapFree.KERNEL32(00000000), ref: 00F10F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00F10FA1
HeapFree.KERNEL32(00000000), ref: 00F10FA8

Part of subcall function 00F11193: GetProcessHeap.KERNEL32(00000008,00F10BB1,?,00000000,?,00F10BB1,?), ref: 00F111A1
Part of subcall function 00F11193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F10BB1,?), ref: 00F111A8
Part of subcall function 00F11193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F10BB1,?), ref: 00F111B7

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 3c8eed7b346b9fd9079c04dea586f226fb5013f29351a77caf03c62576219455
Instruction ID: b1efc9aa92e0844f42437ca564d3f31ddedef93372943908242dafd60fc6af13
Opcode Fuzzy Hash: 3c8eed7b346b9fd9079c04dea586f226fb5013f29351a77caf03c62576219455
Instruction Fuzzy Hash: 8B718B7690120AEBDB209FA5DC45FEEBBB8FF05310F044115F919E6191DB709986DFA0

Function 00F3C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F3C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00F4CC08,00000000,?,00000000,?,?), ref: 00F3C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00F3C5A4
_wcslen.LIBCMT ref: 00F3C5F4
_wcslen.LIBCMT ref: 00F3C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00F3C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00F3C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00F3C84D
RegCloseKey.ADVAPI32(?), ref: 00F3C881
RegCloseKey.ADVAPI32(00000000), ref: 00F3C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00F3C960

Strings

REG_SZ, xrefs: 00F3C644
REG_MULTI_SZ, xrefs: 00F3C6F5
REG_DWORD, xrefs: 00F3C804
REG_EXPAND_SZ, xrefs: 00F3C5CD
REG_BINARY, xrefs: 00F3C913
REG_QWORD, xrefs: 00F3C8C3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 0546e57d7afbf69838b93ed6fb14ec17210dd9b9de4deef2d0d344b01fa464d1
Instruction ID: 8054458ed1b0cda66d9f99b4062f4b1dfeac8f1131b54181d87bc1707465934b
Opcode Fuzzy Hash: 0546e57d7afbf69838b93ed6fb14ec17210dd9b9de4deef2d0d344b01fa464d1
Instruction Fuzzy Hash: 37125A356042019FDB14DF14C881B6AB7E5EF88724F18885DF88AAB7A2DB31ED41DB91

Function 00F4091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00F409C6
_wcslen.LIBCMT ref: 00F40A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F40A54
_wcslen.LIBCMT ref: 00F40A8A
_wcslen.LIBCMT ref: 00F40B06
_wcslen.LIBCMT ref: 00F40B81

Part of subcall function 00ECF9F2: _wcslen.LIBCMT ref: 00ECF9FD

Part of subcall function 00F12BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F12BFA

Strings

ISCHECKED, xrefs: 00F40CE1
SELECT, xrefs: 00F40D11
GETITEMCOUNT, xrefs: 00F40C1E
CHECK, xrefs: 00F40A85, 00F40AA0
EXPAND, xrefs: 00F40BF8
GETTEXT, xrefs: 00F40C97
UNCHECK, xrefs: 00F40D3E
COLLAPSE, xrefs: 00F40B01, 00F40B1C
EXISTS, xrefs: 00F40B7C, 00F40B97
GETSELECTED, xrefs: 00F40C4E
GETTOTALCOUNT, xrefs: 00F409F2, 00F40A17

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 48ecd0b15ca7df0ecdb834ecedf4f5d8a05bc3b4afd3e114b77e0d6f24f0eaf7
Instruction ID: 69d2247cc44d7f81424fb03bd3e8e91ebd5fceef903858d387844b3c813b22b6
Opcode Fuzzy Hash: 48ecd0b15ca7df0ecdb834ecedf4f5d8a05bc3b4afd3e114b77e0d6f24f0eaf7
Instruction Fuzzy Hash: A3E1AF316083018FC714EF24C45096ABBE2FFD8314B14895DF999AB362DB35ED46EB82

Function 00F3C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F3B6AE,?,?), ref: 00F3C9B5
_wcslen.LIBCMT ref: 00F3C9F1
_wcslen.LIBCMT ref: 00F3CA68
_wcslen.LIBCMT ref: 00F3CA9E
_wcslen.LIBCMT ref: 00F3CAF9
_wcslen.LIBCMT ref: 00F3CB2F
_wcslen.LIBCMT ref: 00F3CB7F

Strings

HKCR, xrefs: 00F3CB29, 00F3CB2E
HKEY_LOCAL_MACHINE, xrefs: 00F3CA62, 00F3CA67
HKCU, xrefs: 00F3CBCE
HKCC, xrefs: 00F3CBAC
HKEY_CLASSES_ROOT, xrefs: 00F3CAF3, 00F3CAF8
HKLM, xrefs: 00F3CA98, 00F3CA9D
HKEY_USERS, xrefs: 00F3CBDF
HKEY_CURRENT_USER, xrefs: 00F3CBBD
HKU, xrefs: 00F3CBF0
HKEY_CURRENT_CONFIG, xrefs: 00F3CB79, 00F3CB7E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 80df72501befe0b59d9a6d9d17b6b0676467eed6c0dfa911787b87020839546f
Instruction ID: 618f6b1ba2b42fb0dc2161c83ef4fa743d5f977e0c9bd24eaaf7bae54b30137c
Opcode Fuzzy Hash: 80df72501befe0b59d9a6d9d17b6b0676467eed6c0dfa911787b87020839546f
Instruction Fuzzy Hash: 4D71E533A1016A8BCF10DE7CCD516BB3391ABA0770F255129F855B7285E635CD45B3E1

Function 00F4833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00F4835A
_wcslen.LIBCMT ref: 00F4836E
_wcslen.LIBCMT ref: 00F48391
_wcslen.LIBCMT ref: 00F483B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00F483F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00F4361A,?), ref: 00F4844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F48487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00F484CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00F48501
FreeLibrary.KERNEL32(?), ref: 00F4850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00F4851D
DestroyIcon.USER32(?), ref: 00F4852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00F48549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00F48555

Strings

.exe, xrefs: 00F48388
.icl, xrefs: 00F48368
.dll, xrefs: 00F483AB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 91fdd6a095a2bc925564c3ddbaff5151d487df5fff22a30463ed7c8ac9ec4ac6
Instruction ID: a1f972f492c7d53788c7f8a036dc60554162c882fbbee889cbcc3f6a243063d1
Opcode Fuzzy Hash: 91fdd6a095a2bc925564c3ddbaff5151d487df5fff22a30463ed7c8ac9ec4ac6
Instruction Fuzzy Hash: 6061C071900219BBEB14DF64CC81BBE7BA8FF14761F10450AFD15E61D1EB74AA81EBA0

Function 00EB7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#pragma compile, xrefs: 00EB77D3
Bad directive syntax error, xrefs: 00EF519A
Unterminated group of comments, xrefs: 00EF528C
#notrayicon, xrefs: 00EB77E7
#comments-start, xrefs: 00EB785F, 00EB78B1
#requireadmin, xrefs: 00EB77FF
#include, xrefs: 00EB7847
", xrefs: 00EF5153
#ce, xrefs: 00EB78ED
#OnAutoItStartRegister, xrefs: 00EB7817
Cannot parse #include, xrefs: 00EF5279
#include-once, xrefs: 00EB782F
#cs, xrefs: 00EB7873, 00EB78C5
', xrefs: 00EF5169
#comments-end, xrefs: 00EB78D9

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: b19b36bdd232a966aac65f3ee9331f4fdbff1942f18d36b88ae4b6ac7b923e0f
Instruction ID: d4d054f62562a356b6259084404a2c7e76ed4207923390e2119e531c07a14e8e
Opcode Fuzzy Hash: b19b36bdd232a966aac65f3ee9331f4fdbff1942f18d36b88ae4b6ac7b923e0f
Instruction Fuzzy Hash: 0581D471604619BBDB21AF60CD42FFF3BA5AF95300F046026FE45BA192EB70D912D691

Function 00F23E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00F23EF8
_wcslen.LIBCMT ref: 00F23F03
_wcslen.LIBCMT ref: 00F23F5A
_wcslen.LIBCMT ref: 00F23F98
GetDriveTypeW.KERNEL32(?), ref: 00F23FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F2401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F24059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F24087

Strings

close, xrefs: 00F23EFE, 00F23F18
close cd wait, xrefs: 00F24072
open, xrefs: 00F23F54, 00F23F59
open , xrefs: 00F23FE5
closed, xrefs: 00F23F08, 00F23F2D, 00F23F46, 00F23F7E, 00F23F97
type cdaudio alias cd wait, xrefs: 00F24001
wait, xrefs: 00F24044
set cd door , xrefs: 00F24028

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 9d246412cbce16c7bc9cfc3004d800fd40359f52b3f65f8f5e29887661446831
Instruction ID: 16a6218d45ea5280bc2a4119dcfda2dc75a5bde11167ae720cc6cc59cef2e906
Opcode Fuzzy Hash: 9d246412cbce16c7bc9cfc3004d800fd40359f52b3f65f8f5e29887661446831
Instruction Fuzzy Hash: 1F711272A042129FC310DF24D8808ABB7F4EF94768F10892DF995A7251EB34ED49DB92

Function 00F15A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00F15A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00F15A40
SetWindowTextW.USER32(?,?), ref: 00F15A57
GetDlgItem.USER32(?,000003EA), ref: 00F15A6C
SetWindowTextW.USER32(00000000,?), ref: 00F15A72
GetDlgItem.USER32(?,000003E9), ref: 00F15A82
SetWindowTextW.USER32(00000000,?), ref: 00F15A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00F15AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00F15AC3
GetWindowRect.USER32(?,?), ref: 00F15ACC
_wcslen.LIBCMT ref: 00F15B33
SetWindowTextW.USER32(?,?), ref: 00F15B6F
GetDesktopWindow.USER32 ref: 00F15B75
GetWindowRect.USER32(00000000), ref: 00F15B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00F15BD3
GetClientRect.USER32(?,?), ref: 00F15BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00F15C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00F15C2F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 03d12b18d9077f0e79b1305d6ec706b235172454c3161a6cc0eb537ee1c9bfc8
Instruction ID: ceedbd8c0d0557b51cd6bdfb0017523651cdfc38be0578e619fdcd53ad09b97b
Opcode Fuzzy Hash: 03d12b18d9077f0e79b1305d6ec706b235172454c3161a6cc0eb537ee1c9bfc8
Instruction Fuzzy Hash: FE718F31900B09EFDB20DFA8CD85BAEBBF5FF88B14F104518E546A25A0D775E940DB50

Function 00F2FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00F2FE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00F2FE32
LoadCursorW.USER32(00000000,00007F00), ref: 00F2FE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00F2FE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00F2FE53
LoadCursorW.USER32(00000000,00007F01), ref: 00F2FE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00F2FE69
LoadCursorW.USER32(00000000,00007F88), ref: 00F2FE74
LoadCursorW.USER32(00000000,00007F80), ref: 00F2FE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00F2FE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00F2FE95
LoadCursorW.USER32(00000000,00007F85), ref: 00F2FEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00F2FEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00F2FEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00F2FEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00F2FECC
GetCursorInfo.USER32(?), ref: 00F2FEDC
GetLastError.KERNEL32 ref: 00F2FF1E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: f08ee9d7b1104f7da6d32d079becd340a21d806ca902971fc926445f0feea0f9
Instruction ID: 130e738e4f31413ef369e7cd73e9b733af4496dfa76810156d291a41bab7a0d7
Opcode Fuzzy Hash: f08ee9d7b1104f7da6d32d079becd340a21d806ca902971fc926445f0feea0f9
Instruction Fuzzy Hash: C34142B0D093196BDB109FBA9C8585EBFF8BF04364B54453AE11DEB281DB7899018E91

Function 00ED00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00ED00C6

Part of subcall function 00ED00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00F8070C,00000FA0,77D4356C,?,?,?,?,00EF23B3,000000FF), ref: 00ED011C
Part of subcall function 00ED00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00EF23B3,000000FF), ref: 00ED0127
Part of subcall function 00ED00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00EF23B3,000000FF), ref: 00ED0138
Part of subcall function 00ED00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00ED014E
Part of subcall function 00ED00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00ED015C
Part of subcall function 00ED00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00ED016A
Part of subcall function 00ED00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00ED0195
Part of subcall function 00ED00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00ED01A0

___scrt_fastfail.LIBCMT ref: 00ED00E7

Part of subcall function 00ED00A3: __onexit.LIBCMT ref: 00ED00A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00ED0122
InitializeConditionVariable, xrefs: 00ED0148
kernel32.dll, xrefs: 00ED0133
WakeAllConditionVariable, xrefs: 00ED0162
SleepConditionVariableCS, xrefs: 00ED0154

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: f2d36194f2bbdf94ec668c9efc3839f1768fb24de446a1dcab9ca918a8941525
Instruction ID: c9b42ee432957cf704efe347af26e22ea7e665cdd45a37debaa05f07eed407a1
Opcode Fuzzy Hash: f2d36194f2bbdf94ec668c9efc3839f1768fb24de446a1dcab9ca918a8941525
Instruction Fuzzy Hash: 11212632A423156FE7506BA4AC05B6E37E4EB45B61F04213BFC05F3391DF719801AAD1

Function 00F130F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00F1318D
_wcslen.LIBCMT ref: 00F131F8

Strings

NAME, xrefs: 00F13335, 00F13346
CLASSNN, xrefs: 00F131F3, 00F13204
TEXT, xrefs: 00F1347C
INSTANCE, xrefs: 00F13453
CLASS, xrefs: 00F13188, 00F131A5
REGEXPCLASS, xrefs: 00F13255, 00F13266

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 1a8ff2334d23c0f313e06143f992067c415628dbc74ccd548df10d4a16db6e59
Instruction ID: c29987a2b464ad35c78b6aa2cd4d079dc3ec952d6d474f8dea14666c14823112
Opcode Fuzzy Hash: 1a8ff2334d23c0f313e06143f992067c415628dbc74ccd548df10d4a16db6e59
Instruction Fuzzy Hash: 7BE1B632E00516ABCB18DFB8C4517EEFBB5BF54760F54812AE456B7240DB30AEC5AB90

Function 00F244C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00F4CC08), ref: 00F24527
_wcslen.LIBCMT ref: 00F2453B
_wcslen.LIBCMT ref: 00F24599
_wcslen.LIBCMT ref: 00F245F4
_wcslen.LIBCMT ref: 00F2463F
_wcslen.LIBCMT ref: 00F246A7

Part of subcall function 00ECF9F2: _wcslen.LIBCMT ref: 00ECF9FD

GetDriveTypeW.KERNEL32(?,00F76BF0,00000061), ref: 00F24743

Strings

network, xrefs: 00F2469D, 00F246A2
unknown, xrefs: 00F24708
all, xrefs: 00F24531, 00F24536
cdrom, xrefs: 00F2458F, 00F24594
ramdisk, xrefs: 00F246F1
removable, xrefs: 00F245EA, 00F245EF
fixed, xrefs: 00F24635, 00F2463A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 6cf1ea8bec598ebd28b55953e2b310c5cc63e48d00dcba656f06b8359017101b
Instruction ID: 3938058ae12b697392a65e7d255a8181bbb7bdbd0d7ce2153143ca36fa146bb9
Opcode Fuzzy Hash: 6cf1ea8bec598ebd28b55953e2b310c5cc63e48d00dcba656f06b8359017101b
Instruction Fuzzy Hash: CBB11231A083229FC710DF28E891A6BB7E5AFE5720F10591DF496D7291D7B0E844DB92

Function 00F33FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00F4CC08), ref: 00F340BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00F340CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00F4CC08), ref: 00F340F2
FreeLibrary.KERNEL32(00000000,?,00F4CC08), ref: 00F3413E
StringFromGUID2.OLE32(?,?,00000028,?,00F4CC08), ref: 00F341A8
SysFreeString.OLEAUT32(00000009), ref: 00F34262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00F342C8
SysFreeString.OLEAUT32(?), ref: 00F342F2

Strings

kernel32.dll, xrefs: 00F340B6
GetModuleHandleExW, xrefs: 00F340C7

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 5c4eec8ef2c318a95150a4a673bab67a86b612f0b4aef77a84a40b9ee49912d4
Instruction ID: 5ee72d88e980d4bb22b5cbd07766484294e2a5a94be7306a8ca49a3fd41d7cc7
Opcode Fuzzy Hash: 5c4eec8ef2c318a95150a4a673bab67a86b612f0b4aef77a84a40b9ee49912d4
Instruction Fuzzy Hash: A8121B75A00119EFDB14DF94C884EAEBBB5FF45324F248098E905AB261D731FD86DBA0

Function 00EB326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00F81990), ref: 00EF2F8D
GetMenuItemCount.USER32(00F81990), ref: 00EF303D
GetCursorPos.USER32(?), ref: 00EF3081
SetForegroundWindow.USER32(00000000), ref: 00EF308A
TrackPopupMenuEx.USER32(00F81990,00000000,?,00000000,00000000,00000000), ref: 00EF309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00EF30A9

Strings

0, xrefs: 00EB327D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 51571ea7d89d3c42b0f5bb3be2b269818a31a75fe065be2d7a5c3616b5b59306
Instruction ID: 1b79ed424325dbe3415397092aa35efd144f88823e6938252dfd490c674bf3a8
Opcode Fuzzy Hash: 51571ea7d89d3c42b0f5bb3be2b269818a31a75fe065be2d7a5c3616b5b59306
Instruction Fuzzy Hash: EF71E771744209BAEB218F64CC49FEABF68FF05368F245216FB147A1E0C7B1A950DB90

Function 00F46CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00F46DEB

Part of subcall function 00EB6B57: _wcslen.LIBCMT ref: 00EB6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00F46E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00F46E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F46E94
DestroyWindow.USER32(?), ref: 00F46EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00EB0000,00000000), ref: 00F46EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00F46EFD
GetDesktopWindow.USER32 ref: 00F46F16
GetWindowRect.USER32(00000000), ref: 00F46F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00F46F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00F46F4D

Part of subcall function 00EC9944: GetWindowLongW.USER32(?,000000EB), ref: 00EC9952

Strings

tooltips_class32, xrefs: 00F46E58, 00F46EDD
0, xrefs: 00F46D98

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 3975cec914a8035473c524fbaf6f3250fb223eb8b852fd52e6a90f1a41ba9a54
Instruction ID: 2470e99cec1dc2901df822fb71c020cd095ca0a9bbf9d045a223399c1e6d4acb
Opcode Fuzzy Hash: 3975cec914a8035473c524fbaf6f3250fb223eb8b852fd52e6a90f1a41ba9a54
Instruction Fuzzy Hash: 14718774504344AFEB20CF18D844BBABBE9FB8A324F04451DF999D7261D770E90AEB16

Function 00F4911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EC9BB2

DragQueryPoint.SHELL32(?,?), ref: 00F49147

Part of subcall function 00F47674: ClientToScreen.USER32(?,?), ref: 00F4769A
Part of subcall function 00F47674: GetWindowRect.USER32(?,?), ref: 00F47710
Part of subcall function 00F47674: PtInRect.USER32(?,?,00F48B89), ref: 00F47720

SendMessageW.USER32(?,000000B0,?,?), ref: 00F491B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00F491BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00F491DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00F49225
SendMessageW.USER32(?,000000B0,?,?), ref: 00F4923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00F49255
SendMessageW.USER32(?,000000B1,?,?), ref: 00F49277
DragFinish.SHELL32(?), ref: 00F4927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00F49371

Strings

@GUI_DRAGID, xrefs: 00F492E9
@GUI_DROPID, xrefs: 00F4929E
@GUI_DRAGFILE, xrefs: 00F49320

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: a24e33164e5f47f36878c7741bcfef0df5d7e73590d336687408fbd582cbe0bc
Instruction ID: 24b5c0c4a33e6b6c3686e888d52caf7bedd50ac8dc85d633f369f845247df59e
Opcode Fuzzy Hash: a24e33164e5f47f36878c7741bcfef0df5d7e73590d336687408fbd582cbe0bc
Instruction Fuzzy Hash: 1B618C71108304AFD701EF60DC85DAFBBE8EF99350F10192EF995A31A1DB709A09DB92

Function 00F2C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F2C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00F2C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00F2C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00F2C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00F2C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00F2C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F2C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F2C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00F2C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00F2C5F0
InternetCloseHandle.WININET(00000000), ref: 00F2C5FB

Strings

, xrefs: 00F2C575

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: e56de3e5f661b2b7a4a50ce5c6706cc80118d14076bf139ae12999a83ededaa9
Instruction ID: 2b52e68bacb49afef922823da0e8e81fb4514cb524ffb26b1724053723df13dd
Opcode Fuzzy Hash: e56de3e5f661b2b7a4a50ce5c6706cc80118d14076bf139ae12999a83ededaa9
Instruction Fuzzy Hash: C4519AB5500618BFEB218FA0DD88AAF7BFCFF19354F04401AF94596210DB34EA04ABA0

Function 00F4856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00F48592
GetFileSize.KERNEL32(00000000,00000000), ref: 00F485A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 00F485AD
CloseHandle.KERNEL32(00000000), ref: 00F485BA
GlobalLock.KERNEL32(00000000), ref: 00F485C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00F485D7
GlobalUnlock.KERNEL32(00000000), ref: 00F485E0
CloseHandle.KERNEL32(00000000), ref: 00F485E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00F485F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,00F4FC38,?), ref: 00F48611
GlobalFree.KERNEL32(00000000), ref: 00F48621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00F48641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00F48671
DeleteObject.GDI32(00000000), ref: 00F48699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00F486AF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 865a5e78c144e9b232596a5e14809317f8626f0455a65c88285fb44d56279c9b
Instruction ID: 69d0d1524baba183b36926712182199e5a2bec33c15c803c7bdbdab35dc43b23
Opcode Fuzzy Hash: 865a5e78c144e9b232596a5e14809317f8626f0455a65c88285fb44d56279c9b
Instruction Fuzzy Hash: 01414B75601208AFDB519FA5CC48EAE7BB8EF9A761F144058FD09E7260DB709E01EB60

Function 00F214BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00F21502
VariantCopy.OLEAUT32(?,?), ref: 00F2150B
VariantClear.OLEAUT32(?), ref: 00F21517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00F215FB
VarR8FromDec.OLEAUT32(?,?), ref: 00F21657
VariantInit.OLEAUT32(?), ref: 00F21708
SysFreeString.OLEAUT32(?), ref: 00F2178C
VariantClear.OLEAUT32(?), ref: 00F217D8
VariantClear.OLEAUT32(?), ref: 00F217E7
VariantInit.OLEAUT32(00000000), ref: 00F21823

Strings

Default, xrefs: 00F216AF
%4d%02d%02d%02d%02d%02d, xrefs: 00F21625

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 7cd5da29e8edeb25dae17b611d541bc792e7506fd305fd2523d35c7941cb5197
Instruction ID: 98ca9ce2895b3449229d75b76cde5c457f1ce47ccc40bbf0fed0ce34a74ac24a
Opcode Fuzzy Hash: 7cd5da29e8edeb25dae17b611d541bc792e7506fd305fd2523d35c7941cb5197
Instruction Fuzzy Hash: 62D11432A00125DBDB10DF65E886BBDB7F5BF55700F18809AF806AB180DB34DC41EBA6

Function 00F3B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F3C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F3B6AE,?,?), ref: 00F3C9B5
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3C9F1
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3CA68
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F3B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F3B772
RegDeleteValueW.ADVAPI32(?,?), ref: 00F3B80A
RegCloseKey.ADVAPI32(?), ref: 00F3B87E
RegCloseKey.ADVAPI32(?), ref: 00F3B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00F3B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F3B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00F3B922
FreeLibrary.KERNEL32(00000000), ref: 00F3B983
RegCloseKey.ADVAPI32(00000000), ref: 00F3B994

Strings

advapi32.dll, xrefs: 00F3B8ED
RegDeleteKeyExW, xrefs: 00F3B8FE

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 355c65cb7521db7d670cf235aee5a192f8c72c499014aa7987dd680d0f5a23f2
Instruction ID: b4d16bd0f27961e40812d3318d5bd7582aac2eb2998177dc42f04c8d5022de22
Opcode Fuzzy Hash: 355c65cb7521db7d670cf235aee5a192f8c72c499014aa7987dd680d0f5a23f2
Instruction Fuzzy Hash: D4C1BE34609201AFD710DF14C4A5F2ABBE5FF84328F18949CF59A9B2A2CB35EC45DB91

Function 00F3255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00F325D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00F325E8
CreateCompatibleDC.GDI32(?), ref: 00F325F4
SelectObject.GDI32(00000000,?), ref: 00F32601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00F3266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00F326AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00F326D0
SelectObject.GDI32(?,?), ref: 00F326D8
DeleteObject.GDI32(?), ref: 00F326E1
DeleteDC.GDI32(?), ref: 00F326E8
ReleaseDC.USER32(00000000,?), ref: 00F326F3

Strings

(, xrefs: 00F3268D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 29b3b6c2085a1ad724fac90c47fb72180f479d608edfaa4974fb71b54f2161b5
Instruction ID: eb167b42323c6c110e7be7787bdd9e75da768f7b87460ad9b3dc5f341bd3fa7e
Opcode Fuzzy Hash: 29b3b6c2085a1ad724fac90c47fb72180f479d608edfaa4974fb71b54f2161b5
Instruction Fuzzy Hash: 6A61F175D00219EFCF44CFA8D885AAEBBB6FF48310F208529E955A7250E774A941DFA0

Function 00EEDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00EEDAA1

Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED659
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED66B
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED67D
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED68F
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED6A1
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED6B3
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED6C5
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED6D7
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED6E9
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED6FB
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED70D
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED71F
Part of subcall function 00EED63C: _free.LIBCMT ref: 00EED731

_free.LIBCMT ref: 00EEDA96

Part of subcall function 00EE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000), ref: 00EE29DE
Part of subcall function 00EE29C8: GetLastError.KERNEL32(00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000,00000000), ref: 00EE29F0

_free.LIBCMT ref: 00EEDAB8
_free.LIBCMT ref: 00EEDACD
_free.LIBCMT ref: 00EEDAD8
_free.LIBCMT ref: 00EEDAFA
_free.LIBCMT ref: 00EEDB0D
_free.LIBCMT ref: 00EEDB1B
_free.LIBCMT ref: 00EEDB26
_free.LIBCMT ref: 00EEDB5E
_free.LIBCMT ref: 00EEDB65
_free.LIBCMT ref: 00EEDB82
_free.LIBCMT ref: 00EEDB9A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 42e2ae0cfc3af2cdaa4ecae9f418430e4861a8cbfd578f08be02dd375f85a6e1
Instruction ID: 86be24c2cf5d150e67b03d98a587f5bb85cba3d200ab7a030b27fd12da1f3412
Opcode Fuzzy Hash: 42e2ae0cfc3af2cdaa4ecae9f418430e4861a8cbfd578f08be02dd375f85a6e1
Instruction Fuzzy Hash: AA315E3160868D9FDB21AE3AEC46B5A77E8FF40318F11642DE558E7192EB36AD408720

Function 00F1365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00F1369C
_wcslen.LIBCMT ref: 00F136A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00F13797
GetClassNameW.USER32(?,?,00000400), ref: 00F1380C
GetDlgCtrlID.USER32(?), ref: 00F1385D
GetWindowRect.USER32(?,?), ref: 00F13882
GetParent.USER32(?), ref: 00F138A0
ScreenToClient.USER32(00000000), ref: 00F138A7
GetClassNameW.USER32(?,?,00000100), ref: 00F13921
GetWindowTextW.USER32(?,?,00000400), ref: 00F1395D

Strings

%s%u, xrefs: 00F13734

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 00c55509024af82fc1e900d12174ac6a02755f4046a426470138df9242581e39
Instruction ID: 679ecf8e894c4c09e14e6ab4756b079d15cc5e82012de2f2edbc56ed5dd150c1
Opcode Fuzzy Hash: 00c55509024af82fc1e900d12174ac6a02755f4046a426470138df9242581e39
Instruction Fuzzy Hash: 6F91E271604606AFD718DF24C885FEAF7E9FF44360F408629F999D2190DB30EA85DBA1

Function 00F14954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00F14994
GetWindowTextW.USER32(?,?,00000400), ref: 00F149DA
_wcslen.LIBCMT ref: 00F149EB
CharUpperBuffW.USER32(?,00000000), ref: 00F149F7
_wcsstr.LIBVCRUNTIME ref: 00F14A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00F14A64
GetWindowTextW.USER32(?,?,00000400), ref: 00F14A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00F14AE6
GetClassNameW.USER32(?,?,00000400), ref: 00F14B20
GetWindowRect.USER32(?,?), ref: 00F14B8B

Strings

ThumbnailClass, xrefs: 00F14A6F, 00F14AF1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: f72469115a6a731610f9d295d612164a76dfd3cb100ab8e397201770f7c15c9b
Instruction ID: 1db17bc83b11da31d1e6aa27f5322728fec72b8fbf4ac5a4e36bf55bf34b10f7
Opcode Fuzzy Hash: f72469115a6a731610f9d295d612164a76dfd3cb100ab8e397201770f7c15c9b
Instruction Fuzzy Hash: 24919F724082099FDB04CF14C985BEA77E8FFC4364F04846AFD899A196DB34ED85DBA1

Function 00F1BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00F81990,000000FF,00000000,00000030), ref: 00F1BFAC
SetMenuItemInfoW.USER32(00F81990,00000004,00000000,00000030), ref: 00F1BFE1
Sleep.KERNEL32(000001F4), ref: 00F1BFF3
GetMenuItemCount.USER32(?), ref: 00F1C039
GetMenuItemID.USER32(?,00000000), ref: 00F1C056
GetMenuItemID.USER32(?,-00000001), ref: 00F1C082
GetMenuItemID.USER32(?,?), ref: 00F1C0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00F1C10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F1C124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F1C145

Strings

0, xrefs: 00F1BF3D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: 447a8c516d8ef2dc87cefe8fe4841963ed605e16a6fbcf2880dbe3a729716c1e
Instruction ID: edca7967fcd5e8cda6ccb607d4c77394f5edd142ccb1d0c309e67f22c0acd739
Opcode Fuzzy Hash: 447a8c516d8ef2dc87cefe8fe4841963ed605e16a6fbcf2880dbe3a729716c1e
Instruction Fuzzy Hash: 56618DB198024AEFDF11CF64DD88AEEBBB8FB06354F044155F851A3291C735AD85EBA0

Function 00F3CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00F3CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00F3CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00F3CD48

Part of subcall function 00F3CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00F3CCAA
Part of subcall function 00F3CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00F3CCBD
Part of subcall function 00F3CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F3CCCF
Part of subcall function 00F3CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00F3CD05
Part of subcall function 00F3CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00F3CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00F3CCF3

Strings

advapi32.dll, xrefs: 00F3CCB8
RegDeleteKeyExW, xrefs: 00F3CCC9

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: f096b9821f2d49488d0af68d2a734e67bd3835d2841d75c10d79383bb6827c88
Instruction ID: c3f68ac3756f9927f47a53828dd58a3b7494b1f4e148e21b785d39d557f89f25
Opcode Fuzzy Hash: f096b9821f2d49488d0af68d2a734e67bd3835d2841d75c10d79383bb6827c88
Instruction Fuzzy Hash: 12316B75902128BBDB209B55DC88EEFBB7CEF56760F000165F915E2240DA349A45EBE0

Function 00F23D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F23D40
_wcslen.LIBCMT ref: 00F23D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00F23D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00F23DBE
RemoveDirectoryW.KERNEL32(?), ref: 00F23DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00F23E55
CloseHandle.KERNEL32(00000000), ref: 00F23E60
CloseHandle.KERNEL32(00000000), ref: 00F23E6B

Strings

\, xrefs: 00F23D77
:, xrefs: 00F23D82
\??\%s, xrefs: 00F23D5B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: bb6725fba222608f4a6bdbed8f4a62d586bce7cb90c305ef27c2e820fb6244fd
Instruction ID: adbfa143d55796c56ebaace73a9402b913237b36d2feace228126fc294719f1b
Opcode Fuzzy Hash: bb6725fba222608f4a6bdbed8f4a62d586bce7cb90c305ef27c2e820fb6244fd
Instruction Fuzzy Hash: 5F31C3B6A0011DABDB209FA0DC48FEF37BCEF89710F5040A6F909E6160E77497449B64

Function 00F1E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00F1E6B4

Part of subcall function 00ECE551: timeGetTime.WINMM(?,?,00F1E6D4), ref: 00ECE555

Sleep.KERNEL32(0000000A), ref: 00F1E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00F1E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00F1E727
SetActiveWindow.USER32 ref: 00F1E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00F1E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00F1E773
Sleep.KERNEL32(000000FA), ref: 00F1E77E
IsWindow.USER32 ref: 00F1E78A
EndDialog.USER32(00000000), ref: 00F1E79B

Strings

BUTTON, xrefs: 00F1E719

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: afa69f82eeeb93739fe0170fe3dca188994f9bbdf5a9b697cbab83d18ede5b74
Instruction ID: 6aca2bee6ece5ba8847068eb304e462ac9451b67f85ae5662983b41adcf3c579
Opcode Fuzzy Hash: afa69f82eeeb93739fe0170fe3dca188994f9bbdf5a9b697cbab83d18ede5b74
Instruction Fuzzy Hash: DD21D57420120CAFFB405F20EC89FB53BA9FBA6758F046424FD15821B1EB75AC40BBA4

Function 00F1E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00F1EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00F1EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F1EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00F1EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00F1EAA7

Strings

alias PlayMe, xrefs: 00F1EA36
close PlayMe, xrefs: 00F1EA6E, 00F1EA9B
open , xrefs: 00F1EA0C
play PlayMe wait, xrefs: 00F1EA91
status PlayMe mode, xrefs: 00F1EA58
play PlayMe, xrefs: 00F1EAA2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: cab8431419c7b71b1639a0af5e165c04151620d5eb995f676e05af2d776f8510
Instruction ID: 9acb202212c2d63ff44dad6aa9ec86d14c525c174d7f5633b0b873124c47317d
Opcode Fuzzy Hash: cab8431419c7b71b1639a0af5e165c04151620d5eb995f676e05af2d776f8510
Instruction Fuzzy Hash: A111A331A5021979D720A7A1DC4ADFF6EBCEFD1F10F40442AB915E20D1EE704945D5B2

Function 00F19F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00F1A012
SetKeyboardState.USER32(?), ref: 00F1A07D
GetAsyncKeyState.USER32(000000A0), ref: 00F1A09D
GetKeyState.USER32(000000A0), ref: 00F1A0B4
GetAsyncKeyState.USER32(000000A1), ref: 00F1A0E3
GetKeyState.USER32(000000A1), ref: 00F1A0F4
GetAsyncKeyState.USER32(00000011), ref: 00F1A120
GetKeyState.USER32(00000011), ref: 00F1A12E
GetAsyncKeyState.USER32(00000012), ref: 00F1A157
GetKeyState.USER32(00000012), ref: 00F1A165
GetAsyncKeyState.USER32(0000005B), ref: 00F1A18E
GetKeyState.USER32(0000005B), ref: 00F1A19C

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: f70997b506fc29865fbdbe713b80414f71aa24f34c0baaa1a74b1d2b0cf3185c
Instruction ID: e6c5187bdf148cb673867df5f848121f925e066f921302e071b82e30a41f81ce
Opcode Fuzzy Hash: f70997b506fc29865fbdbe713b80414f71aa24f34c0baaa1a74b1d2b0cf3185c
Instruction Fuzzy Hash: DD51DB64D097C839FB35EB7048117EABFF45F12390F088599D5C2571C2DAA49ACCDBA2

Function 00F15CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00F15CE2
GetWindowRect.USER32(00000000,?), ref: 00F15CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00F15D59
GetDlgItem.USER32(?,00000002), ref: 00F15D69
GetWindowRect.USER32(00000000,?), ref: 00F15D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00F15DCF
GetDlgItem.USER32(?,000003E9), ref: 00F15DDD
GetWindowRect.USER32(00000000,?), ref: 00F15DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00F15E31
GetDlgItem.USER32(?,000003EA), ref: 00F15E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00F15E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00F15E67

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: f412f069682e2947862383ea74b308eafadea9427813e7bb275f736358af8bb5
Instruction ID: 108350c0ef36c7aafbfdffb5a39554ff01a51a2c171984223eb0fafbc84f30e6
Opcode Fuzzy Hash: f412f069682e2947862383ea74b308eafadea9427813e7bb275f736358af8bb5
Instruction Fuzzy Hash: D2513D74F00609AFDF18CF68DD89AAEBBB5EB98710F118128F905E7290D7709E40DB50

Function 00EC8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00EC8BE8,?,00000000,?,?,?,?,00EC8BBA,00000000,?), ref: 00EC8FC5

DestroyWindow.USER32(?), ref: 00EC8C81
KillTimer.USER32(00000000,?,?,?,?,00EC8BBA,00000000,?), ref: 00EC8D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00F06973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00EC8BBA,00000000,?), ref: 00F069A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00EC8BBA,00000000,?), ref: 00F069B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00EC8BBA,00000000), ref: 00F069D4
DeleteObject.GDI32(00000000), ref: 00F069E6

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 5cfccd4026e4d953e70dac0cf0a9082253eb2e544866fa89197e4aec70f3b1ce
Instruction ID: 5a3f2c634827aeac176bd931214c8bf05c859a5f27840cebbc3d73b41d359fa7
Opcode Fuzzy Hash: 5cfccd4026e4d953e70dac0cf0a9082253eb2e544866fa89197e4aec70f3b1ce
Instruction Fuzzy Hash: 0F61AC30502608DFDB259F14CB48FA9B7F1FB51326F10661DE442A69A0CB36AC92FB91

Function 00EC9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00EC9944: GetWindowLongW.USER32(?,000000EB), ref: 00EC9952

GetSysColor.USER32(0000000F), ref: 00EC9862

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 4b55f75d12b4bf863f94039a33b239e32acc17f705997016a93692a9971d2114
Instruction ID: 5c58d12bc10d37294c1ff03cd9854a7f5dcf0bae449761af7923e10298e89c4c
Opcode Fuzzy Hash: 4b55f75d12b4bf863f94039a33b239e32acc17f705997016a93692a9971d2114
Instruction Fuzzy Hash: FE4103365016449FDB245F389C88FB93BA5BB57330F186649F9A2971E2C7329C42EB50

Function 00EE8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Strings

., xrefs: 00EE903A, 00EE8FD0, 00EE8FF2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-3963672497
Opcode ID: 88776349c0583217accb73a7b8b812d3b9583b13a3f6a86ba017adbc43470d90
Instruction ID: bb86d705a35182c44abb2bc0ff3068f0bdf3d3d7eee711a24b72f08112b0d428
Opcode Fuzzy Hash: 88776349c0583217accb73a7b8b812d3b9583b13a3f6a86ba017adbc43470d90
Instruction Fuzzy Hash: F9C1E374A0428DAFCB11DFAAC841BEDBBF4AF49314F446199E919BB393C7309941CB60

Function 00F196E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00EFF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00F19717
LoadStringW.USER32(00000000,?,00EFF7F8,00000001), ref: 00F19720

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00EFF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00F19742
LoadStringW.USER32(00000000,?,00EFF7F8,00000001), ref: 00F19745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00F19866

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00F1984A
Line %d:, xrefs: 00F197A0
Line %d (File "%s"):, xrefs: 00F1978F
^ ERROR, xrefs: 00F197FB
Error: , xrefs: 00F1981D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: b4f49eb4134418c9b59dcea9ee5f5247623de07c7d9cd74f2f361093b85cf86f
Instruction ID: 652508c8cfdea2bddb3451182abb6f6d56f80867b33d9f39a1fbef296f01cd27
Opcode Fuzzy Hash: b4f49eb4134418c9b59dcea9ee5f5247623de07c7d9cd74f2f361093b85cf86f
Instruction Fuzzy Hash: B9414072804209AACF04EBE0DD96EEFB7B8AF55340F601065F60572092EB756F48DBA1

Function 00F106DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB6B57: _wcslen.LIBCMT ref: 00EB6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00F107A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00F107BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00F107DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00F10804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00F1082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00F10837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00F1083C

Strings

\IPC$, xrefs: 00F10784
\CLSID, xrefs: 00F10724
SOFTWARE\Classes\, xrefs: 00F1070E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 08132cafd931a34b13494e1757a4c2852690a02b76cf2547a8e37a918eb22b33
Instruction ID: 593818122560aa344f7614d0ee39d3dac22590365bddfe941c73cd6c128f50a8
Opcode Fuzzy Hash: 08132cafd931a34b13494e1757a4c2852690a02b76cf2547a8e37a918eb22b33
Instruction Fuzzy Hash: AE413872C00229ABDF15EBA4DC85CEEB7B8FF14750B04512AE901B71A1EB709E84DB90

Function 00F43F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00F4403B
CreateCompatibleDC.GDI32(00000000), ref: 00F44042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00F44055
SelectObject.GDI32(00000000,00000000), ref: 00F4405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00F44068
DeleteDC.GDI32(00000000), ref: 00F44072
GetWindowLongW.USER32(?,000000EC), ref: 00F4407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00F44092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00F4409E

Strings

static, xrefs: 00F43FD3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: d4795da5613ba4cdfbe1084509108460e14649ef1f748741444ed4b9500fbe28
Instruction ID: 47a162d76a8d2e0666b0234b41fb585a87b4184510b7b98c373a88c0cfec8faa
Opcode Fuzzy Hash: d4795da5613ba4cdfbe1084509108460e14649ef1f748741444ed4b9500fbe28
Instruction Fuzzy Hash: 03317C36501219ABDF219FA8CC09FDA3F68EF1E320F011211FE18E61A0C775D861EBA4

Function 00F33C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00F33C5C
CoInitialize.OLE32(00000000), ref: 00F33C8A
CoUninitialize.OLE32 ref: 00F33C94
_wcslen.LIBCMT ref: 00F33D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00F33DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00F33ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00F33F0E
CoGetObject.OLE32(?,00000000,00F4FB98,?), ref: 00F33F2D
SetErrorMode.KERNEL32(00000000), ref: 00F33F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00F33FC4
VariantClear.OLEAUT32(?), ref: 00F33FD8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 89a971229116e244f1b98627ec3d088287182b6cc61da19dfda01cdc621d5919
Instruction ID: 927fbd4164343522d21b903ead4952e4aa69ab41a037f5c759e32017faf92b30
Opcode Fuzzy Hash: 89a971229116e244f1b98627ec3d088287182b6cc61da19dfda01cdc621d5919
Instruction Fuzzy Hash: E2C168716083059FD700DF68C88492BBBE9FF89764F00491DF98A9B261DB31EE45DB92

Function 00F27A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00F27AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00F27B8F
SHGetDesktopFolder.SHELL32(?), ref: 00F27BA3
CoCreateInstance.OLE32(00F4FD08,00000000,00000001,00F76E6C,?), ref: 00F27BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00F27C74
CoTaskMemFree.OLE32(?,?), ref: 00F27CCC
SHBrowseForFolderW.SHELL32(?), ref: 00F27D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00F27D7A
CoTaskMemFree.OLE32(00000000), ref: 00F27D81
CoTaskMemFree.OLE32(00000000), ref: 00F27DD6
CoUninitialize.OLE32 ref: 00F27DDC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: e4dcaaaaa7a3fd051501cdc087c1c3d75d8b1581dec5ea31abf20a64d62c749d
Instruction ID: c665c938636f9800a72f0cd8b96501bc7817f8a0bb29b032011f453b0c5612f1
Opcode Fuzzy Hash: e4dcaaaaa7a3fd051501cdc087c1c3d75d8b1581dec5ea31abf20a64d62c749d
Instruction Fuzzy Hash: 81C14C75A04219AFCB14DFA4D884DAEBBF9FF48314B148499E81AEB361D730ED41DB90

Function 00F4541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00F45504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F45515
CharNextW.USER32(00000158), ref: 00F45544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00F45585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00F4559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F455AC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: b835d0435e3a8dc44c6857236356540db40ef665d600e0ff3bee94e1266bf8aa
Instruction ID: 283b97a2b56c4ad3068ff9821c4927a2e3ffaea1dba9a21fe8f44012dea94447
Opcode Fuzzy Hash: b835d0435e3a8dc44c6857236356540db40ef665d600e0ff3bee94e1266bf8aa
Instruction Fuzzy Hash: E6618235905608ABDF10EF54CC84AFE7F79EB06B34F148145FD25AA2A2D7748A81EB60

Function 00F0FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00F0FAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00F0FB08
VariantInit.OLEAUT32(?), ref: 00F0FB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00F0FB3A
VariantCopy.OLEAUT32(?,?), ref: 00F0FB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00F0FBA1
VariantClear.OLEAUT32(?), ref: 00F0FBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00F0FBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F0FBCC
VariantClear.OLEAUT32(?), ref: 00F0FBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F0FBE9

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 49dbe51a1931c3d91e39b136512881730ca4a5d41ec361d06189ecf9a97cbafd
Instruction ID: 49425d280322c5c20a51e3e935d4ed62ef9ac4f91790c6b274f65d38e4034308
Opcode Fuzzy Hash: 49dbe51a1931c3d91e39b136512881730ca4a5d41ec361d06189ecf9a97cbafd
Instruction Fuzzy Hash: 71417F75A00219DFCB10DF64CC549AEBBB9FF58354F009069E906A72A1CB34A945EFA0

Function 00F19C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00F19CA1
GetAsyncKeyState.USER32(000000A0), ref: 00F19D22
GetKeyState.USER32(000000A0), ref: 00F19D3D
GetAsyncKeyState.USER32(000000A1), ref: 00F19D57
GetKeyState.USER32(000000A1), ref: 00F19D6C
GetAsyncKeyState.USER32(00000011), ref: 00F19D84
GetKeyState.USER32(00000011), ref: 00F19D96
GetAsyncKeyState.USER32(00000012), ref: 00F19DAE
GetKeyState.USER32(00000012), ref: 00F19DC0
GetAsyncKeyState.USER32(0000005B), ref: 00F19DD8
GetKeyState.USER32(0000005B), ref: 00F19DEA

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: aa2a65e493c0e3db066a9f30e6875bc2f98f30135743e9f67ffa187be3cd7cfb
Instruction ID: fe750e54613f610b88430a3f6256dcd85abd3f87069abe8064a6c974104297f7
Opcode Fuzzy Hash: aa2a65e493c0e3db066a9f30e6875bc2f98f30135743e9f67ffa187be3cd7cfb
Instruction Fuzzy Hash: BB41EA34E0C7CA69FF308760D4243F5BEE06B22324F08805AD9C6565C2EBE599C4E7E2

Function 00F3055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00F305BC
inet_addr.WSOCK32(?), ref: 00F3061C
gethostbyname.WSOCK32(?), ref: 00F30628
IcmpCreateFile.IPHLPAPI ref: 00F30636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00F306C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00F306E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00F307B9
WSACleanup.WSOCK32 ref: 00F307BF

Strings

Ping, xrefs: 00F30676

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 2da76c710b98dcc7a356c02165140d7377cec024e7104ea151952eaf34045e6e
Instruction ID: e13cf098e9226c4d83a3ab8432c13badc28e208d2f2a23eee96c9ced1f2fbc15
Opcode Fuzzy Hash: 2da76c710b98dcc7a356c02165140d7377cec024e7104ea151952eaf34045e6e
Instruction Fuzzy Hash: 2A919F35A042019FD720DF15C499F1ABBE4AF84328F1485AAF46A9B7A2CB30ED45DFD1

Function 00F38CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00F38CF3

Part of subcall function 00F18E54: _wcslen.LIBCMT ref: 00F18E77

_wcslen.LIBCMT ref: 00F38D4E
_wcslen.LIBCMT ref: 00F38D9C
_wcslen.LIBCMT ref: 00F38DDC
_wcslen.LIBCMT ref: 00F38E6E

Strings

stdcall, xrefs: 00F38DD6, 00F38DDB
cdecl, xrefs: 00F38D48, 00F38D4D
winapi, xrefs: 00F38D96, 00F38D9B
none, xrefs: 00F38E65, 00F38E6A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: c5cf40ce26817b5c5f5c07441b60b40035f8db56a2e1dcf518c2fd9687377c27
Instruction ID: d0714583a908e4e3cb043c469917ec2b7a8c644f9a4144de3f9c0f8f978d3a02
Opcode Fuzzy Hash: c5cf40ce26817b5c5f5c07441b60b40035f8db56a2e1dcf518c2fd9687377c27
Instruction Fuzzy Hash: 0A519431A002169BCF14DFA8C9509BEB7A5BF64770F244229F426E72C5DB38DD42E790

Function 00F3372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00F33774
CoUninitialize.OLE32 ref: 00F3377F
CoCreateInstance.OLE32(?,00000000,00000017,00F4FB78,?), ref: 00F337D9
IIDFromString.OLE32(?,?), ref: 00F3384C
VariantInit.OLEAUT32(?), ref: 00F338E4
VariantClear.OLEAUT32(?), ref: 00F33936

Strings

Failed to create object, xrefs: 00F337E4, 00F3389A
NULL Pointer assignment, xrefs: 00F3381E
Invalid parameter, xrefs: 00F33865

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 24b81354c9acbcfde7d99bb9cc32bf39e295934d55d06196e3dc62db2850d6b3
Instruction ID: 5994acd4f0e567071fa40877770a1ba6cc714e1aa16844defda71d9938721f28
Opcode Fuzzy Hash: 24b81354c9acbcfde7d99bb9cc32bf39e295934d55d06196e3dc62db2850d6b3
Instruction Fuzzy Hash: F761A276608301AFD310DF54C889F5ABBE4EF49720F10491DF9859B2A1C774EE48EBA2

Function 00F23388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00F233CF

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00F233F0

Strings

^ ERROR , xrefs: 00F2349E
Line %d (File "%s"):, xrefs: 00F23443, 00F2345C
"%s" (%d) : ==> %s:, xrefs: 00F23522
"%s" (%d) : ==> %s:%s%s, xrefs: 00F23504
Incorrect parameters to object property !, xrefs: 00F234AB
Error: , xrefs: 00F234D1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: b5daaaa88d00f91b739f3c296dfa2f1967d0183ab9d17c6d1b934eea40a04075
Instruction ID: 478ecec00196f26d523d264b29472585024d7b9afa9a87c0c6eb34ed0bdf7c70
Opcode Fuzzy Hash: b5daaaa88d00f91b739f3c296dfa2f1967d0183ab9d17c6d1b934eea40a04075
Instruction Fuzzy Hash: 29519072D00219ABDF15EBA0DD42EEEB7B8AF04340F245165F50972052EB396F98EF61

Function 00F1B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00F1B5FC
_wcslen.LIBCMT ref: 00F1B608
_wcslen.LIBCMT ref: 00F1B64D
_wcslen.LIBCMT ref: 00F1B68C
_wcslen.LIBCMT ref: 00F1B6C7

Strings

APPEND, xrefs: 00F1B6C1, 00F1B6C6
KEYS, xrefs: 00F1B647, 00F1B64C
REMOVE, xrefs: 00F1B602, 00F1B607
EXISTS, xrefs: 00F1B686, 00F1B68B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 0c5da36e71518ca9104add00e0f8372bd4b3a0edc186940cffbb6734e5e96493
Instruction ID: 14a19f067dadfa1e88eca66760e0ab99237ca769fff1d4d71365e6af094c091c
Opcode Fuzzy Hash: 0c5da36e71518ca9104add00e0f8372bd4b3a0edc186940cffbb6734e5e96493
Instruction Fuzzy Hash: C441C532E00127DBCB206F7DC9A05FE77A5ABB07A4B24416AE465D7284E731CDC2E790

Function 00F25393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00F253A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00F25416
GetLastError.KERNEL32 ref: 00F25420
SetErrorMode.KERNEL32(00000000,READY), ref: 00F254A7

Strings

NOTREADY, xrefs: 00F2544B
READY, xrefs: 00F25460, 00F25468
INVALID, xrefs: 00F25459
READONLY, xrefs: 00F25452
UNKNOWN, xrefs: 00F25444

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: df2f23561f52c998f8937fa8be4de165875dbf249fdd253c95caf8970d6c648e
Instruction ID: 5da50d49b73ce9434480f769b51a05838ccf721f05114b93b2b5a2119a3d56ad
Opcode Fuzzy Hash: df2f23561f52c998f8937fa8be4de165875dbf249fdd253c95caf8970d6c648e
Instruction Fuzzy Hash: E2311035E006149FD710EF68D894BAAFBB4EF05B15F148066E805DB292D731DD82EB91

Function 00F43C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00F43C79
SetMenu.USER32(?,00000000), ref: 00F43C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F43D10
IsMenu.USER32(?), ref: 00F43D24
CreatePopupMenu.USER32 ref: 00F43D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00F43D5B
DrawMenuBar.USER32 ref: 00F43D63

Strings

0, xrefs: 00F43C54
F, xrefs: 00F43D4E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 2ea90752967c5da2caf75ce4fe94746548828d45a5a8c15b0491d1c3d266be3b
Instruction ID: 292b4a5e1c18b57765915d2207b92f071c79271a5f36b7fae323fa6fa672abe9
Opcode Fuzzy Hash: 2ea90752967c5da2caf75ce4fe94746548828d45a5a8c15b0491d1c3d266be3b
Instruction Fuzzy Hash: 7D413979A02209AFDB14CF64D884AEE7BB5FF59350F140029FE56A7360D770AA10EF94

Function 00F11EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F13CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F13CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00F11F64
GetDlgCtrlID.USER32 ref: 00F11F6F
GetParent.USER32 ref: 00F11F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00F11F8E
GetDlgCtrlID.USER32(?), ref: 00F11F97
GetParent.USER32(?), ref: 00F11FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00F11FAE

Strings

ComboBox, xrefs: 00F11EEC
ListBox, xrefs: 00F11F21

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 7f3713e570b31822726efa937ffc4ce22facaff7abf75dc6d20b6e90a7438ceb
Instruction ID: 49dda6545a1ab769821eb3e6ed9352749cc3bb70544da37a5f876c29cb5d72b4
Opcode Fuzzy Hash: 7f3713e570b31822726efa937ffc4ce22facaff7abf75dc6d20b6e90a7438ceb
Instruction Fuzzy Hash: 1E21F274D00218BBCF04AFA0CC84EFEBBB8EF16310F105105FA6563291DB788949EBA0

Function 00F11FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F13CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F13CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00F12043
GetDlgCtrlID.USER32 ref: 00F1204E
GetParent.USER32 ref: 00F1206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00F1206D
GetDlgCtrlID.USER32(?), ref: 00F12076
GetParent.USER32(?), ref: 00F1208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00F1208D

Strings

ComboBox, xrefs: 00F11FCD
ListBox, xrefs: 00F12002

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: df39767ea31280d10644a2d30ad6815039dd958e1251345d1abb8ffee7fd596f
Instruction ID: 89d01066a0ab857d05b3d271dec875dde0c6094fdece32b686d35b1c1d65cc3e
Opcode Fuzzy Hash: df39767ea31280d10644a2d30ad6815039dd958e1251345d1abb8ffee7fd596f
Instruction Fuzzy Hash: 2421F675D00218BBCF14AFA0DC85EFEBFB8EF19340F105005F959A71A1DA798954EBA0

Function 00F43A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00F43A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00F43AA0
GetWindowLongW.USER32(?,000000F0), ref: 00F43AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F43AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00F43B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00F43BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00F43BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00F43BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00F43BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00F43C13

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: b586f9cc7c5ac57c4d60a45223cf66b7bb520458a322a733002dfe07ec937d20
Instruction ID: 6031d565507f47cc0b9d3b28dcce96357972824860f2b09ea0f677291a69c94b
Opcode Fuzzy Hash: b586f9cc7c5ac57c4d60a45223cf66b7bb520458a322a733002dfe07ec937d20
Instruction Fuzzy Hash: 5A614B75900248AFDB10DFA8CC81EEE7BF8EB49710F104199FA15A72A1D774AA45EF50

Function 00F1B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00F1B151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00F1A1E1,?,00000001), ref: 00F1B165
GetWindowThreadProcessId.USER32(00000000), ref: 00F1B16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F1A1E1,?,00000001), ref: 00F1B17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00F1B18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00F1A1E1,?,00000001), ref: 00F1B1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F1A1E1,?,00000001), ref: 00F1B1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00F1A1E1,?,00000001), ref: 00F1B1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00F1A1E1,?,00000001), ref: 00F1B212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00F1A1E1,?,00000001), ref: 00F1B21D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 3b5ea45229306702c008b47144954c93d028aed0ac0c146ad1556664923a2600
Instruction ID: 34f4e88e2aeed01a9612cadea2a87a74c596c5d54c43c60b924f8d80b0ad324f
Opcode Fuzzy Hash: 3b5ea45229306702c008b47144954c93d028aed0ac0c146ad1556664923a2600
Instruction Fuzzy Hash: 2431C175901208FFDF119F64DC58FFD7BA9BB61725F218004FA04D61A0D7B49A84AF60

Function 00EE2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00EE2C94

Part of subcall function 00EE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000), ref: 00EE29DE
Part of subcall function 00EE29C8: GetLastError.KERNEL32(00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000,00000000), ref: 00EE29F0

_free.LIBCMT ref: 00EE2CA0
_free.LIBCMT ref: 00EE2CAB
_free.LIBCMT ref: 00EE2CB6
_free.LIBCMT ref: 00EE2CC1
_free.LIBCMT ref: 00EE2CCC
_free.LIBCMT ref: 00EE2CD7
_free.LIBCMT ref: 00EE2CE2
_free.LIBCMT ref: 00EE2CED
_free.LIBCMT ref: 00EE2CFB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f85291f82b10f9346bd16414e6b9e41616e7e35263a1e4c8ac6e386cb526690c
Instruction ID: a1d55fa3438dd2672826bd6f09737f1418bac8bac953f17f5681b30e746977b4
Opcode Fuzzy Hash: f85291f82b10f9346bd16414e6b9e41616e7e35263a1e4c8ac6e386cb526690c
Instruction Fuzzy Hash: EE11B97650014CBFCB02EF56D842CDD3BA9FF45350F5264A9FA486F222D636EE509B90

Function 00F27DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F27FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00F27FC1
GetFileAttributesW.KERNEL32(?), ref: 00F27FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00F28005
SetCurrentDirectoryW.KERNEL32(?), ref: 00F28017
SetCurrentDirectoryW.KERNEL32(?), ref: 00F28060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F280B0

Strings

*.*, xrefs: 00F28066

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: fe91013fd2626e285e6953a59e5b33dbbbc0ec93d0c82e39259fb6933cbd923e
Instruction ID: b73fdee2c3a92e052d27626928fa6491ae838cff888caabfe5807e3a33e79a51
Opcode Fuzzy Hash: fe91013fd2626e285e6953a59e5b33dbbbc0ec93d0c82e39259fb6933cbd923e
Instruction Fuzzy Hash: CD81C2729083559BCB20EF54D840AAEB3E8BF89320F154C5EF885D7250EB74DD45EBA2

Function 00EB5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00EB5C7A

Part of subcall function 00EB5D0A: GetClientRect.USER32(?,?), ref: 00EB5D30
Part of subcall function 00EB5D0A: GetWindowRect.USER32(?,?), ref: 00EB5D71
Part of subcall function 00EB5D0A: ScreenToClient.USER32(?,?), ref: 00EB5D99

GetDC.USER32 ref: 00EF46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00EF4708
SelectObject.GDI32(00000000,00000000), ref: 00EF4716
SelectObject.GDI32(00000000,00000000), ref: 00EF472B
ReleaseDC.USER32(?,00000000), ref: 00EF4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00EF47C4

Strings

U, xrefs: 00EF4693

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 95e2d8738c00b3b89f96b5395552ead7b48a87587db4829d58a3b8f65981e480
Instruction ID: ad2cf236d17652160269eef6bfc517e17a6f5b8bf97661d0c05e5b72d3995fbf
Opcode Fuzzy Hash: 95e2d8738c00b3b89f96b5395552ead7b48a87587db4829d58a3b8f65981e480
Instruction Fuzzy Hash: A971E075400209DFCF219F64C984AFB7BB6FF4A368F14626AEE556A1E6C3318841DF50

Function 00F2359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00F235E4

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

LoadStringW.USER32(00F82390,?,00000FFF,?), ref: 00F2360A

Strings

Line %d (File "%s"):, xrefs: 00F2366B
"%s" (%d) : ==> %s:, xrefs: 00F23742
"%s" (%d) : ==> %s:%s%s, xrefs: 00F23724
^ ERROR, xrefs: 00F236C9
Error: , xrefs: 00F236EF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 555746b05eccd7259fdaa2da98d33c5b985ff640cc08c233e6db5b136ee9a805
Instruction ID: 13299ae8df3e9db715253837ef798277a0cf20ebc28bc7a1ccd5440681ebde9f
Opcode Fuzzy Hash: 555746b05eccd7259fdaa2da98d33c5b985ff640cc08c233e6db5b136ee9a805
Instruction Fuzzy Hash: 1E516071C04219BBDF15EBA0DC82EEEBBB8AF04300F145125F505721A2DB355B99EFA1

Function 00F2C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F2C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F2C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F2C2CA
GetLastError.KERNEL32 ref: 00F2C322
SetEvent.KERNEL32(?), ref: 00F2C336
InternetCloseHandle.WININET(00000000), ref: 00F2C341

Strings

, xrefs: 00F2C2BB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: d65141b80d3c9e41ba984a2e8b788b68c60ba3506ec618255ea182efd6824141
Instruction ID: 9e9e5ef900e9706370bb9a17f208cde9d324ef85d8f866551b1d7cef9e0ee3aa
Opcode Fuzzy Hash: d65141b80d3c9e41ba984a2e8b788b68c60ba3506ec618255ea182efd6824141
Instruction Fuzzy Hash: 87319FB1500618AFD721DF64AC88AAF7BFCEB5A754B10891EF446D3210DB74DD44ABE0

Function 00F1989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00EF3AAF,?,?,Bad directive syntax error,00F4CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00F198BC
LoadStringW.USER32(00000000,?,00EF3AAF,?), ref: 00F198C3

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00F19987

Strings

Line %d:, xrefs: 00F19912
Error: , xrefs: 00F19955
Line %d (File "%s"):, xrefs: 00F1992D
., xrefs: 00F1996D
%s (%d) : ==> %s.: %s %s, xrefs: 00F198F1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: bc0c9a6db46485e4c6252042eb4a9d3f6f63d600305b858bbdb22a8d9037956d
Instruction ID: e24b1721b2d70842e4c6a7040a5b7bd8d5fb3aed82f39e1fddeb6d98e1a1c321
Opcode Fuzzy Hash: bc0c9a6db46485e4c6252042eb4a9d3f6f63d600305b858bbdb22a8d9037956d
Instruction Fuzzy Hash: 8821713280421DBBCF15EF90CC16EEE7BB5BF14300F44546AF519750A2EB719658EB51

Function 00F1209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00F120AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00F120C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00F1214D

Strings

smallicons, xrefs: 00F12115
list, xrefs: 00F1212F
details, xrefs: 00F120FB
largeicons, xrefs: 00F120E1
SHELLDLL_DefView, xrefs: 00F120CC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 1a91cefd5a2a82229e9a9c8007692eafc1582200e9edd39ce91756e905194460
Instruction ID: 9f0f60a34cd3dd8cd212a5496b68de0a3a278d8e70fab40040127c4cc7c7375b
Opcode Fuzzy Hash: 1a91cefd5a2a82229e9a9c8007692eafc1582200e9edd39ce91756e905194460
Instruction Fuzzy Hash: 57113A7BA88706BAF605A264DC06DFA339CCB25724B206017FB08B40E1FBA198927515

Function 00EECE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00EECEB7
_free.LIBCMT ref: 00EECF22
_free.LIBCMT ref: 00EECF48
_free.LIBCMT ref: 00EECF71
_free.LIBCMT ref: 00EECFA9
_free.LIBCMT ref: 00EECFDA
_free.LIBCMT ref: 00EED01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00EED09C
_free.LIBCMT ref: 00EED0B5

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: e9813a55b44da2478036f4bac39164acfff021d89605b23989ae656d761d883f
Instruction ID: 5767f44cb6881a2343e123f731f86e2b10e76d8751c5b3c5e7969ba65d71a306
Opcode Fuzzy Hash: e9813a55b44da2478036f4bac39164acfff021d89605b23989ae656d761d883f
Instruction Fuzzy Hash: 70614A72B0428CAFDB25AFB69C41AB97BD9EF05324F24616DF944B7382DA319D02C750

Function 00F450D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00F45186
ShowWindow.USER32(?,00000000), ref: 00F451C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 00F451CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 00F451D1

Part of subcall function 00F46FBA: DeleteObject.GDI32(00000000), ref: 00F46FE6

GetWindowLongW.USER32(?,000000F0), ref: 00F4520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F4521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00F4524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00F45287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00F45296

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: e55841941536706df6a07ea9f500f56425d348518738b52976d041eb666dbe87
Instruction ID: 0459ed8ec16d21cabe0a0cf75b5593eac1edb7b082922fa86f525bc13e8d032f
Opcode Fuzzy Hash: e55841941536706df6a07ea9f500f56425d348518738b52976d041eb666dbe87
Instruction Fuzzy Hash: DA518135A41A08BFEF20AF64CC49BD93FA5BB45B21F144112FD25962E2C7B59A80FB41

Function 00EC8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00F06890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00F068A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00F068B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00F068D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00F068F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00EC8874,00000000,00000000,00000000,000000FF,00000000), ref: 00F06901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00F0691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00EC8874,00000000,00000000,00000000,000000FF,00000000), ref: 00F0692D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 0ff080e69c44d9dfee03edc40cdada5c543fcdb0958abdc39e66ca6afcfb0bc5
Instruction ID: b4196d5c5de0ac35601060b07e1c920781ebf1617ed7bede4813c53a4a1f65ce
Opcode Fuzzy Hash: 0ff080e69c44d9dfee03edc40cdada5c543fcdb0958abdc39e66ca6afcfb0bc5
Instruction Fuzzy Hash: 19518774A00209AFDB208F24CE55FAA7BB5FB58320F105518F946A72A0DB71ED91EB50

Function 00F2C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F2C182
GetLastError.KERNEL32 ref: 00F2C195
SetEvent.KERNEL32(?), ref: 00F2C1A9

Part of subcall function 00F2C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F2C272
Part of subcall function 00F2C253: GetLastError.KERNEL32 ref: 00F2C322
Part of subcall function 00F2C253: SetEvent.KERNEL32(?), ref: 00F2C336
Part of subcall function 00F2C253: InternetCloseHandle.WININET(00000000), ref: 00F2C341

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: f2b900c9d1c39b414250dabf46deffe3367dada42929add62d0a88a5a39eb961
Instruction ID: 1a24845207dcaa61f8895c18c5b3deccfc27f9e5d94520b984df66f95a0ab3f3
Opcode Fuzzy Hash: f2b900c9d1c39b414250dabf46deffe3367dada42929add62d0a88a5a39eb961
Instruction Fuzzy Hash: 2631AC75601A15EFDB219FA5EC04A6ABBF8FF29310B00441DF95A83620DB35E810FBE0

Function 00F125A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F13A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F13A57
Part of subcall function 00F13A3D: GetCurrentThreadId.KERNEL32 ref: 00F13A5E
Part of subcall function 00F13A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F125B3), ref: 00F13A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00F125BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00F125DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00F125DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00F125E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00F12601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00F12605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00F1260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00F12623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00F12627

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: d936cfd7d91e06cb51ebdf18cc25fa17d4dd653d0986318b609aa7fc336e556b
Instruction ID: 8726a978f48f1430092a2fc900db037875356817f7bc4f200f5c9243fcbe2c02
Opcode Fuzzy Hash: d936cfd7d91e06cb51ebdf18cc25fa17d4dd653d0986318b609aa7fc336e556b
Instruction Fuzzy Hash: 8601D435391214BBFB1067699C8AF993F59DF9EB12F101001F718AE0D1C9F22484AAA9

Function 00F11803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00F11449,?,?,00000000), ref: 00F1180C
HeapAlloc.KERNEL32(00000000,?,00F11449,?,?,00000000), ref: 00F11813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F11449,?,?,00000000), ref: 00F11828
GetCurrentProcess.KERNEL32(?,00000000,?,00F11449,?,?,00000000), ref: 00F11830
DuplicateHandle.KERNEL32(00000000,?,00F11449,?,?,00000000), ref: 00F11833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F11449,?,?,00000000), ref: 00F11843
GetCurrentProcess.KERNEL32(00F11449,00000000,?,00F11449,?,?,00000000), ref: 00F1184B
DuplicateHandle.KERNEL32(00000000,?,00F11449,?,?,00000000), ref: 00F1184E
CreateThread.KERNEL32(00000000,00000000,00F11874,00000000,00000000,00000000), ref: 00F11868

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 648f96634fbbe01ebbfb2089ea8e9abd56b618604ad02659f14f5b60aed5eef8
Instruction ID: 184c41533739ed49723f72edeaf2c95738de06bbf75714a27ffe1adfd68a3d2f
Opcode Fuzzy Hash: 648f96634fbbe01ebbfb2089ea8e9abd56b618604ad02659f14f5b60aed5eef8
Instruction Fuzzy Hash: 8A01BF75241308BFE750AFA5DC4DF673B6CEB9AB11F005411FA05DB292C6709800DB60

Function 00EE3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00EE3F0B
__alldvrm.LIBCMT ref: 00EE410C
__alldvrm.LIBCMT ref: 00EE412E

Strings

}}, xrefs: 00EE3E8A
}}, xrefs: 00EE40CD
}}, xrefs: 00EE3E96, 00EE3EF1, 00EE3F0A, 00EE4090

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID: }}$}}$}}
API String ID: 1036877536-1495402609
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 4cf36b3eaec6f8877bc755d36db5d47ed8bcf14b8cf35c36275444626bc33466
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: D9A167B1E003CE9FDB26CF2AC8917AEBBE4EF65354F1451ADE585AB282C2348D41C751

Function 00F3A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00F1D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00F1D501
Part of subcall function 00F1D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00F1D50F
Part of subcall function 00F1D4DC: CloseHandle.KERNEL32(00000000), ref: 00F1D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F3A16D
GetLastError.KERNEL32 ref: 00F3A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F3A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00F3A268
GetLastError.KERNEL32(00000000), ref: 00F3A273
CloseHandle.KERNEL32(00000000), ref: 00F3A2C4

Strings

SeDebugPrivilege, xrefs: 00F3A18F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 2a21935e8c844e154853396b81332471136966d111bf7ea81d468c47e863ae83
Instruction ID: b4ecac458c091f814788264dc6260dfb768c72516addf7588340c97c5c06bdd2
Opcode Fuzzy Hash: 2a21935e8c844e154853396b81332471136966d111bf7ea81d468c47e863ae83
Instruction Fuzzy Hash: B661C0316082429FD720DF15C894F66BBE1AF54328F18848CE4A68B7A3C776EC45DBD2

Function 00F43886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00F43925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00F4393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00F43954
_wcslen.LIBCMT ref: 00F43999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00F439C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00F439F4

Strings

SysListView32, xrefs: 00F438F7

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 41b68dbe7a915f636958c43b8a55504cefb9c45c293067c26d84b181797e8c83
Instruction ID: b1ffc7010a9d6e49816be8fdbe37e990fbf4cbac25479d087a44776ab6daf12b
Opcode Fuzzy Hash: 41b68dbe7a915f636958c43b8a55504cefb9c45c293067c26d84b181797e8c83
Instruction Fuzzy Hash: 4C41A272E00219ABEF219F64CC45BEA7BA9FF18360F100526FD58E7281D775DA80DB90

Function 00F1BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F1BCFD
IsMenu.USER32(00000000), ref: 00F1BD1D
CreatePopupMenu.USER32 ref: 00F1BD53
GetMenuItemCount.USER32(010355C8), ref: 00F1BDA4
InsertMenuItemW.USER32(010355C8,?,00000001,00000030), ref: 00F1BDCC

Strings

0, xrefs: 00F1BCA8
2, xrefs: 00F1BD37

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 0f0ecc59983aa4d9aad39c0f282fe0ab66ece7c6bca6831d22ab84610de47969
Instruction ID: e042f5dcd33828312b850d0341dd928a9231027a7c805aea92b77ecad12c10a7
Opcode Fuzzy Hash: 0f0ecc59983aa4d9aad39c0f282fe0ab66ece7c6bca6831d22ab84610de47969
Instruction Fuzzy Hash: 0C51AF70A00209DBDF18CFA9E888BEEBBF4BF59324F14415DE811E7291D7749981EB61

Function 00ED2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00ED2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00ED2D53
_ValidateLocalCookies.LIBCMT ref: 00ED2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00ED2E0C
_ValidateLocalCookies.LIBCMT ref: 00ED2E61

Strings

csm, xrefs: 00ED2DF6
&H, xrefs: 00ED2DFE, 00ED2E07, 00ED2E18

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: &H$csm
API String ID: 1170836740-1242228090
Opcode ID: 0074a33a36d96c1c88cb6631e451a7bc3d832a1ab54fb7fc329bcbab87b000e0
Instruction ID: 7be49cb2b6d9d8a4508baa3817b100525b458e7abd1c24cae43894755ebead93
Opcode Fuzzy Hash: 0074a33a36d96c1c88cb6631e451a7bc3d832a1ab54fb7fc329bcbab87b000e0
Instruction Fuzzy Hash: 2D41D334A00208ABCF10DF68C845A9EBBF5FF54328F14915AEA14BB392D731DA02CBD1

Function 00F1C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00F1C913

Strings

question, xrefs: 00F1C8CC
blank, xrefs: 00F1C895
warning, xrefs: 00F1C8FC
stop, xrefs: 00F1C8E4
info, xrefs: 00F1C8B4

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 86b4bc2a090ae48c03f0e946207d452bda759be3c8b6f864e102a6be1bb9f98f
Instruction ID: 5d303cf6627376b78f3fa486c583e5e62d852d58e1c7274a93025bc23036dc3c
Opcode Fuzzy Hash: 86b4bc2a090ae48c03f0e946207d452bda759be3c8b6f864e102a6be1bb9f98f
Instruction Fuzzy Hash: 02113872AC9706BAA7049B149CC3DEE2BDCCF25774B50102BF504AA2C2EB709D8172E5

Function 00F1DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00F1DE42
gethostname.WSOCK32(?,00000100), ref: 00F1DE5C
gethostbyname.WSOCK32(?), ref: 00F1DE69
inet_ntoa.WSOCK32(?), ref: 00F1DEAB
_strcat.LIBCMT ref: 00F1DEB9
WSACleanup.WSOCK32 ref: 00F1DEDE

Strings

0.0.0.0, xrefs: 00F1DE87

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: fae29448262c1c3790924571df12a4cb825ddc1f6dbf4de3ecc194bf0c13fdd7
Instruction ID: 5cf4e34fa36d58f9a3f8ff3426a0e1b0077535f45d140fe0c2e9ce8bd533a8f8
Opcode Fuzzy Hash: fae29448262c1c3790924571df12a4cb825ddc1f6dbf4de3ecc194bf0c13fdd7
Instruction Fuzzy Hash: FB112971904109AFCB24AB70DC4AEEE77BCDF61721F00116AF905AA191EF75CAC1EB91

Function 00F49F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EC9BB2

GetSystemMetrics.USER32(0000000F), ref: 00F49FC7
GetSystemMetrics.USER32(0000000F), ref: 00F49FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00F4A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00F4A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00F4A263
ShowWindow.USER32(00000003,00000000), ref: 00F4A282
InvalidateRect.USER32(?,00000000,00000001), ref: 00F4A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 00F4A2CA

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: bfccb03059f75f8e38308f4b5dab15ec98ff062051caeba87aec62a195cf5ee1
Instruction ID: 26906381e7ee08919b698c638d77ce22cc8219642b98f3056f3ed26a24edba8b
Opcode Fuzzy Hash: bfccb03059f75f8e38308f4b5dab15ec98ff062051caeba87aec62a195cf5ee1
Instruction Fuzzy Hash: D9B1CD31A40219EFDF14CF68C9857AE3BB2FF84711F088169EC499F295D771AA40EB51

Function 00F1ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00F1ED2A
_wcslen.LIBCMT ref: 00F1ED3B
_wcslen.LIBCMT ref: 00F1ED79
_wcslen.LIBCMT ref: 00F1EDAF
_wcslen.LIBCMT ref: 00F1EDDF
_wcslen.LIBCMT ref: 00F1EDEF
_wcslen.LIBCMT ref: 00F1EE2B
_wcslen.LIBCMT ref: 00F1EE5A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: d8e4dcea4454a3a877b7873bdbd8bd7bbf6f836db4861459c0b6abb9565d12ba
Instruction ID: 53140b8212578ac5cf0a3ece3d845bd7b72f3a61a9f6f542ac83aee5d2222906
Opcode Fuzzy Hash: d8e4dcea4454a3a877b7873bdbd8bd7bbf6f836db4861459c0b6abb9565d12ba
Instruction Fuzzy Hash: 88418F65C1021866CB11EBB58C8A9CFB7ECEF45710F50A463E918F3261EB34E296C7E5

Function 00ECF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F0682C,00000004,00000000,00000000), ref: 00ECF953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00F0682C,00000004,00000000,00000000), ref: 00F0F3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F0682C,00000004,00000000,00000000), ref: 00F0F454

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: a3f14784ed868caba44f8523767258348732f6e5bcbffee411ba41ee3e84efc4
Instruction ID: c8515263b4646ce641487d62431a6e3acd35ac3de9fb54c6cf01915be9aa2683
Opcode Fuzzy Hash: a3f14784ed868caba44f8523767258348732f6e5bcbffee411ba41ee3e84efc4
Instruction Fuzzy Hash: 60410B35504740BACF788B68CA88F6A7A936BD6324F14703CE487765A0C637A486E751

Function 00F42D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00F42D1B
GetDC.USER32(00000000), ref: 00F42D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F42D2E
ReleaseDC.USER32(00000000,00000000), ref: 00F42D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00F42D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00F42D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00F45A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00F42DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00F42DE1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: f77174808e8402a84f47c54d392ebd536e2861415258f7794db05e27a63c1d27
Instruction ID: 3bb47b7e04df0168a153714e0da69c3b48abfcc48092d92b348d111d95cf5d88
Opcode Fuzzy Hash: f77174808e8402a84f47c54d392ebd536e2861415258f7794db05e27a63c1d27
Instruction Fuzzy Hash: B0319F76602614BFEB614F54CC89FEB3FA9EF1A721F044065FE08DA291C6759C40D7A0

Function 00F15622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00F15637
_memcmp.LIBVCRUNTIME ref: 00F15659
_memcmp.LIBVCRUNTIME ref: 00F15671
_memcmp.LIBVCRUNTIME ref: 00F15684
_memcmp.LIBVCRUNTIME ref: 00F1569E
_memcmp.LIBVCRUNTIME ref: 00F156B1
_memcmp.LIBVCRUNTIME ref: 00F156C9
_memcmp.LIBVCRUNTIME ref: 00F156E4

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 7c11b1f9fe2c40982979634bd3d807759e31355714d3118c0ad870f2237d1196
Instruction ID: eccafe12a724c62a340c891a6c12f01c8a79cb4a11c2ab6556f5f6fb667786aa
Opcode Fuzzy Hash: 7c11b1f9fe2c40982979634bd3d807759e31355714d3118c0ad870f2237d1196
Instruction Fuzzy Hash: AF210B62B40A09FBD21455208DC2FFB339CEFA1B94F440031FD09AA682F761EE55E5E6

Function 00F34FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 00F3502E, 00F35383
Not an Object type, xrefs: 00F35007

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: da876bb5887c9d340f7a984a83fe222bf4e8a9e653720be9057f8765b613734e
Instruction ID: eebbd2a83c3cefacbe8c2774ecdce1d54ee439abca5bd849cbbcf73e726e9991
Opcode Fuzzy Hash: da876bb5887c9d340f7a984a83fe222bf4e8a9e653720be9057f8765b613734e
Instruction Fuzzy Hash: 5DD1D2B1E0060A9FDF14DFA8C880BAEB7B5FF88764F148069E915AB280D771DD45DB90

Function 00EF1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00EF15CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00EF1651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EF16E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00EF16FB

Part of subcall function 00EE3820: RtlAllocateHeap.NTDLL(00000000,?,00F81444,?,00ECFDF5,?,?,00EBA976,00000010,00F81440,00EB13FC,?,00EB13C6,?,00EB1129), ref: 00EE3852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EF1777
__freea.LIBCMT ref: 00EF17A2
__freea.LIBCMT ref: 00EF17AE

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 7f1c054df3e148a0f8881adafa6a03fd36bf8372d4517dda441d07c7654284ea
Instruction ID: a9b48f2dfad0bf50cb7c0404842f7951aa1d2a0368f9a109a8e4b0ef37566a60
Opcode Fuzzy Hash: 7f1c054df3e148a0f8881adafa6a03fd36bf8372d4517dda441d07c7654284ea
Instruction Fuzzy Hash: BC91C371E0021EDADB209E75C881AFE7BF5AF49314F18669AEA05F7191DB35DC40CBA0

Function 00F34523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00F34648
VariantInit.OLEAUT32(?), ref: 00F34749
VariantClear.OLEAUT32(?), ref: 00F34753
VariantClear.OLEAUT32(?), ref: 00F347B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 00F345D8, 00F34706, 00F347BE
Incorrect Object type in FOR..IN loop, xrefs: 00F3472C

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: af8c8cf68ccadf22fd59c4bb72c6e42f4bc6ffeaa2fd04ef1663251c50fe9176
Instruction ID: 1794ab6ecc1f99c43e0a1468294a3a775f991de2105ea68a8528268608b3d539
Opcode Fuzzy Hash: af8c8cf68ccadf22fd59c4bb72c6e42f4bc6ffeaa2fd04ef1663251c50fe9176
Instruction Fuzzy Hash: 6F918F71E00219ABDF20CFA5C885FAEBBB8EF46720F108559F505AB291D770B945DFA0

Function 00F21187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00F2125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00F21284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00F212A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F212D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F2135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F213C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F21430

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 457840d3edb9b8f2147a00327540bdabf3e8bddbf8f9aa7ac07a6d679fa2add2
Instruction ID: e0d8b585571918f4998697765811f3c8f5c0b703d3841410bf0eb4354eb6b6e7
Opcode Fuzzy Hash: 457840d3edb9b8f2147a00327540bdabf3e8bddbf8f9aa7ac07a6d679fa2add2
Instruction Fuzzy Hash: 7591F476E002289FDB00DFA8E884BBE77B5FF55324F104129E940EB291D778AD41EB94

Function 00EC948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 8c933fcd4c3955ed4662fc81e8301275580e7dec474fc57a89254404ada5346d
Instruction ID: 3f5a6838d005e916f82924cb52107d4b8ceb9e25aae47e5378d2a540d7e6a392
Opcode Fuzzy Hash: 8c933fcd4c3955ed4662fc81e8301275580e7dec474fc57a89254404ada5346d
Instruction Fuzzy Hash: 15913B71D00219EFCB10CFA9CD88AEEBBB8FF49320F145059E915B7291D375A942DB60

Function 00F33947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00F3396B
CharUpperBuffW.USER32(?,?), ref: 00F33A7A
_wcslen.LIBCMT ref: 00F33A8A
VariantClear.OLEAUT32(?), ref: 00F33C1F

Part of subcall function 00F20CDF: VariantInit.OLEAUT32(00000000), ref: 00F20D1F
Part of subcall function 00F20CDF: VariantCopy.OLEAUT32(?,?), ref: 00F20D28
Part of subcall function 00F20CDF: VariantClear.OLEAUT32(?), ref: 00F20D34

Strings

AUTOIT.ERROR, xrefs: 00F33A80, 00F33A85
Incorrect Parameter format, xrefs: 00F339A6, 00F33BA1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: cf32cd303c197b26b8ef68bbcdfbb61e6d8abeffc3a5d2b0025f94667f68a5cf
Instruction ID: 813debfe3817ee458b1c3619ee8bc364468aef10fab0435d2f35827206e2b127
Opcode Fuzzy Hash: cf32cd303c197b26b8ef68bbcdfbb61e6d8abeffc3a5d2b0025f94667f68a5cf
Instruction Fuzzy Hash: A1919A75A083019FCB04DF24C48196AB7E5FF88324F14882DF88A9B351DB35EE46DB92

Function 00F34BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00F1000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?,?,?,00F1035E), ref: 00F1002B
Part of subcall function 00F1000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?,?), ref: 00F10046
Part of subcall function 00F1000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?,?), ref: 00F10054
Part of subcall function 00F1000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?), ref: 00F10064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00F34C51
_wcslen.LIBCMT ref: 00F34D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00F34DCF
CoTaskMemFree.OLE32(?), ref: 00F34DDA

Strings

NULL Pointer assignment, xrefs: 00F34E23, 00F34E52

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: afecacd746d7c65860af6fddd8492ab4c2183efcb6a3aa014cffff17d0677161
Instruction ID: f247e17eb998117e77904f578ff6d8352ded229408e8a69b51d8a8df3083e6f2
Opcode Fuzzy Hash: afecacd746d7c65860af6fddd8492ab4c2183efcb6a3aa014cffff17d0677161
Instruction Fuzzy Hash: A9910671D0021DAFDF14DFA4D891AEEB7B8FF08310F10416AE915B7291DB34AA459FA0

Function 00F420FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00F42183
GetMenuItemCount.USER32(00000000), ref: 00F421B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00F421DD
_wcslen.LIBCMT ref: 00F42213
GetMenuItemID.USER32(?,?), ref: 00F4224D
GetSubMenu.USER32(?,?), ref: 00F4225B

Part of subcall function 00F13A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F13A57
Part of subcall function 00F13A3D: GetCurrentThreadId.KERNEL32 ref: 00F13A5E
Part of subcall function 00F13A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F125B3), ref: 00F13A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00F422E3

Part of subcall function 00F1E97B: Sleep.KERNEL32 ref: 00F1E9F3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: a25df0ac5b49fda406ee63fd5d209081eb42124b457c64df3ab13981e6afad3b
Instruction ID: 5876e8e569c121be2167f761ffadaa8da571ecda85bdcc81b9c2630f37274ac6
Opcode Fuzzy Hash: a25df0ac5b49fda406ee63fd5d209081eb42124b457c64df3ab13981e6afad3b
Instruction Fuzzy Hash: 83718E75E00205AFCB50DF64C881AAEBBF1EF88320F548469F816EB351DB74AE419B90

Function 00F47E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01035708), ref: 00F47F37
IsWindowEnabled.USER32(01035708), ref: 00F47F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00F4801E
SendMessageW.USER32(01035708,000000B0,?,?), ref: 00F48051
IsDlgButtonChecked.USER32(?,?), ref: 00F48089
GetWindowLongW.USER32(01035708,000000EC), ref: 00F480AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00F480C3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 54c71f8b87f5c1303a8c6f18338b7d26c9cd38039b372e0c6ac5bafdf4c7af51
Instruction ID: 70ecb06355053502c1d6af2bbd946871cd729dac0950f05f155e2893fd997e6a
Opcode Fuzzy Hash: 54c71f8b87f5c1303a8c6f18338b7d26c9cd38039b372e0c6ac5bafdf4c7af51
Instruction Fuzzy Hash: BA719D34A08344AFEB21AF64CC84FFA7FB9EF09360F14445AED5557261DB31A849EB90

Function 00F1AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00F1AEF9
GetKeyboardState.USER32(?), ref: 00F1AF0E
SetKeyboardState.USER32(?), ref: 00F1AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00F1AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00F1AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00F1AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00F1B020

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 220d16ed760730187f0daa7e392896a8b17321d78dfaddb01e5e4497ad18cf2c
Instruction ID: 7d2bef1db6e4249a41de1b7cd0b2562e8edc062930b464e4faa02faa787e98b5
Opcode Fuzzy Hash: 220d16ed760730187f0daa7e392896a8b17321d78dfaddb01e5e4497ad18cf2c
Instruction Fuzzy Hash: 3B51D2A1A057D57DFB3682348C45BFABEA95B06314F088589F1D9458C2C3E8ACC9F761

Function 00F1ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00F1AD19
GetKeyboardState.USER32(?), ref: 00F1AD2E
SetKeyboardState.USER32(?), ref: 00F1AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00F1ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00F1ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00F1AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00F1AE38

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: d4a70d274177fe99bc001e851a69f261ea2b14f45b1be40f07332c7c48e90c90
Instruction ID: bf875885a775a33f12470235217066893a10fec8be54f32ae5650d9deb8dc758
Opcode Fuzzy Hash: d4a70d274177fe99bc001e851a69f261ea2b14f45b1be40f07332c7c48e90c90
Instruction Fuzzy Hash: C551E5A1906BD53DFB3383358C55BFA7EA85B46310F088488E1D9468C3D2A4ECD8F762

Function 00EE542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00EF3CD6,?,?,?,?,?,?,?,?,00EE5BA3,?,?,00EF3CD6,?,?), ref: 00EE5470
__fassign.LIBCMT ref: 00EE54EB
__fassign.LIBCMT ref: 00EE5506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00EF3CD6,00000005,00000000,00000000), ref: 00EE552C
WriteFile.KERNEL32(?,00EF3CD6,00000000,00EE5BA3,00000000,?,?,?,?,?,?,?,?,?,00EE5BA3,?), ref: 00EE554B
WriteFile.KERNEL32(?,?,00000001,00EE5BA3,00000000,?,?,?,?,?,?,?,?,?,00EE5BA3,?), ref: 00EE5584

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: ce8d7de65e5b92229c56c74be13bb724b71d98f6a94b5f64bf961ab6ef95cfc8
Instruction ID: 28c999edd342f7b49cb3a12ba83e403705a47c68b0a9fb6339895f74202b3f3e
Opcode Fuzzy Hash: ce8d7de65e5b92229c56c74be13bb724b71d98f6a94b5f64bf961ab6ef95cfc8
Instruction Fuzzy Hash: C551F072A0068C9FCB10CFA9D845AEEBBF9EF09304F14501AE955F7291D7309A44CF60

Function 00F310B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00F3304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F3307A
Part of subcall function 00F3304E: _wcslen.LIBCMT ref: 00F3309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00F31112
WSAGetLastError.WSOCK32 ref: 00F31121
WSAGetLastError.WSOCK32 ref: 00F311C9
closesocket.WSOCK32(00000000), ref: 00F311F9

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: eb626ab9a69bb2cb2eaab9b55624f4c882838213d1ae416e7735745d1990a8df
Instruction ID: 4980827cf543d38cae4afc293b1c6960ac4bd7a2adc1ec9d6f40eb1f808d90a2
Opcode Fuzzy Hash: eb626ab9a69bb2cb2eaab9b55624f4c882838213d1ae416e7735745d1990a8df
Instruction Fuzzy Hash: CD41D035600208AFDB10AF64C885BEABBE9FF45374F148059FD16AB291C774AD41DBE1

Function 00F1CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00F1DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F1CF22,?), ref: 00F1DDFD

Part of subcall function 00F1DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F1CF22,?), ref: 00F1DE16

lstrcmpiW.KERNEL32(?,?), ref: 00F1CF45
MoveFileW.KERNEL32(?,?), ref: 00F1CF7F
_wcslen.LIBCMT ref: 00F1D005
_wcslen.LIBCMT ref: 00F1D01B
SHFileOperationW.SHELL32(?), ref: 00F1D061

Strings

\*.*, xrefs: 00F1CFF3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: ea9bc032dc9208aae9d5f0149747bc857ea99a9863c920062039e68487f8c5f5
Instruction ID: 3cdaaa31b5212ed3bbfe1a5a882bec633495eab5c82d67d24b77ae6fac53457e
Opcode Fuzzy Hash: ea9bc032dc9208aae9d5f0149747bc857ea99a9863c920062039e68487f8c5f5
Instruction Fuzzy Hash: 61415272D4521D9FDF12EFA4DD81ADEB7F9AF18380F1000E6E505EB142EA34A689DB50

Function 00F42DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F42E1C
GetWindowLongW.USER32(?,000000F0), ref: 00F42E4F
GetWindowLongW.USER32(?,000000F0), ref: 00F42E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00F42EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F42EE0
GetWindowLongW.USER32(?,000000F0), ref: 00F42EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F42F0B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 3004ad03f47614a8ec79ec7fe48da920cd5e705e804028bfe981eabc110f7ac4
Instruction ID: e45241ffe97366a3e22b914539603ef5bb3cbe2c30d815fd7d01e65234f445cc
Opcode Fuzzy Hash: 3004ad03f47614a8ec79ec7fe48da920cd5e705e804028bfe981eabc110f7ac4
Instruction Fuzzy Hash: 78311335A05248AFEB60CF58DC84FA53BE4FB9A720F951164FD148B2B2CB71AC41EB40

Function 00F17726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F17769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F1778F
SysAllocString.OLEAUT32(00000000), ref: 00F17792
SysAllocString.OLEAUT32(?), ref: 00F177B0
SysFreeString.OLEAUT32(?), ref: 00F177B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00F177DE
SysAllocString.OLEAUT32(?), ref: 00F177EC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 5ff7ed12463e4d780cc260b7fb0beeefaabfe465d4e44b5d41c25e51e3458e89
Instruction ID: 694f5760fe46ea6d0a398adbbad4897f1dd4df0f3010d7430d3f83b6f41b2a25
Opcode Fuzzy Hash: 5ff7ed12463e4d780cc260b7fb0beeefaabfe465d4e44b5d41c25e51e3458e89
Instruction Fuzzy Hash: 8521B57A605219AFDB10EFA8CC84DFB73ACEB09374B048025FD19DB2A1D674DC8197A0

Function 00F177FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F17842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F17868
SysAllocString.OLEAUT32(00000000), ref: 00F1786B
SysAllocString.OLEAUT32 ref: 00F1788C
SysFreeString.OLEAUT32 ref: 00F17895
StringFromGUID2.OLE32(?,?,00000028), ref: 00F178AF
SysAllocString.OLEAUT32(?), ref: 00F178BD

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 46f1c1d2d21fdfb1d6a19d83b12aa61a959372b544ce2091f5f7a21167ff84fe
Instruction ID: b6cc12aeb033b8ad1e3979b231aef04617bd85a31fed311c4cea2102968b56e1
Opcode Fuzzy Hash: 46f1c1d2d21fdfb1d6a19d83b12aa61a959372b544ce2091f5f7a21167ff84fe
Instruction Fuzzy Hash: 4A217736605208AFDB10AFA8DC88DEA77FCEB097707208125F915CB2A1D674DC81DB74

Function 00F204D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00F204F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F2052E

Strings

nul, xrefs: 00F20567

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: ec7da70fa0ad08d08aa3d456c6b4d26f1466f1d9ebfb823e223ecc5853d4fc4e
Instruction ID: bc08f633c1da07235aa81b7800ae607d411823cbae5be110ef4232735326cbb3
Opcode Fuzzy Hash: ec7da70fa0ad08d08aa3d456c6b4d26f1466f1d9ebfb823e223ecc5853d4fc4e
Instruction Fuzzy Hash: 8E218276A003199BDB208F29EC05A5A77F4AF55734F244A19FCA1D62E1DBB09940EF60

Function 00F205A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00F205C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F20601

Strings

nul, xrefs: 00F20639

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: d9c211a2b26a2416008884fcddf28cefef1a4ee5deb70f41ca8a91b30842f55e
Instruction ID: a8eca742e2614ebc1bbc6bb03c6204921b1abff620e9f5ca05447d1856925e32
Opcode Fuzzy Hash: d9c211a2b26a2416008884fcddf28cefef1a4ee5deb70f41ca8a91b30842f55e
Instruction Fuzzy Hash: 3621B7369003259FDB208F68EC04A5A7BE4BF95730F200A19FCA1E32E1DBB09950EB51

Function 00F440AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00EB604C
Part of subcall function 00EB600E: GetStockObject.GDI32(00000011), ref: 00EB6060
Part of subcall function 00EB600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EB606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00F44112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00F4411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00F4412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00F44139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00F44145

Strings

Msctls_Progress32, xrefs: 00F440E3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 216bc21a24eeed9f2fce778f23bfd2354793511ee560041b4e327ba6990859e1
Instruction ID: bcafe8fd9bdde6c5f9d527e82b513ae9c29679dbe43662c1ff0cc7daf2efa26d
Opcode Fuzzy Hash: 216bc21a24eeed9f2fce778f23bfd2354793511ee560041b4e327ba6990859e1
Instruction Fuzzy Hash: 061193B215021D7EFF119E64CC85EE77F5DEF18798F014111BA18A2050C6769C21ABA4

Function 00EED7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00EED7A3: _free.LIBCMT ref: 00EED7CC

_free.LIBCMT ref: 00EED82D

Part of subcall function 00EE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000), ref: 00EE29DE
Part of subcall function 00EE29C8: GetLastError.KERNEL32(00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000,00000000), ref: 00EE29F0

_free.LIBCMT ref: 00EED838
_free.LIBCMT ref: 00EED843
_free.LIBCMT ref: 00EED897
_free.LIBCMT ref: 00EED8A2
_free.LIBCMT ref: 00EED8AD
_free.LIBCMT ref: 00EED8B8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: f2f39e9357a39d156c61f8bda65c0c515d0bec5c29818045fe9fe7670fc28b55
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: E1115E71544B8CAAD621BFB2CC47FCB7BDCAF40700F40282AB699B6093DA69B5058760

Function 00F1DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00F1DA74
LoadStringW.USER32(00000000), ref: 00F1DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00F1DA91
LoadStringW.USER32(00000000), ref: 00F1DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F1DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00F1DAB9

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 4daf6eadce9d429191461640f2fdbb5597449eaf10e7f790ac466ed4559833e9
Instruction ID: 5a55b08ba641505904bde944d69f32daf7137cef3e90acf509bcd80997432a39
Opcode Fuzzy Hash: 4daf6eadce9d429191461640f2fdbb5597449eaf10e7f790ac466ed4559833e9
Instruction Fuzzy Hash: E10186F690020C7FE750EBA09D89EE7376CEB09701F405492BB06E2042EA749E845FB5

Function 00F2096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0102E2F0,0102E2F0), ref: 00F2097B
EnterCriticalSection.KERNEL32(0102E2D0,00000000), ref: 00F2098D
TerminateThread.KERNEL32(?,000001F6), ref: 00F2099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00F209A9
CloseHandle.KERNEL32(?), ref: 00F209B8
InterlockedExchange.KERNEL32(0102E2F0,000001F6), ref: 00F209C8
LeaveCriticalSection.KERNEL32(0102E2D0), ref: 00F209CF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: c4f6cf9979276edc3e4b08bb9a1625de103211a573008d3ba2635e29bb8f417a
Instruction ID: 838efab786fc9238d29e5825dacc5bcb2da211133e662b966b252283cb9ebca3
Opcode Fuzzy Hash: c4f6cf9979276edc3e4b08bb9a1625de103211a573008d3ba2635e29bb8f417a
Instruction Fuzzy Hash: 38F08C32543A16BBD7811FA0EE8CBD6BB38FF12702F402021F602908A1CBB09561EFD0

Function 00EB5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00EB5D30
GetWindowRect.USER32(?,?), ref: 00EB5D71
ScreenToClient.USER32(?,?), ref: 00EB5D99
GetClientRect.USER32(?,?), ref: 00EB5ED7
GetWindowRect.USER32(?,?), ref: 00EB5EF8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 9bf2fe33f7815b8f5ae801842a0fc49c218c85fb5b72a1235e983d11f7e0dac2
Instruction ID: a7ad3bb686ba4c66324b899344ac6f9b357ae64519f156fef2d2baf90355d918
Opcode Fuzzy Hash: 9bf2fe33f7815b8f5ae801842a0fc49c218c85fb5b72a1235e983d11f7e0dac2
Instruction Fuzzy Hash: 9CB18A75A0068ADBDB14CFA8C4407FAB7F1FF58310F14A41AE9A9E7290D730EA40DB50

Function 00EE01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00EE00BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE00D6
__allrem.LIBCMT ref: 00EE00ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE010B
__allrem.LIBCMT ref: 00EE0122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EE0140

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: 21663ee2bf30c805e6bac377ae1d930517f723b1a7699bf22da075824816380d
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 91811672A0074A9BE720DF6ACC41B6B73E9EF41328F24653AF551FA381E7B0D9418790

Function 00F31D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00F33149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00F3101C,00000000,?,?,00000000), ref: 00F33195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00F31DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00F31DE1
WSAGetLastError.WSOCK32 ref: 00F31DF2
inet_ntoa.WSOCK32(?), ref: 00F31E8C
htons.WSOCK32(?,?,?,?,?), ref: 00F31EDB
_strlen.LIBCMT ref: 00F31F35

Part of subcall function 00F139E8: _strlen.LIBCMT ref: 00F139F2

Part of subcall function 00EB6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00ECCF58,?,?,?), ref: 00EB6DBA
Part of subcall function 00EB6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00ECCF58,?,?,?), ref: 00EB6DED

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: f65738694b771244080316ffb2bd9d79b8beb3e5e762dfc7f7908857535505bb
Instruction ID: a0a9e1ccecc319e0fdd1a2379f69245dc7218d1170d8e1410a193462ca8130fa
Opcode Fuzzy Hash: f65738694b771244080316ffb2bd9d79b8beb3e5e762dfc7f7908857535505bb
Instruction Fuzzy Hash: D7A1BD31604300AFC324DB24C885F6BBBE5BF85328F54995CF4566B2A2CB71ED46DB92

Function 00EE61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00ED82D9,00ED82D9,?,?,?,00EE644F,00000001,00000001,?), ref: 00EE6258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00EE644F,00000001,00000001,?,?,?,?), ref: 00EE62DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00EE63D8
__freea.LIBCMT ref: 00EE63E5

Part of subcall function 00EE3820: RtlAllocateHeap.NTDLL(00000000,?,00F81444,?,00ECFDF5,?,?,00EBA976,00000010,00F81440,00EB13FC,?,00EB13C6,?,00EB1129), ref: 00EE3852

__freea.LIBCMT ref: 00EE63EE
__freea.LIBCMT ref: 00EE6413

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 5b7fdd327c80a98669a287dfd38f0ef95b7cbb7d4d23215d41ad04f67ef7d4e1
Instruction ID: 17228808ffac8b7d66ce2331d13db8faed9d395a3310dc2828073a7b103a1783
Opcode Fuzzy Hash: 5b7fdd327c80a98669a287dfd38f0ef95b7cbb7d4d23215d41ad04f67ef7d4e1
Instruction Fuzzy Hash: 3A51177260024AABDB258FA6DC81EBF77A9EBA4794F145229FD05F7190DB34DC40C660

Function 00F3BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F3C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F3B6AE,?,?), ref: 00F3C9B5
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3C9F1
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3CA68
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F3BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F3BD25
RegCloseKey.ADVAPI32(00000000), ref: 00F3BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00F3BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F3BDF3
RegCloseKey.ADVAPI32(?), ref: 00F3BDFF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 7784d548d612f0f6819fbd86604f19d4e8eb39da3bf26c8578292c9b8cb26816
Instruction ID: c44657eb7b198864c7855dd5c65ff49cf26e883576e2c11412ca19f5ac37ea52
Opcode Fuzzy Hash: 7784d548d612f0f6819fbd86604f19d4e8eb39da3bf26c8578292c9b8cb26816
Instruction Fuzzy Hash: B581D031608241EFC714DF24C891E6ABBE5FF84328F14895CF5598B2A2CB32ED45DB92

Function 00F0F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00F0F7B9
SysAllocString.OLEAUT32(00000001), ref: 00F0F860
VariantCopy.OLEAUT32(00F0FA64,00000000), ref: 00F0F889
VariantClear.OLEAUT32(00F0FA64), ref: 00F0F8AD
VariantCopy.OLEAUT32(00F0FA64,00000000), ref: 00F0F8B1
VariantClear.OLEAUT32(?), ref: 00F0F8BB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: f03b1ec9365ce60c1c25e65622bd64c8bc53643cdee5569dfd9ebc21e2f7e877
Instruction ID: 36b9a8367f77192c7506f36dc9503bbc9e4917113b7592b0342046d122ab4029
Opcode Fuzzy Hash: f03b1ec9365ce60c1c25e65622bd64c8bc53643cdee5569dfd9ebc21e2f7e877
Instruction Fuzzy Hash: 27512831A00300BACF30AB65DC95B69B3E8EF45320F209466E902EF6D1DB748C44F7A6

Function 00F2910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00EB7620: _wcslen.LIBCMT ref: 00EB7625

Part of subcall function 00EB6B57: _wcslen.LIBCMT ref: 00EB6B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00F294E5
_wcslen.LIBCMT ref: 00F29506
_wcslen.LIBCMT ref: 00F2952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00F29585

Strings

X, xrefs: 00F29412

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 4d0fdf477a3e8854c6952a1d20f6dfe9f3e1f55f457d138323d669ace8692d49
Instruction ID: c3d63ef36f63ec41173782a1cb8c87b2f30af9ff43d9224db4826eb2e0e2a26f
Opcode Fuzzy Hash: 4d0fdf477a3e8854c6952a1d20f6dfe9f3e1f55f457d138323d669ace8692d49
Instruction Fuzzy Hash: F5E1B331A08310CFD724DF24D881AABB7E5BF85314F14856DF899AB2A2DB71DD05CB92

Function 00EC920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00EC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EC9BB2

BeginPaint.USER32(?,?,?), ref: 00EC9241
GetWindowRect.USER32(?,?), ref: 00EC92A5
ScreenToClient.USER32(?,?), ref: 00EC92C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00EC92D3
EndPaint.USER32(?,?,?,?,?), ref: 00EC9321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00F071EA

Part of subcall function 00EC9339: BeginPath.GDI32(00000000), ref: 00EC9357

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: 47c2cdd2cf13e20c709bc5b1587947d192a19dadf0bdfa5f255ed7de0220f7e3
Instruction ID: e921ef3d9f074d128ab88782718dfc138df0a3d742adbf597da974f89721b1d5
Opcode Fuzzy Hash: 47c2cdd2cf13e20c709bc5b1587947d192a19dadf0bdfa5f255ed7de0220f7e3
Instruction Fuzzy Hash: 0B41AC30505304AFD710DF24DC88FBA7BA8FB56720F14066DF9A4972E2C732A846EB61

Function 00F207EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00F2080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00F20847
EnterCriticalSection.KERNEL32(?), ref: 00F20863
LeaveCriticalSection.KERNEL32(?), ref: 00F208DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00F208F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00F20921

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: f62cb90082671911bbe0fe5dfd4ddbd59cb773bd25a73672c3b8071cd5f634a9
Instruction ID: e5f0ae437d59191a66450bc353d3401cddd9cd93ea90598d03b0f17cdbce74b8
Opcode Fuzzy Hash: f62cb90082671911bbe0fe5dfd4ddbd59cb773bd25a73672c3b8071cd5f634a9
Instruction Fuzzy Hash: 38418D72900209EFDF14AF54DC85AAA77B9FF04310F1440A9ED04AA297DB71DE61EBA4

Function 00F481DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00F0F3AB,00000000,?,?,00000000,?,00F0682C,00000004,00000000,00000000), ref: 00F4824C
EnableWindow.USER32(?,00000000), ref: 00F48272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00F482D1
ShowWindow.USER32(?,00000004), ref: 00F482E5
EnableWindow.USER32(?,00000001), ref: 00F4830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00F4832F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: c3458713dc6b94fc05e74716a1d5f8ae8d678e21565f1afb3c8b3c1437a94d80
Instruction ID: 158f84bfd4aab71d53024ec50781cafbcf6b5e105f3fcfb3bbfe901873d99acd
Opcode Fuzzy Hash: c3458713dc6b94fc05e74716a1d5f8ae8d678e21565f1afb3c8b3c1437a94d80
Instruction Fuzzy Hash: 28419434A01648AFDB11CF15CC99BF87FE0BB0A764F185269ED184B262CB71AD43EB50

Function 00F14C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00F14C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00F14CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00F14CEA
_wcslen.LIBCMT ref: 00F14D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00F14D10
_wcsstr.LIBVCRUNTIME ref: 00F14D1A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: fd173ed7bdf00c843e41c80cc80d90576c17e07d1f00f86af89e8174014e53f8
Instruction ID: f20b7c975941013f770e4741e3e6ff88975c641be30d9f82c27c83f7082b075d
Opcode Fuzzy Hash: fd173ed7bdf00c843e41c80cc80d90576c17e07d1f00f86af89e8174014e53f8
Instruction Fuzzy Hash: 7D2149726052047BEB155B35EC09FBB7BDCDF95720F10902DFC09DA192EA71EC41A2A0

Function 00F2581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00EB3A97,?,?,00EB2E7F,?,?,?,00000000), ref: 00EB3AC2

_wcslen.LIBCMT ref: 00F2587B
CoInitialize.OLE32(00000000), ref: 00F25995
CoCreateInstance.OLE32(00F4FCF8,00000000,00000001,00F4FB68,?), ref: 00F259AE
CoUninitialize.OLE32 ref: 00F259CC

Strings

.lnk, xrefs: 00F25876, 00F258C1, 00F25985

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: 9fa76acc7baeeded531a1645a8eea3283bf464a68f95936c6624b55a4deef53a
Instruction ID: aaf4fe364a28993b18b30bc520fcf3b2fd7d2e5582aa5863c2f1f665cc874f27
Opcode Fuzzy Hash: 9fa76acc7baeeded531a1645a8eea3283bf464a68f95936c6624b55a4deef53a
Instruction Fuzzy Hash: 70D17571A087119FC714DF24D480A6ABBE2FF89B20F14885DF889AB361D731EC45DB92

Function 00F1175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F10FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F10FCA
Part of subcall function 00F10FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F10FD6
Part of subcall function 00F10FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F10FE5
Part of subcall function 00F10FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F10FEC
Part of subcall function 00F10FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F11002

GetLengthSid.ADVAPI32(?,00000000,00F11335), ref: 00F117AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00F117BA
HeapAlloc.KERNEL32(00000000), ref: 00F117C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00F117DA
GetProcessHeap.KERNEL32(00000000,00000000,00F11335), ref: 00F117EE
HeapFree.KERNEL32(00000000), ref: 00F117F5

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 1541592144605ea29332b4fa7f8672b487d2fdb0c5d86d5eaba5308c653ac32f
Instruction ID: 734eae2fee5a8453c29ba37444cd6a1165b33e0905a375daa0eb4c8ce91e9383
Opcode Fuzzy Hash: 1541592144605ea29332b4fa7f8672b487d2fdb0c5d86d5eaba5308c653ac32f
Instruction Fuzzy Hash: B011BE36902209FFDB109FA4CC49BEF7BA9FB42365F104118F94197251C739A980EBA0

Function 00F114CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00F114FF
OpenProcessToken.ADVAPI32(00000000), ref: 00F11506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00F11515
CloseHandle.KERNEL32(00000004), ref: 00F11520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F1154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00F11563

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: ffb864c476d2d4e957a4b9eca1eab751b62eb0e9b6b9662c4383fa92084c6239
Instruction ID: 6b66c9c345b14cf93b640fa83fdd1d5118cdf22617c6ea059d0064f805cf42da
Opcode Fuzzy Hash: ffb864c476d2d4e957a4b9eca1eab751b62eb0e9b6b9662c4383fa92084c6239
Instruction Fuzzy Hash: 6F11297660220DABDF11CF98DD49BDE7BA9FF49754F044015FE05A2160C3758EA0EBA1

Function 00ED3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00ED3379,00ED2FE5), ref: 00ED3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00ED339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00ED33B7
SetLastError.KERNEL32(00000000,?,00ED3379,00ED2FE5), ref: 00ED3409

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 1ee0b629c33d3d322e4590906d4c5653ff1f43e0af3e5b943ead3f8bc2c7462e
Instruction ID: da56a2461152e82569ccb31b7d2f12617a5936925ba5bfd9af1cf4b6b2683990
Opcode Fuzzy Hash: 1ee0b629c33d3d322e4590906d4c5653ff1f43e0af3e5b943ead3f8bc2c7462e
Instruction Fuzzy Hash: D3012432609315BEA6242BB57C8556A3E94EB15379320222FF534F03F0EF128E03A1C6

Function 00EE2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00EE5686,00EF3CD6,?,00000000,?,00EE5B6A,?,?,?,?,?,00EDE6D1,?,00F78A48), ref: 00EE2D78
_free.LIBCMT ref: 00EE2DAB
_free.LIBCMT ref: 00EE2DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00EDE6D1,?,00F78A48,00000010,00EB4F4A,?,?,00000000,00EF3CD6), ref: 00EE2DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00EDE6D1,?,00F78A48,00000010,00EB4F4A,?,?,00000000,00EF3CD6), ref: 00EE2DEC
_abort.LIBCMT ref: 00EE2DF2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: f4e27506a3c92087a551ba963decbbd9f02a038177b9efb9bdc2a3e09017a972
Instruction ID: 23c66b58bbd935b82242475be5283223a3651fcdce0d0889cce73e6f407b0aeb
Opcode Fuzzy Hash: f4e27506a3c92087a551ba963decbbd9f02a038177b9efb9bdc2a3e09017a972
Instruction Fuzzy Hash: 3DF0F93650558C27C2522F777C0AA5A369DABC27A4F31601CFB24F21E2EF2488015161

Function 00F48A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00EC9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00EC9693
Part of subcall function 00EC9639: SelectObject.GDI32(?,00000000), ref: 00EC96A2
Part of subcall function 00EC9639: BeginPath.GDI32(?), ref: 00EC96B9
Part of subcall function 00EC9639: SelectObject.GDI32(?,00000000), ref: 00EC96E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00F48A4E
LineTo.GDI32(?,00000003,00000000), ref: 00F48A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00F48A70
LineTo.GDI32(?,00000000,00000003), ref: 00F48A80
EndPath.GDI32(?), ref: 00F48A90
StrokePath.GDI32(?), ref: 00F48AA0

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 4f3915a09bc78b77d02b1c4f331ee2ed070898492c7c4a90609ec00a84eb6f82
Instruction ID: b13077bd195245f8d0a3785d2616cafc16dc57b1a462939b873fd3e7059168fe
Opcode Fuzzy Hash: 4f3915a09bc78b77d02b1c4f331ee2ed070898492c7c4a90609ec00a84eb6f82
Instruction Fuzzy Hash: 7111097600114CFFDB129F94DC88EAA7F6CEB09390F048012FE199A1A1C7719D56EBA0

Function 00F151FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00F15218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00F15229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F15230
ReleaseDC.USER32(00000000,00000000), ref: 00F15238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00F1524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00F15261

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 973d52d72eb8863e993b9c0fc5b6baae479fd0f89df59c54e20d5506614ebcaa
Instruction ID: 96325d5d56f03c282128924b7e75b1e8394f526795602ea14b172986feaa599a
Opcode Fuzzy Hash: 973d52d72eb8863e993b9c0fc5b6baae479fd0f89df59c54e20d5506614ebcaa
Instruction Fuzzy Hash: 7E018F75E01708BBEB109BA59C49A4EBFB8EB99751F044065FE04A7290D6709800DBA0

Function 00EB1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00EB1BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00EB1BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00EB1C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00EB1C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00EB1C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00EB1C22

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: da893a3f421a52a24c9f9452ee19e0e64234aefe39a4d5efb34540e9bd01e097
Instruction ID: 5bf07fb5ecc28632a948e6ddf339a8e94ae87611108f4fb61c77334bb4460e60
Opcode Fuzzy Hash: da893a3f421a52a24c9f9452ee19e0e64234aefe39a4d5efb34540e9bd01e097
Instruction Fuzzy Hash: A90167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CFE5

Function 00F1EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00F1EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00F1EB46
GetWindowThreadProcessId.USER32(?,?), ref: 00F1EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F1EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F1EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F1EB75

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 9b310f9398d4aa53102d73e4c5d551fd5e39d3fdd765e26c92feb3c7059467de
Instruction ID: fcee2b6868cc52c00d173ea3a0941d1f52ca3fd5c2adac588a50c40822197053
Opcode Fuzzy Hash: 9b310f9398d4aa53102d73e4c5d551fd5e39d3fdd765e26c92feb3c7059467de
Instruction Fuzzy Hash: 4EF09A7A60215CBBE7205B629C0EEEF3A7CEFDBB11F005158FA01D1190D7A01A01EAF4

Function 00F07439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00F07452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00F07469
GetWindowDC.USER32(?), ref: 00F07475
GetPixel.GDI32(00000000,?,?), ref: 00F07484
ReleaseDC.USER32(?,00000000), ref: 00F07496
GetSysColor.USER32(00000005), ref: 00F074B0

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: e748274bb636fab33276261af7ca0b8cef651d262105c410a8d3443a344544fc
Instruction ID: 0dfc0ae0f829d54253047f221ef3d1fec94ed0dfdb66f0155b07854f95ed3e2d
Opcode Fuzzy Hash: e748274bb636fab33276261af7ca0b8cef651d262105c410a8d3443a344544fc
Instruction Fuzzy Hash: B6018B36801209EFDB90AF64DC08BEE7BB5FB15321F2551A4FD19A20A1CB312E41BB90

Function 00F11874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00F1187F
UnloadUserProfile.USERENV(?,?), ref: 00F1188B
CloseHandle.KERNEL32(?), ref: 00F11894
CloseHandle.KERNEL32(?), ref: 00F1189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00F118A5
HeapFree.KERNEL32(00000000), ref: 00F118AC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: f918a7497c295df419a5a4b75e4badb3f1b2e6db02ea2baad1d9a5e1c3567611
Instruction ID: 4ed6194a7e5a0161e3bd7f5785a170041f9ebff2cebe2ac3feda85eeea188cf9
Opcode Fuzzy Hash: f918a7497c295df419a5a4b75e4badb3f1b2e6db02ea2baad1d9a5e1c3567611
Instruction Fuzzy Hash: F8E0ED3A105109BBDB415FA2ED0C905BF39FFAA7217109220F62581171CB325420EF90

Function 00F1C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB7620: _wcslen.LIBCMT ref: 00EB7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F1C6EE
_wcslen.LIBCMT ref: 00F1C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F1C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00F1C7CA

Strings

0, xrefs: 00F1C6AF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: e2bccd27e81e7e47b99596ccc7e61952a6ef7c5ab2f9796b26e2da853b703209
Instruction ID: e2b7262e66d14d16673d7aa44b33c93f94022d81cbdc9b9955dd0edc77041d29
Opcode Fuzzy Hash: e2bccd27e81e7e47b99596ccc7e61952a6ef7c5ab2f9796b26e2da853b703209
Instruction Fuzzy Hash: F451D171A843019BD7149F28C885BFB77E8AF85320F041A2DF995E31D1DBB0D885EB92

Function 00F3AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00F3AEA3

Part of subcall function 00EB7620: _wcslen.LIBCMT ref: 00EB7625

GetProcessId.KERNEL32(00000000), ref: 00F3AF38
CloseHandle.KERNEL32(00000000), ref: 00F3AF67

Strings

@, xrefs: 00F3AE72
<, xrefs: 00F3AE6B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 590e999bcb3bb81f024afa59bddff20551a5f8e21d050670010c4eb2c8a57fef
Instruction ID: 5881238183e8b4dd6e74707f2de19c8421555dcf323275ece39c95c752ad1475
Opcode Fuzzy Hash: 590e999bcb3bb81f024afa59bddff20551a5f8e21d050670010c4eb2c8a57fef
Instruction Fuzzy Hash: E771AE70A00619DFCB14DF65C485A9EBBF1FF08320F048499E896AB7A2C774ED41DB91

Function 00F1719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00F17206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00F1723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00F1724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F172CF

Strings

DllGetClassObject, xrefs: 00F17242

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 30114043f1babe7628bedc5be14eb9870396eb830dea88427a6658a5c3f35607
Instruction ID: 80c9f9187b3870473e68fd38c14da037d521efeea8f23111dab88360d88e038b
Opcode Fuzzy Hash: 30114043f1babe7628bedc5be14eb9870396eb830dea88427a6658a5c3f35607
Instruction Fuzzy Hash: A2417F71A04304EFDB15DF54C884ADA7BB9EF89310F1480A9BD099F24AD7B1D985EFA0

Function 00F43D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F43E35
IsMenu.USER32(?), ref: 00F43E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00F43E92
DrawMenuBar.USER32 ref: 00F43EA5

Strings

0, xrefs: 00F43D89

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: e39517708a28c9ed77a497de64fbdc613666afa6aa6951e2649971381a31c52d
Instruction ID: f90ac15fad2d1cb96a4d8786767cce45df94c4252c125a3751444d52d226dc4e
Opcode Fuzzy Hash: e39517708a28c9ed77a497de64fbdc613666afa6aa6951e2649971381a31c52d
Instruction Fuzzy Hash: E7413875A02209AFDB10DF50D884AEABBB9FF49364F044129ED15A7350D730AE49EF90

Function 00F11DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F13CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F13CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00F11E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00F11E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00F11EA9

Part of subcall function 00EB6B57: _wcslen.LIBCMT ref: 00EB6B6A

Strings

ComboBox, xrefs: 00F11DF0
ListBox, xrefs: 00F11E25

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: 19d7b0a2071e70d0fbb0bf982e061fc4e74c71a53d35ea0240ecd07faae16e40
Instruction ID: b155aac0c12914b9120a58c3faba573be2277e136444b28dc851a7c4ecd49952
Opcode Fuzzy Hash: 19d7b0a2071e70d0fbb0bf982e061fc4e74c71a53d35ea0240ecd07faae16e40
Instruction Fuzzy Hash: 16214971A00108BFDB14ABA4DC85DFFB7F8EF41360B105119FD25A31E1DB385949AB60

Function 00F3C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00F3C9F1
_wcslen.LIBCMT ref: 00F3CA68
_wcslen.LIBCMT ref: 00F3CA9E
_wcslen.LIBCMT ref: 00F3CAF9
_wcslen.LIBCMT ref: 00F3CB2F
_wcslen.LIBCMT ref: 00F3CB7F

Strings

HKEY_LOCAL_MACHINE, xrefs: 00F3CA62, 00F3CA67
HKLM, xrefs: 00F3CA98, 00F3CA9D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: 599030182319360664262d74abac1ffe8c6083b9f86e816af69f06f163816974
Instruction ID: 66ac9dfb4629322c59ced9e89e77ffff1b016ef7a81bdf0e1b61e6a418a72fef
Opcode Fuzzy Hash: 599030182319360664262d74abac1ffe8c6083b9f86e816af69f06f163816974
Instruction Fuzzy Hash: D6318173E0016A4BCF20EF6D99615BE33919BA1770F15402AE845BB345EA79CD41B3E1

Function 00F42F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00F42F8D
LoadLibraryW.KERNEL32(?), ref: 00F42F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00F42FA9
DestroyWindow.USER32(?), ref: 00F42FB1

Strings

SysAnimate32, xrefs: 00F42F68

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: e3457b95628e6eb03a6f60e86f544b443b00b7180fc4bbcbc85fede7f145f13e
Instruction ID: 9583456c6d80397defaeced15d1bd8d69c4587be55fd2acb5c7b5453e6c3f77a
Opcode Fuzzy Hash: e3457b95628e6eb03a6f60e86f544b443b00b7180fc4bbcbc85fede7f145f13e
Instruction Fuzzy Hash: 2E219A72A00209ABEB604F64DC80EBB3BB9EB69374F904228FD54D6190D771DC95A7A0

Function 00ED4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00ED4D1E,00EE28E9,(,00ED4CBE,00000000,00F788B8,0000000C,00ED4E15,(,00000002), ref: 00ED4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00ED4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00ED4D1E,00EE28E9,(,00ED4CBE,00000000,00F788B8,0000000C,00ED4E15,(,00000002,00000000), ref: 00ED4DC3

Strings

CorExitProcess, xrefs: 00ED4D98
mscoree.dll, xrefs: 00ED4D86

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: a16bcd72f1c5ce880e9dd83b5fe443cc2debaa1853c7fb567d2226c7f829babb
Instruction ID: 824ad941c66144a7759c87572c8cf1fa63a5cce11ddfc045339a4971aec4fdce
Opcode Fuzzy Hash: a16bcd72f1c5ce880e9dd83b5fe443cc2debaa1853c7fb567d2226c7f829babb
Instruction Fuzzy Hash: 65F0AF34A0120CBBDB109F90DC09BADBFB5EF58716F0000A9FD09A22A0CB319941EAD1

Function 00EB4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EB4EDD,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00EB4EAE
FreeLibrary.KERNEL32(00000000,?,?,00EB4EDD,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4EC0

Strings

kernel32.dll, xrefs: 00EB4E94
Wow64DisableWow64FsRedirection, xrefs: 00EB4EA8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 957c0f233b6296ab1d5107ea63f3f8132ee2b9b8ff98d364d6348fad720114dc
Instruction ID: 41f1a28a7be69fcafe2f2806240a2b2abba1cf0f63cc447cb6e1a3726b8b710e
Opcode Fuzzy Hash: 957c0f233b6296ab1d5107ea63f3f8132ee2b9b8ff98d364d6348fad720114dc
Instruction Fuzzy Hash: 37E0CD79A035225BD27117296C18F9F7954AFD2F667051116FC04F7142DB60CD01A5E2

Function 00EB4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00EF3CDE,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00EB4E74
FreeLibrary.KERNEL32(00000000,?,?,00EF3CDE,?,00F81418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00EB4E87

Strings

kernel32.dll, xrefs: 00EB4E5B
Wow64RevertWow64FsRedirection, xrefs: 00EB4E6E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 83d1c15109948f873cfe20e8ede66132989874207356fe1b8c629c34fc691419
Instruction ID: f782695824be32d04e65577546d553202fce7cac974d3ec32d2b8f258cbce077
Opcode Fuzzy Hash: 83d1c15109948f873cfe20e8ede66132989874207356fe1b8c629c34fc691419
Instruction Fuzzy Hash: 98D0C239503A226747631B246C08DCB3B18AFC2B193052111BC04B6155CF20CD01E5E2

Function 00F22947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F22C05
DeleteFileW.KERNEL32(?), ref: 00F22C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00F22C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F22CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F22CC0

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 0c79a7c62ef574504544f464f56d519a19ad39fc7c6ba86d067bf70ea5b8a0fd
Instruction ID: 639bdd82bc4fb0a3ce3974c37a2b9310de82065cadcf2f5654ad1a869cb8aa85
Opcode Fuzzy Hash: 0c79a7c62ef574504544f464f56d519a19ad39fc7c6ba86d067bf70ea5b8a0fd
Instruction Fuzzy Hash: B7B15C72D00129ABDF61EFA4DC85EDFB7BDEF49310F0040A6F509E6251EA349A449FA1

Function 00F3A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00F3A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00F3A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00F3A468
CloseHandle.KERNEL32(?), ref: 00F3A63D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 113e783c6bb896381c628052dfc8a9ac4ac570ba2cfe61308ae47012f11c1d1a
Instruction ID: 730473654f0393ad92f9ce0f546f7f4db41850800b99a9f03e358a273e4309f8
Opcode Fuzzy Hash: 113e783c6bb896381c628052dfc8a9ac4ac570ba2cfe61308ae47012f11c1d1a
Instruction Fuzzy Hash: D6A192716043009FD720DF25C886F2AB7E5AF84724F14985DF99AAB2D2DB71EC418B92

Function 00F1E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00F1DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F1CF22,?), ref: 00F1DDFD

Part of subcall function 00F1DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F1CF22,?), ref: 00F1DE16

Part of subcall function 00F1E199: GetFileAttributesW.KERNEL32(?,00F1CF95), ref: 00F1E19A

lstrcmpiW.KERNEL32(?,?), ref: 00F1E473
MoveFileW.KERNEL32(?,?), ref: 00F1E4AC
_wcslen.LIBCMT ref: 00F1E5EB
_wcslen.LIBCMT ref: 00F1E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00F1E650

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 200da289ba85f71f8fef6e73408a6e7601f1e4879f6e6e3d91da5f94c0ba1294
Instruction ID: e5acba0d19afc78b1c07381beb2e6cbf4becaeb47b52a0262824722510d5fec3
Opcode Fuzzy Hash: 200da289ba85f71f8fef6e73408a6e7601f1e4879f6e6e3d91da5f94c0ba1294
Instruction Fuzzy Hash: C75183B24083459BC724DB90DC819DFB3ECEF85350F10491EFA89D3192EF74A6889B66

Function 00F3B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F3C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F3B6AE,?,?), ref: 00F3C9B5
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3C9F1
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3CA68
Part of subcall function 00F3C998: _wcslen.LIBCMT ref: 00F3CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F3BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F3BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00F3BB63
RegCloseKey.ADVAPI32(?,?), ref: 00F3BBA6
RegCloseKey.ADVAPI32(00000000), ref: 00F3BBB3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 9e46afee6f29e5d2a5d43fcab5589165fb352ecad1d6fffe6be4d172531a3510
Instruction ID: 2264d1ae6c05c203380796a74f444469571537b17ac7d0e5b84278a1fdec2247
Opcode Fuzzy Hash: 9e46afee6f29e5d2a5d43fcab5589165fb352ecad1d6fffe6be4d172531a3510
Instruction Fuzzy Hash: 7361B031608241EFC714DF14C8A0E6ABBE5FF84328F14956CF5998B2A2CB35ED45DB92

Function 00F18BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00F18BCD
VariantClear.OLEAUT32 ref: 00F18C3E
VariantClear.OLEAUT32 ref: 00F18C9D
VariantClear.OLEAUT32(?), ref: 00F18D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00F18D3B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 42a86d81958506430b965eb96cdeeb3491d7c19ec08ef46df8edd2b9447fc5c7
Instruction ID: 6ea38cb8ff58e2f83ee56edafce56e38fc99715b73f9e430b701a5eaca9e6a1e
Opcode Fuzzy Hash: 42a86d81958506430b965eb96cdeeb3491d7c19ec08ef46df8edd2b9447fc5c7
Instruction Fuzzy Hash: 485167B5A00219EFCB10CF68D884AAAB7F8FF99350B158559F909DB350E730E952CF90

Function 00F28AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00F28BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00F28BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00F28C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00F28C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00F28C5F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 9e14cc36c1497f9c2ff0ce2d37c803311d78e32e06025c64719cf6a43548d5f8
Instruction ID: 18c2f706403624ca8d2b95c0de01d651080734c71ff4c15f7a5a05d648ca0829
Opcode Fuzzy Hash: 9e14cc36c1497f9c2ff0ce2d37c803311d78e32e06025c64719cf6a43548d5f8
Instruction Fuzzy Hash: 0B516C35A012189FCB15DF64C881EAEBBF5FF49314F088458E849AB362CB35ED41DBA0

Function 00F38EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00F38F40
GetProcAddress.KERNEL32(00000000,?), ref: 00F38FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00F38FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00F39032
FreeLibrary.KERNEL32(00000000), ref: 00F39052

Part of subcall function 00ECF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00F21043,?,753CE610), ref: 00ECF6E6
Part of subcall function 00ECF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00F0FA64,00000000,00000000,?,?,00F21043,?,753CE610,?,00F0FA64), ref: 00ECF70D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 622ffd8e6e1bc20359a53c1ad5c6197c7e693d3a5bd458af0ee87f385511b4cb
Instruction ID: ccd2e3b78aa195194d8283a4d2f568c55d6cbe78b0b3243cf10054401675af54
Opcode Fuzzy Hash: 622ffd8e6e1bc20359a53c1ad5c6197c7e693d3a5bd458af0ee87f385511b4cb
Instruction Fuzzy Hash: 65515C35A05205DFC715DF64C4848AEBBF1FF49324F0480A9E80AAB362DB71ED86DB90

Function 00F46B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00F46C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00F46C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00F46C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00F2AB79,00000000,00000000), ref: 00F46C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00F46CC7

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 058d1abb3a953778f18269edffb825e7a59f5df9a27e777d0deab868061c1a3b
Instruction ID: 78523f27f630dd55c91d7f27205b64696f08be7e37b7c360e7ebd1423066ba5c
Opcode Fuzzy Hash: 058d1abb3a953778f18269edffb825e7a59f5df9a27e777d0deab868061c1a3b
Instruction Fuzzy Hash: 6841C435A04104AFD724CF68CC94FA97FA5EB0B361F150268FE99E72E0C371AD41EA81

Function 00EE2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00EE20C3
_free.LIBCMT ref: 00EE20E3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 433f3fe1a832058e493883b9ec678e050cb62268d05026ab8759f25b2b9a3b4d
Instruction ID: f34654aa4ff5b183cd761f94691bfc3f794ea23467fa74390603d2307db4509f
Opcode Fuzzy Hash: 433f3fe1a832058e493883b9ec678e050cb62268d05026ab8759f25b2b9a3b4d
Instruction Fuzzy Hash: AA41E232A002089FCB24DF79C881A5EB3E9EF89714F1555ADE615FB392D731AE01CB81

Function 00EC912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00EC9141
ScreenToClient.USER32(00000000,?), ref: 00EC915E
GetAsyncKeyState.USER32(00000001), ref: 00EC9183
GetAsyncKeyState.USER32(00000002), ref: 00EC919D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 04f53f4adb8fc9d3f5d2228f876dcb8e873bc07095b40ca96049420313f00d83
Instruction ID: 1fd23a2efb52e06c2950af035a49701df9a86d642d014b9e5a099c87777f25c0
Opcode Fuzzy Hash: 04f53f4adb8fc9d3f5d2228f876dcb8e873bc07095b40ca96049420313f00d83
Instruction Fuzzy Hash: 1D41A431A0821AFBDF05AF64C848BEEB774FF05334F244259E825A32E1C7356951EB91

Function 00F23874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00F238CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00F23922
TranslateMessage.USER32(?), ref: 00F2394B
DispatchMessageW.USER32(?), ref: 00F23955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F23966

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 912e507015257fc00b8468e8e8e60fea2bded92c82620eb226dd1f3d91bfb38e
Instruction ID: 7c38dd8b73d0246f59d930a718571aeefd51ae62c5048f677fda11c0e434415f
Opcode Fuzzy Hash: 912e507015257fc00b8468e8e8e60fea2bded92c82620eb226dd1f3d91bfb38e
Instruction Fuzzy Hash: BC31F7F1D053699EEB35CB34A809BF637A9EB16310F04056DE452C61A0E3BC96C5FB11

Function 00F2CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00F2C21E,00000000), ref: 00F2CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00F2CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00F2C21E,00000000), ref: 00F2CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00F2C21E,00000000), ref: 00F2CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00F2C21E,00000000), ref: 00F2CFF2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 66026789eaed1b0bf63733f095a97881ed028486c267d2692f9e4cddaa9387b3
Instruction ID: c3567162bacd756b07522dfa5cfc95eeb9670800b116e6c83754db5081945618
Opcode Fuzzy Hash: 66026789eaed1b0bf63733f095a97881ed028486c267d2692f9e4cddaa9387b3
Instruction Fuzzy Hash: A6315071900615EFDB20DFA5EA84AAFBBF9EF15360B10442EF516D2150D730AE41EBB0

Function 00F11901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00F11915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00F119C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00F119C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00F119DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00F119E2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: e1016d0ef0439da80bf052d204263fca70935affc5cadf02c29f4a5204bc8530
Instruction ID: 0bbf1ae20e328f5c1c2b53f5bd8cba500f6b54c67be1ccf7770ce2699993fc12
Opcode Fuzzy Hash: e1016d0ef0439da80bf052d204263fca70935affc5cadf02c29f4a5204bc8530
Instruction Fuzzy Hash: 7A31D17290021DEFCB00CFA8CD98ADE3BB5FB55324F008225FA21A72D1C3709984EB90

Function 00F45706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00F45745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00F4579D
_wcslen.LIBCMT ref: 00F457AF
_wcslen.LIBCMT ref: 00F457BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00F45816

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 451a472f957462141e3677c216f8aac012674fd3dfc51515ca45518075ca28f9
Instruction ID: 05257314915433b45070edc3695e2c8db64fcfb17bd7f942af981b373d5c4231
Opcode Fuzzy Hash: 451a472f957462141e3677c216f8aac012674fd3dfc51515ca45518075ca28f9
Instruction Fuzzy Hash: 82219175D046189BDB20EFA0CC85AEE7BB8FF15B20F108226ED29EA191D7708985DF50

Function 00F30930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00F30951
GetForegroundWindow.USER32 ref: 00F30968
GetDC.USER32(00000000), ref: 00F309A4
GetPixel.GDI32(00000000,?,00000003), ref: 00F309B0
ReleaseDC.USER32(00000000,00000003), ref: 00F309E8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 3db1479481d2ad842b9ad9fa9146d653f3e9d92c7bd736dcc9dcf6f79f3dfba8
Instruction ID: 1f99bc32263b12b1b5780e0a3df042b13f9420540861ece817759386cb6332e5
Opcode Fuzzy Hash: 3db1479481d2ad842b9ad9fa9146d653f3e9d92c7bd736dcc9dcf6f79f3dfba8
Instruction Fuzzy Hash: 02219F39601218AFD714EF64DC94AAEBBE9FF55710F048069F84AA7362CB70AD04DB90

Function 00EECDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00EECDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EECDE9

Part of subcall function 00EE3820: RtlAllocateHeap.NTDLL(00000000,?,00F81444,?,00ECFDF5,?,?,00EBA976,00000010,00F81440,00EB13FC,?,00EB13C6,?,00EB1129), ref: 00EE3852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00EECE0F
_free.LIBCMT ref: 00EECE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00EECE31

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: edcce0228afd5ee44d5b62f2ce80eefcb7bc4408894c201dc3cd7a75c59736b5
Instruction ID: 341f58ea82c815109abaa1cb538d3ca5438455176116117bb1c8dccf61b608c3
Opcode Fuzzy Hash: edcce0228afd5ee44d5b62f2ce80eefcb7bc4408894c201dc3cd7a75c59736b5
Instruction Fuzzy Hash: E501F77260229D7F23251ABB6C8CC7F7A6DDEC7BA53252129FD05E7211EA618D0391F0

Function 00EC9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00EC9693
SelectObject.GDI32(?,00000000), ref: 00EC96A2
BeginPath.GDI32(?), ref: 00EC96B9
SelectObject.GDI32(?,00000000), ref: 00EC96E2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 35107df1b28e33ac4d0f01b3ab65622475828eda755c59dd6ada1fe5ce87a156
Instruction ID: a11f0871a804f34cc1774482330521dfb1aa5bcbe172917a611ccd4bbd4eb9d3
Opcode Fuzzy Hash: 35107df1b28e33ac4d0f01b3ab65622475828eda755c59dd6ada1fe5ce87a156
Instruction Fuzzy Hash: C2218030802309EBDB119F64ED08BF97BA8BB51369F10131AF810B61F1D3719897EB94

Function 00EC990E Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00EC98CC
SetTextColor.GDI32(?,?), ref: 00EC98D6
SetBkMode.GDI32(?,00000001), ref: 00EC98E9
GetStockObject.GDI32(00000005), ref: 00EC98F1
GetWindowLongW.USER32(?,000000EB), ref: 00EC9952

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: b86ddb667b8ae4c629c25e0824cc3c960df46fa2abdd2aad75a316e7e79d1a2f
Instruction ID: a62f58a0ba21f6414e673a2df2712d1115de69764fcc2f020323aa5820acf076
Opcode Fuzzy Hash: b86ddb667b8ae4c629c25e0824cc3c960df46fa2abdd2aad75a316e7e79d1a2f
Instruction Fuzzy Hash: A2216D325462449FDB128F30DC5DFF63F64AB93335B09115DE9A26B1A3C6334942DB90

Function 00F15711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00F15726
_memcmp.LIBVCRUNTIME ref: 00F15744
_memcmp.LIBVCRUNTIME ref: 00F15757
_memcmp.LIBVCRUNTIME ref: 00F1576F
_memcmp.LIBVCRUNTIME ref: 00F15787

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: a32b37605fbbb18df116869cef5804681d8366761a6d20fae4cde6ccd8b4073d
Instruction ID: 5ee858b294d5c4dab33c34a7c579efe56a188f7d90f6e022bcb110f7ea1ca207
Opcode Fuzzy Hash: a32b37605fbbb18df116869cef5804681d8366761a6d20fae4cde6ccd8b4073d
Instruction Fuzzy Hash: 2201B5A6A4160DFBE20855119D83FFB739CDBA1BA4F004021FD08AE2C2F760ED55A6A1

Function 00EE2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00EDF2DE,00EE3863,00F81444,?,00ECFDF5,?,?,00EBA976,00000010,00F81440,00EB13FC,?,00EB13C6), ref: 00EE2DFD
_free.LIBCMT ref: 00EE2E32
_free.LIBCMT ref: 00EE2E59
SetLastError.KERNEL32(00000000,00EB1129), ref: 00EE2E66
SetLastError.KERNEL32(00000000,00EB1129), ref: 00EE2E6F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: e2d20843eee0a5f9abe111b33421743d0fd87064d142870ae204a51eec4f8c0f
Instruction ID: 67ea6cdbaf484fbef92ec82dd874341cdfc4f1bcad22439827e3c4f6c21d5390
Opcode Fuzzy Hash: e2d20843eee0a5f9abe111b33421743d0fd87064d142870ae204a51eec4f8c0f
Instruction Fuzzy Hash: 9F01493610269C27C6132F773C4AD6B269DABD1768B31702CFA14B31F3EE648C011060

Function 00F1000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?,?,?,00F1035E), ref: 00F1002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?,?), ref: 00F10046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?,?), ref: 00F10054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?), ref: 00F10064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F0FF41,80070057,?,?), ref: 00F10070

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 226fc6cb9c489a2015c897c7a2fe68570b8f7d05f91b8a68141e65b1d74ab904
Instruction ID: b9ea40e73195753e74a244eb2f8e68f3e7d3d20dc1eb994a154be06330918dd6
Opcode Fuzzy Hash: 226fc6cb9c489a2015c897c7a2fe68570b8f7d05f91b8a68141e65b1d74ab904
Instruction Fuzzy Hash: B001A776601208BFDB504F64DC04BEA7AEDEF58751F145114FD05D2210EBB5DDC0A7A0

Function 00F1E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00F1E997
QueryPerformanceFrequency.KERNEL32(?), ref: 00F1E9A5
Sleep.KERNEL32(00000000), ref: 00F1E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00F1E9B7
Sleep.KERNEL32 ref: 00F1E9F3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 618f4451ac2af9704180f8390f146c12d5f78d30b42e38749f32bb607b53d038
Instruction ID: eddad1853b109c9905dee20653b4edebd8b19f3daf77445e04d549d3d3722f95
Opcode Fuzzy Hash: 618f4451ac2af9704180f8390f146c12d5f78d30b42e38749f32bb607b53d038
Instruction Fuzzy Hash: 5B015735C0262DDBCF44ABE5D859AEDBB78BB49710F400546E902B2241DB309690ABA1

Function 00F110F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F11114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F11120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F1112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F10B9B,?,?,?), ref: 00F11136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F1114D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 11d287518882cdd5a7043610ff7d184c0209ae13b107d89519edb03157c1ac7f
Instruction ID: dc3d891af81d4c79937591fc3e5dfc1b3ee3562bb9453a833bbe2c1bc8e9916f
Opcode Fuzzy Hash: 11d287518882cdd5a7043610ff7d184c0209ae13b107d89519edb03157c1ac7f
Instruction Fuzzy Hash: 64016D79501209BFDB514FA5DC49AAA3B6EFF86364B110414FE45D3360DA31DC40AEA0

Function 00F10FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F10FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F10FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F10FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F10FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F11002

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: f96fb988fefe5c97580a5ad32e619257a0a924ba655ad485041b889fb05ed0d9
Instruction ID: cb2972a4f2d25760d21f0267a761c85f355100b4b50937fc7988dadabc6b8cf5
Opcode Fuzzy Hash: f96fb988fefe5c97580a5ad32e619257a0a924ba655ad485041b889fb05ed0d9
Instruction Fuzzy Hash: 6AF06239602305EBD7214FA5DC4DF963B6DFF9A761F104414FE45C7251CA71DC809AA0

Function 00F11014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F1102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F11036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F11045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F1104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F11062

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: a111b8fbd1205461e7693a22540fe5ff0918b53f340e4ec3084fbb2d9978086a
Instruction ID: ebbeee6360e0bab183c95b72b727972ad1eed03bada73ac58575f318c9398a80
Opcode Fuzzy Hash: a111b8fbd1205461e7693a22540fe5ff0918b53f340e4ec3084fbb2d9978086a
Instruction Fuzzy Hash: 41F06D39602309EBDB215FA9EC49F963BADFF9A761F100414FE45C7251CA70D880EAA0

Function 00F2030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00F2017D,?,00F232FC,?,00000001,00EF2592,?), ref: 00F20324
CloseHandle.KERNEL32(?,?,?,?,00F2017D,?,00F232FC,?,00000001,00EF2592,?), ref: 00F20331
CloseHandle.KERNEL32(?,?,?,?,00F2017D,?,00F232FC,?,00000001,00EF2592,?), ref: 00F2033E
CloseHandle.KERNEL32(?,?,?,?,00F2017D,?,00F232FC,?,00000001,00EF2592,?), ref: 00F2034B
CloseHandle.KERNEL32(?,?,?,?,00F2017D,?,00F232FC,?,00000001,00EF2592,?), ref: 00F20358
CloseHandle.KERNEL32(?,?,?,?,00F2017D,?,00F232FC,?,00000001,00EF2592,?), ref: 00F20365

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0edba2c4769d7c2ea19ea5485e128bb896180d4e5d61a7ab4b6a1a9622f7283c
Instruction ID: d4926530e5643c92efe781f822bb83865d8b1b1710aec7e5a29f5f2c13e2ccbc
Opcode Fuzzy Hash: 0edba2c4769d7c2ea19ea5485e128bb896180d4e5d61a7ab4b6a1a9622f7283c
Instruction Fuzzy Hash: 8801A272801B259FC7309F66E880412FBF5BF603253158A3FD19652932C771AD54EF80

Function 00EED73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00EED752

Part of subcall function 00EE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000), ref: 00EE29DE
Part of subcall function 00EE29C8: GetLastError.KERNEL32(00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000,00000000), ref: 00EE29F0

_free.LIBCMT ref: 00EED764
_free.LIBCMT ref: 00EED776
_free.LIBCMT ref: 00EED788
_free.LIBCMT ref: 00EED79A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 2e9bde9500e37d3a2fc8e957208335394e7ce75c8bdd60a3a32728bf59897eea
Instruction ID: 35d779b69ef975841c05c66bc3908148d3ddc095a59cd914da8fdf2a5470106f
Opcode Fuzzy Hash: 2e9bde9500e37d3a2fc8e957208335394e7ce75c8bdd60a3a32728bf59897eea
Instruction Fuzzy Hash: 12F0123254828CAB8661EF66FDC6C1A7BEDBB44714B95380EF158F7502C735FC8086A5

Function 00F15C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00F15C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00F15C6F
MessageBeep.USER32(00000000), ref: 00F15C87
KillTimer.USER32(?,0000040A), ref: 00F15CA3
EndDialog.USER32(?,00000001), ref: 00F15CBD

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 69af28247ea801eccec96aa3a37d37cc5adc215eba8616b15af2d8a7e2ba8525
Instruction ID: 520ac649dd963af4a9892c1acc65722cc8caf3ac56eed5450e55bc579e0e63ad
Opcode Fuzzy Hash: 69af28247ea801eccec96aa3a37d37cc5adc215eba8616b15af2d8a7e2ba8525
Instruction Fuzzy Hash: 2A01D634501B08EBEB205F20DD4EFE677B8BB11F05F001159AA87A10E0DBF4A984AAD0

Function 00EE22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00EE22BE

Part of subcall function 00EE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000), ref: 00EE29DE
Part of subcall function 00EE29C8: GetLastError.KERNEL32(00000000,?,00EED7D1,00000000,00000000,00000000,00000000,?,00EED7F8,00000000,00000007,00000000,?,00EEDBF5,00000000,00000000), ref: 00EE29F0

_free.LIBCMT ref: 00EE22D0
_free.LIBCMT ref: 00EE22E3
_free.LIBCMT ref: 00EE22F4
_free.LIBCMT ref: 00EE2305

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6300f63c1619a99c08bf99e517484f38113e151cebb5034a30ab5fee3497fc28
Instruction ID: 68e131481c32bf283d35ba8e26d43d9c8f8376a05a71a81b69af0580f283f9af
Opcode Fuzzy Hash: 6300f63c1619a99c08bf99e517484f38113e151cebb5034a30ab5fee3497fc28
Instruction Fuzzy Hash: 6EF0547140015C8B8622AF55BC028A93BACF758760741660FF614E6272CB350452BFE6

Function 00EC95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00EC95D4
StrokeAndFillPath.GDI32(?,?,00F071F7,00000000,?,?,?), ref: 00EC95F0
SelectObject.GDI32(?,00000000), ref: 00EC9603
DeleteObject.GDI32 ref: 00EC9616
StrokePath.GDI32(?), ref: 00EC9631

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: d4a73974a9e9a01b600e4f05ae9bd055d0e12f222b800337ab88c8bae9733a44
Instruction ID: 8540c7fb654db0928e7c5dec8546b9dcbc3029869cc394274a40e6044123caaf
Opcode Fuzzy Hash: d4a73974a9e9a01b600e4f05ae9bd055d0e12f222b800337ab88c8bae9733a44
Instruction Fuzzy Hash: BDF0373400660CEBDB265F69EE1CBB43B69BB52326F049318F925A50F1C7318997EF60

Function 00EE0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00EE10F9
__freea.LIBCMT ref: 00EE1117

Part of subcall function 00EE1537: _free.LIBCMT ref: 00EE154F

Strings

a/p, xrefs: 00EE11DE
am/pm, xrefs: 00EE117A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: e01fc911694ee72abdff0d8729f724810d3440f598dc67b8ba7ed3fb1729efbe
Instruction ID: 1611a0f398fe4fb6850602c844ec97a6d95fce11d55906a366a5ccb4d0d94001
Opcode Fuzzy Hash: e01fc911694ee72abdff0d8729f724810d3440f598dc67b8ba7ed3fb1729efbe
Instruction Fuzzy Hash: 33D1F17190028ECACB289F6AC845BFEB7B1FF05704F292199EA01BB654D3759DC0CB91

Function 00F37B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00ED0242: EnterCriticalSection.KERNEL32(00F8070C,00F81884,?,?,00EC198B,00F82518,?,?,?,00EB12F9,00000000), ref: 00ED024D
Part of subcall function 00ED0242: LeaveCriticalSection.KERNEL32(00F8070C,?,00EC198B,00F82518,?,?,?,00EB12F9,00000000), ref: 00ED028A

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00ED00A3: __onexit.LIBCMT ref: 00ED00A9

__Init_thread_footer.LIBCMT ref: 00F37BFB

Part of subcall function 00ED01F8: EnterCriticalSection.KERNEL32(00F8070C,?,?,00EC8747,00F82514), ref: 00ED0202
Part of subcall function 00ED01F8: LeaveCriticalSection.KERNEL32(00F8070C,?,00EC8747,00F82514), ref: 00ED0235

Strings

G, xrefs: 00F37C7F
Variable must be of type 'Object'., xrefs: 00F37C3A
5, xrefs: 00F37C78

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: 7eb10b4b6f85d7cb49aca7ba5a6f0d631bbb006a42ce9aeec773898708d6ecf0
Instruction ID: 9fc8c1095c170264db7c9cad1af26df1f9ea183beb90e6183e5a448b90239be8
Opcode Fuzzy Hash: 7eb10b4b6f85d7cb49aca7ba5a6f0d631bbb006a42ce9aeec773898708d6ecf0
Instruction Fuzzy Hash: 20917CB1A04209EFCB24EF54D891DADB7B1FF44324F148059F806AB292DB71AE41EB51

Function 00EE5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

Strings

JO, xrefs: 00EE5BA8, 00EE5C6C

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID: JO
API String ID: 0-1663374661
Opcode ID: 3d2823917616bd77daa369233e1074273cdc9b7a74158d7fed01db76559b4dc1
Instruction ID: fa6f448d9aadba8ea51db7919e1af4ef48410733c6dfb1e269fcc0e5dd75d68e
Opcode Fuzzy Hash: 3d2823917616bd77daa369233e1074273cdc9b7a74158d7fed01db76559b4dc1
Instruction Fuzzy Hash: 9951CF7290068D9BCB10DFA6CC45FEEBBB8EF45318F24205AF405BB292D6719901DB61

Function 00EE8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00EE8B6E
GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00EE8B7A
__dosmaperr.LIBCMT ref: 00EE8B81

Strings

., xrefs: 00EE8A63

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr
String ID: .
API String ID: 2434981716-3963672497
Opcode ID: c406085ee4caf0bb0190e071af6fc18dce24afd55c9bfddedfeabd9a78c6e161
Instruction ID: faf45b1533cc5309d9ce8f6ae24ef6ad962f776cad2a811b3e23f88c9b655d43
Opcode Fuzzy Hash: c406085ee4caf0bb0190e071af6fc18dce24afd55c9bfddedfeabd9a78c6e161
Instruction Fuzzy Hash: F14160745040CDAFD7259F55CD81ABD7FD6DF85304B18A1AAF48DA7252DE318C02D790

Function 00F12716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00F1B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F121D0,?,?,00000034,00000800,?,00000034), ref: 00F1B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00F12760

Part of subcall function 00F1B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F121FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00F1B3F8

Part of subcall function 00F1B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00F1B355
Part of subcall function 00F1B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00F12194,00000034,?,?,00001004,00000000,00000000), ref: 00F1B365
Part of subcall function 00F1B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00F12194,00000034,?,?,00001004,00000000,00000000), ref: 00F1B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F127CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F1281A

Strings

@, xrefs: 00F12832

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: a2ea4014dab2990d63fedf9c6585726273529b74c4c14992397d89eaac08e0a9
Instruction ID: 0ad5c7492334ea3a754b8b1b6f1d91c4809cb6fea249e03f6d8c2fe2633e6085
Opcode Fuzzy Hash: a2ea4014dab2990d63fedf9c6585726273529b74c4c14992397d89eaac08e0a9
Instruction Fuzzy Hash: E2414F76D00218AFDB10DFA4CD85ADEBBB8EF09310F008095FA55B7181DB716E85DBA0

Function 00EE172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00EE1769
_free.LIBCMT ref: 00EE1834
_free.LIBCMT ref: 00EE183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00EE1760, 00EE1767, 00EE1796, 00EE17CE

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: 4b1d2ab059374156afedf2edf109937298030ffbc331e1d853fec343cb0b5a17
Instruction ID: cb3f8ebf8f25af36989d240ce94b8cf3e41c0c0b9e1f3751685f95b81206ffe1
Opcode Fuzzy Hash: 4b1d2ab059374156afedf2edf109937298030ffbc331e1d853fec343cb0b5a17
Instruction Fuzzy Hash: 74318271A0029CABDB25DF9ADC81DDEBBFCEB85714B1051ABF804E7211D6708E81DB90

Function 00F1C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00F1C306
DeleteMenu.USER32(?,00000007,00000000), ref: 00F1C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00F81990,010355C8), ref: 00F1C395

Strings

0, xrefs: 00F1C2DF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 88f1809617f5d55ebb29c2f5a46a5f9625a1554c20f30ae8b94050c6416b505e
Instruction ID: 948cd9d364b7443d25e8630b5cb108ce94b6f8c5161faf956b0abdd21087a3f7
Opcode Fuzzy Hash: 88f1809617f5d55ebb29c2f5a46a5f9625a1554c20f30ae8b94050c6416b505e
Instruction Fuzzy Hash: 7B41B0316443019FD724DF25DC84B9ABBE4AF85320F048A1EF9A5972D1D730E945EBA2

Function 00F44416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00F4CC08,00000000,?,?,?,?), ref: 00F444AA
GetWindowLongW.USER32 ref: 00F444C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F444D7

Strings

SysTreeView32, xrefs: 00F4447C

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 89fccd4240f3f801c6c6a7f582d9a4f93ccda871f8b7a17d8af98e0d1130b447
Instruction ID: 4382ae039f0b3feb968fe374335de784c8657acae948320138569b04a2bc6872
Opcode Fuzzy Hash: 89fccd4240f3f801c6c6a7f582d9a4f93ccda871f8b7a17d8af98e0d1130b447
Instruction Fuzzy Hash: 0F31AF32610205AFDF209E38DC45BEA7BA9EB08334F245315FD79A21E0D774EC51AB50

Function 00F3304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00F3335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00F33077,?,?), ref: 00F33378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F3307A
_wcslen.LIBCMT ref: 00F3309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00F33106

Strings

255.255.255.255, xrefs: 00F33095, 00F3309A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 72dd598b8c4629abcbc6f2a7641c51d3d71a572320f1e1236dd87c643e9c349d
Instruction ID: 5937b12755c02ad08114d8218a84b58ea29bc2e47b91eaa0dbd1d961685c972b
Opcode Fuzzy Hash: 72dd598b8c4629abcbc6f2a7641c51d3d71a572320f1e1236dd87c643e9c349d
Instruction Fuzzy Hash: 3531F57AA042059FC714DF28C485EAA77F0EF14338F248059E9159F392DB31DE41E760

Function 00F43EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00F43F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00F43F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00F43F78

Strings

SysMonthCal32, xrefs: 00F43F0B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: b3cd60435af642d2fc1e2c586842c0c6784511f25f38578cbf65b7971afd02c3
Instruction ID: 96bcba457f2dc21defb46a53c852a7742a12805a090dd69754be906b55e05b5e
Opcode Fuzzy Hash: b3cd60435af642d2fc1e2c586842c0c6784511f25f38578cbf65b7971afd02c3
Instruction Fuzzy Hash: A021BF32A00219BBDF259F50CC46FEA3B79EF48724F110214FE196B1D0D6B5A854AB90

Function 00F44653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00F44705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00F44713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00F4471A

Strings

msctls_updown32, xrefs: 00F44684

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 93f810982481b77dec4db8378659b9e55ab4955b0589c9017192133bea1c5a01
Instruction ID: 8524596c3c827172157e4666f1cb035154d7fb6973ead7acdee20887ef6b9138
Opcode Fuzzy Hash: 93f810982481b77dec4db8378659b9e55ab4955b0589c9017192133bea1c5a01
Instruction Fuzzy Hash: CB214CB5600209AFEB10DF64DC81DB73BADEB5A3A4B050159FA04AB351CB30FC12EA60

Function 00F195AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00F1961D

Strings

#OnAutoItStartRegister, xrefs: 00F195F3
#notrayicon, xrefs: 00F195B7
#requireadmin, xrefs: 00F195D9

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: a437daa1712936c9d2d84c9ee9e44686086213cb8f0f259bb76f344c9812bade
Instruction ID: 25451d4256e2d49b8eff024d591c26da7035edb183062af9d3cce1cb5b5432ce
Opcode Fuzzy Hash: a437daa1712936c9d2d84c9ee9e44686086213cb8f0f259bb76f344c9812bade
Instruction Fuzzy Hash: 8F21683250811166D331AB24DC22FF773D9EF91320F044026FD49A7181EBE1ADC6E6E1

Function 00F437B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00F43840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00F43850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00F43876

Strings

Listbox, xrefs: 00F4380F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: f2e8cb708261990ec2fb0efe604ededf27d48bd719b3aa53edff0e429fe5ffc6
Instruction ID: e6a402efa624a05a789201a27e36f71d87acbc7a58248f2397b9ec9bbf13b9b5
Opcode Fuzzy Hash: f2e8cb708261990ec2fb0efe604ededf27d48bd719b3aa53edff0e429fe5ffc6
Instruction Fuzzy Hash: C821CF72A10218BBEF219F54CC81FBB3B6EEF99760F118124FD449B190C675DC52A7A0

Function 00F249F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00F24A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00F24A5C
SetErrorMode.KERNEL32(00000000,?,?,00F4CC08), ref: 00F24AD0

Strings

%lu, xrefs: 00F24A6F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 360111639213b3374659af72ff3e9b46f7d7778d86f0bde5f2437e990c4dab7a
Instruction ID: ac30d4adf506442096497723600192bec7c01f76b02d8803325cac90ff02414e
Opcode Fuzzy Hash: 360111639213b3374659af72ff3e9b46f7d7778d86f0bde5f2437e990c4dab7a
Instruction Fuzzy Hash: 0F31A575A00108AFD710DF54C881EAA7BF8EF04308F1480A5F909EB252D775ED45DFA1

Function 00F441EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00F4424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00F44264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00F44271

Strings

msctls_trackbar32, xrefs: 00F44226

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: b6852efa93719b0640fc19ca6c42b0e29a2a69bac88a17d1800d51eec10ccab0
Instruction ID: 1a7211889f368a7ec13a799fbd6eca6fdc96b7c751a23b82727829e2cefec3c8
Opcode Fuzzy Hash: b6852efa93719b0640fc19ca6c42b0e29a2a69bac88a17d1800d51eec10ccab0
Instruction Fuzzy Hash: 6A11E331640208BEEF205E29CC06FAB3BACEF95B64F010624FE55F2090D6B1E851AB10

Function 00F12F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB6B57: _wcslen.LIBCMT ref: 00EB6B6A

Part of subcall function 00F12DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F12DC5
Part of subcall function 00F12DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F12DD6
Part of subcall function 00F12DA7: GetCurrentThreadId.KERNEL32 ref: 00F12DDD
Part of subcall function 00F12DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F12DE4

GetFocus.USER32 ref: 00F12F78

Part of subcall function 00F12DEE: GetParent.USER32(00000000), ref: 00F12DF9

GetClassNameW.USER32(?,?,00000100), ref: 00F12FC3
EnumChildWindows.USER32(?,00F1303B), ref: 00F12FEB

Strings

%s%d, xrefs: 00F12FFF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: b3338537906c8f23d9de6ce52d9b3af341eda44719813ecbe05ea18d1135fb31
Instruction ID: 489f873ccf48b19bf24a995a8d8025fa558db58dccf8a23f24c8ed8e3774caea
Opcode Fuzzy Hash: b3338537906c8f23d9de6ce52d9b3af341eda44719813ecbe05ea18d1135fb31
Instruction Fuzzy Hash: 1411E7756002056BCF447FB0DCD5EEE37AAAF94308F049075FD09AB152DE349985AB70

Function 00F45882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00F458C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00F458EE
DrawMenuBar.USER32(?), ref: 00F458FD

Strings

0, xrefs: 00F4588F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 959377508ce1dfb7ac50e7beeb69292b6fcfc777f98b888325ec82c2a7db316b
Instruction ID: 885bf52952123d19f7e3b8d346400ae488015c3a907a67d897b8e94e83600484
Opcode Fuzzy Hash: 959377508ce1dfb7ac50e7beeb69292b6fcfc777f98b888325ec82c2a7db316b
Instruction Fuzzy Hash: 6D016D32501218EFDB61AF11DC44BAEBFB5FB45B60F148099FC49DA162DB308A84EF61

Function 00F0D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00F0D3BF
FreeLibrary.KERNEL32 ref: 00F0D3E5

Strings

GetSystemWow64DirectoryW, xrefs: 00F0D3B9
X64, xrefs: 00F0D2A8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 3013587201-2590602151
Opcode ID: d766d542d152018b9eccc9a619b6355d139d84f4b3784f8d621b6bf485639c8d
Instruction ID: 7d445738d3dd4bbb4e7b95071fc268e1450964145ba3d5153cc7cd9da3d852d4
Opcode Fuzzy Hash: d766d542d152018b9eccc9a619b6355d139d84f4b3784f8d621b6bf485639c8d
Instruction Fuzzy Hash: 03F0AB77C07A21EBC7B112904C14FADB714AF10B01B95A129FC02F21C9D720CD40B7D6

Function 00F1007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ae2b163739103ea1db13d72565cb969b9fa0f1b5fdd5dc5fc82873107d03573
Instruction ID: 34281baf3cd072d74d630cf29defbf3e17c94acd659cf0e3aeac2d141101302f
Opcode Fuzzy Hash: 1ae2b163739103ea1db13d72565cb969b9fa0f1b5fdd5dc5fc82873107d03573
Instruction Fuzzy Hash: D8C14A75A0020AEFDB14CFA4C894AAEB7B5FF48314F208598E515EB251DB71EDC1EB90

Function 00F3342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00F33459
CoUninitialize.OLE32 ref: 00F33463
VariantInit.OLEAUT32(?), ref: 00F3346E
VariantClear.OLEAUT32(?), ref: 00F3371B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: b626637422be37ebbde237bfe53bdcd65420768fa517d6c51d5828a20ff8cd37
Instruction ID: 9bf79f8a260e1b5839ce586f61607486bdf1192c66f8457221ae4c2c6a9e91ce
Opcode Fuzzy Hash: b626637422be37ebbde237bfe53bdcd65420768fa517d6c51d5828a20ff8cd37
Instruction Fuzzy Hash: D5A12A756043119FC710DF28C586A6AB7E5FF88724F049859F98AAB362DB30ED01DB91

Function 00F10436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00F4FC08,?), ref: 00F105F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00F4FC08,?), ref: 00F10608
CLSIDFromProgID.OLE32(?,?,00000000,00F4CC40,000000FF,?,00000000,00000800,00000000,?,00F4FC08,?), ref: 00F1062D
_memcmp.LIBVCRUNTIME ref: 00F1064E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 576322453d003612ea969d00ee891356546f48c536be85c8e69ca2a29332f683
Instruction ID: 855cfca3298af17b9467f03ed93985402748a6ff30c3f2699a9da78e2303fdee
Opcode Fuzzy Hash: 576322453d003612ea969d00ee891356546f48c536be85c8e69ca2a29332f683
Instruction Fuzzy Hash: 37812A75A00109EFCB04DF94C984EEEB7BAFF89315F204558F506AB250DB71AE86DB60

Function 00EF1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00EF14C0

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: bd0c0b0cfa42f77d6f4704032976254a7ea304f2992addbd278888c97ef1ba93
Instruction ID: dbc14aa2a44e4dd17bdad0ba4dd1428b1f3291b84401baf25cf76792aa2bb4cb
Opcode Fuzzy Hash: bd0c0b0cfa42f77d6f4704032976254a7ea304f2992addbd278888c97ef1ba93
Instruction Fuzzy Hash: 8D416D3160010CEBDB25ABB99C456BE3AE5EF81334F1472A6FA39F6392E634484152B1

Function 00F46278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00F462E2
ScreenToClient.USER32(?,?), ref: 00F46315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00F46382

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 36f04a3d65bae9a4a87d97b0d9b1f560d20ade92a69390b01b3aa79050f307fb
Instruction ID: 8beef18f118996db98c845b3bf5cb1060457ffef5a5adebaded70a9c86429a6d
Opcode Fuzzy Hash: 36f04a3d65bae9a4a87d97b0d9b1f560d20ade92a69390b01b3aa79050f307fb
Instruction Fuzzy Hash: E8511B74A00249AFDF14DF54D8809BE7BB5FB56364F108259F815D7290D730AD41EB91

Function 00F31AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00F31AFD
WSAGetLastError.WSOCK32 ref: 00F31B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00F31B8A
WSAGetLastError.WSOCK32 ref: 00F31B94

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 21bbffeda02e1ae7c51f3c53195a6e4c0cce72b4c714f59ac07b17b63e488533
Instruction ID: e28ace115d95ea77f033278aec6cb9c8726049e06e75fcaba4b3e460c09445b6
Opcode Fuzzy Hash: 21bbffeda02e1ae7c51f3c53195a6e4c0cce72b4c714f59ac07b17b63e488533
Instruction Fuzzy Hash: 3741C434600200AFE720AF24C886F6677E5AB84728F54949CF91AAF7D3D776DD42CB90

Function 00EEB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d965f4ace8321b27a13fb683bce76a77bf642e9358b8adf2e618d5dcdce1045
Instruction ID: 3f0aadefa2bf83b566a846a69fbbcd1d1b4f1dcbab8dcc4ece3d4136ec1d43ca
Opcode Fuzzy Hash: 5d965f4ace8321b27a13fb683bce76a77bf642e9358b8adf2e618d5dcdce1045
Instruction Fuzzy Hash: BD410871A0034CAFD7249F79CC41BABBBE9EB84710F10556EF551EB2D2E77199018780

Function 00F256D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00F25783
GetLastError.KERNEL32(?,00000000), ref: 00F257A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00F257CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00F257FA

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: a69dad7f7a9b5a4ce6c6b8d23ec5619ba25b31cde6148565c3a5b713381836e6
Instruction ID: 4d346f1168164d50155826ec147d52340cf46994d3584ce9183939b8dcfaa5cb
Opcode Fuzzy Hash: a69dad7f7a9b5a4ce6c6b8d23ec5619ba25b31cde6148565c3a5b713381836e6
Instruction Fuzzy Hash: F3412B39600610DFCB21DF15C445A9EBBE2AF89720B18C498E84AAB762CB74FD40DB91

Function 00EED8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00ED82D9,?,00ED82D9,?,00000001,?,?,00000001,00ED82D9,00ED82D9), ref: 00EED910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EED999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00EED9AB
__freea.LIBCMT ref: 00EED9B4

Part of subcall function 00EE3820: RtlAllocateHeap.NTDLL(00000000,?,00F81444,?,00ECFDF5,?,?,00EBA976,00000010,00F81440,00EB13FC,?,00EB13C6,?,00EB1129), ref: 00EE3852

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 44507c13c2a76560f49bad89a4961dc2b8c16426101bcecb12dd8a8f03e29ac2
Instruction ID: d12d4926298b10f9e2b4775776531d83cce3300c9dbbb28d3278b38e2121aeb4
Opcode Fuzzy Hash: 44507c13c2a76560f49bad89a4961dc2b8c16426101bcecb12dd8a8f03e29ac2
Instruction Fuzzy Hash: 7531D072A0024EABDF24CF66DC45EAE7BA5EB81314F054169FC04E7251EB76CD50CBA0

Function 00F452C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00F45352
GetWindowLongW.USER32(?,000000F0), ref: 00F45375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00F45382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00F453A8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: dae7462e24edfba7b407e03511863011b248e91e45df2fc30f9b0d4a66096256
Instruction ID: a63ea9c6ae13d67e42f541d162c31e550af47f54dcb3094d2dafbab7cf2c19a4
Opcode Fuzzy Hash: dae7462e24edfba7b407e03511863011b248e91e45df2fc30f9b0d4a66096256
Instruction Fuzzy Hash: 6A31A135E55A0CAFEB20AE54CC45BF83FA7AB05BA0F585141FE10962E2C7B59D40BB81

Function 00F1AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00F1ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00F1AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00F1AC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00F1ACC6

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 35c5bda88e65db3bffee6c7c16f348d36ee12dbbe00ff705fd7e61f969b8224a
Instruction ID: 4b72d628ad9efc079c81ae44cfefa7ed4730bc462542e42c7f59cc560a07d174
Opcode Fuzzy Hash: 35c5bda88e65db3bffee6c7c16f348d36ee12dbbe00ff705fd7e61f969b8224a
Instruction Fuzzy Hash: 6F312630E05718AFEF35CB658C147FA7BA5AB99320F04421AE485922D1D379C9C5A7D2

Function 00F47674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00F4769A
GetWindowRect.USER32(?,?), ref: 00F47710
PtInRect.USER32(?,?,00F48B89), ref: 00F47720
MessageBeep.USER32(00000000), ref: 00F4778C

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 4fe9bcebb51870a87bb93e17dec2d5c2ad547ad66b56cb8f5b94d031639776f7
Instruction ID: a437ddf8df109aa9c5e7586f0bf9f7cb952221b1671a75f81fc692272c454b79
Opcode Fuzzy Hash: 4fe9bcebb51870a87bb93e17dec2d5c2ad547ad66b56cb8f5b94d031639776f7
Instruction Fuzzy Hash: 67417E39A05318DFDB11EF58C894EA9BFF9BF49314F5541A8EC149B261C730A942EB90

Function 00F416DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00F416EB

Part of subcall function 00F13A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F13A57
Part of subcall function 00F13A3D: GetCurrentThreadId.KERNEL32 ref: 00F13A5E
Part of subcall function 00F13A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F125B3), ref: 00F13A65

GetCaretPos.USER32(?), ref: 00F416FF
ClientToScreen.USER32(00000000,?), ref: 00F4174C
GetForegroundWindow.USER32 ref: 00F41752

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 86450276778ee2c11f6ec59d589b1536d215e89fe915ec1ed8f2f3761d58b8ea
Instruction ID: 3135b14120a270daca4fb1814a82b145956e9723275662d0192119f39c1575fd
Opcode Fuzzy Hash: 86450276778ee2c11f6ec59d589b1536d215e89fe915ec1ed8f2f3761d58b8ea
Instruction Fuzzy Hash: FC314175E00149AFC700EFA9C881CEFBBF9EF48304B5490AAE415E7211D7359E45DBA0

Function 00F1DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00EB7620: _wcslen.LIBCMT ref: 00EB7625

_wcslen.LIBCMT ref: 00F1DFCB
_wcslen.LIBCMT ref: 00F1DFE2
_wcslen.LIBCMT ref: 00F1E00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00F1E018

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: e3f832cc1e205e9b6696c06ad80b09ea1766db7a57e21c1e0b4944756bc0617a
Instruction ID: 76ed4df0522b5fd0c0a24d92714105b0aff8926e128189ecc2fa314e25b97694
Opcode Fuzzy Hash: e3f832cc1e205e9b6696c06ad80b09ea1766db7a57e21c1e0b4944756bc0617a
Instruction Fuzzy Hash: 2F21E571D00214AFCB10DFA8C981BAEB7F8EF89760F144065E905BB385D6709E41DBE1

Function 00F1D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00F1D501
Process32FirstW.KERNEL32(00000000,?), ref: 00F1D50F
Process32NextW.KERNEL32(00000000,?), ref: 00F1D52F
CloseHandle.KERNEL32(00000000), ref: 00F1D5DC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 5d5cf699a870212d82359408c1c463afaa3b5a32329294a21f63b08dc8d4f101
Instruction ID: 81526380b661172590af612234c54c99425d3eb3a8cea8f8a97780af94ce55f7
Opcode Fuzzy Hash: 5d5cf699a870212d82359408c1c463afaa3b5a32329294a21f63b08dc8d4f101
Instruction Fuzzy Hash: 6531AD721083009FD305EF54C881AEFBBF8EFDA354F14092DF581921A2EB719989DB92

Function 00F48FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EC9BB2

GetCursorPos.USER32(?), ref: 00F49001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00F07711,?,?,?,?,?), ref: 00F49016
GetCursorPos.USER32(?), ref: 00F4905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00F07711,?,?,?), ref: 00F49094

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: c5dfda05c36f7978e53d8f741a6388bdcc10aac4a1f3710ca0238e001e8a92e8
Instruction ID: d3d2ee92884d69d698a57df277cea64c02b195a4de78557b0b16117dea889679
Opcode Fuzzy Hash: c5dfda05c36f7978e53d8f741a6388bdcc10aac4a1f3710ca0238e001e8a92e8
Instruction Fuzzy Hash: 7921AD35B01018AFDB25CFA8C858EFB3FB9FB8A360F044159F9055B261C7719951EBA0

Function 00F1D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00F4CB68), ref: 00F1D2FB
GetLastError.KERNEL32 ref: 00F1D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00F1D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00F4CB68), ref: 00F1D376

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: c55de882fcdb8c767c38b77fa4b46672f693d33e633d91107920a6509bbb7da7
Instruction ID: fc7bf3886d1a0ed61a80ae39c9d584b5afb8a07d26aa0b10b8dbf439178a38e1
Opcode Fuzzy Hash: c55de882fcdb8c767c38b77fa4b46672f693d33e633d91107920a6509bbb7da7
Instruction Fuzzy Hash: 9921A3749052019F8714DF24C8814EB77F4EE56368F105A1DF8A9D32A1D731D986EB93

Function 00F11571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F11014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F1102A
Part of subcall function 00F11014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F11036
Part of subcall function 00F11014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F11045
Part of subcall function 00F11014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F1104C
Part of subcall function 00F11014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F11062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00F115BE
_memcmp.LIBVCRUNTIME ref: 00F115E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F11617
HeapFree.KERNEL32(00000000), ref: 00F1161E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 97db4dc86042316622364ed213c08e264994d8c28713bd796d0db9bfacc7f5fd
Instruction ID: ffb957e4325e930c550f85d4ee88a6e754f49babb8aac8ee5cbf6a3eeb06b842
Opcode Fuzzy Hash: 97db4dc86042316622364ed213c08e264994d8c28713bd796d0db9bfacc7f5fd
Instruction Fuzzy Hash: 0221AC31E01108EFEF10DFA4C945BEEB7B9FF84354F094459E941AB241E731AA85EBA0

Function 00F42782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00F4280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F42824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00F42832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00F42840

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 85e583f51ba1dca17a09afb0016c70b4b57ee582b977bcc1a326f0b5fa660d51
Instruction ID: c8290cedfc48a70d0af919768b8345073a4d4d3852f7b5172f361c6bbee5abee
Opcode Fuzzy Hash: 85e583f51ba1dca17a09afb0016c70b4b57ee582b977bcc1a326f0b5fa660d51
Instruction Fuzzy Hash: 89210335605110AFD7549B24CC44FAA7B99EF46324F198168FC268B2E2CB75FC82DBD0

Function 00F178F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00F18D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00F1790A,?,000000FF,?,00F18754,00000000,?,0000001C,?,?), ref: 00F18D8C
Part of subcall function 00F18D7D: lstrcpyW.KERNEL32(00000000,?,?,00F1790A,?,000000FF,?,00F18754,00000000,?,0000001C,?,?,00000000), ref: 00F18DB2
Part of subcall function 00F18D7D: lstrcmpiW.KERNEL32(00000000,?,00F1790A,?,000000FF,?,00F18754,00000000,?,0000001C,?,?), ref: 00F18DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00F18754,00000000,?,0000001C,?,?,00000000), ref: 00F17923
lstrcpyW.KERNEL32(00000000,?,?,00F18754,00000000,?,0000001C,?,?,00000000), ref: 00F17949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00F18754,00000000,?,0000001C,?,?,00000000), ref: 00F17984

Strings

cdecl, xrefs: 00F1797B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 0de934c85275943b918222f7a20f98f61dbec133ee42b6865fd68be20e6c2d8d
Instruction ID: b09931d72bc875d1e5d005d5d46655bc422bdf148f67c246f0acf85f1df1564e
Opcode Fuzzy Hash: 0de934c85275943b918222f7a20f98f61dbec133ee42b6865fd68be20e6c2d8d
Instruction Fuzzy Hash: 8611063A200301AFCB15AF34DC44EBA77B5FF953A0B50502AF906C72A4EB319841E791

Function 00F47CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00F47D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00F47D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00F47D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00F2B7AD,00000000), ref: 00F47D6B

Part of subcall function 00EC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EC9BB2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: a08e981099dd57a448d6e3e6526e39b0ddaf99531660ab51874529da817089d0
Instruction ID: daa939482d47a76511ee8e153bfda9b4257953e5dc40c5706118db88820c13c2
Opcode Fuzzy Hash: a08e981099dd57a448d6e3e6526e39b0ddaf99531660ab51874529da817089d0
Instruction Fuzzy Hash: 16119335915619AFCB10AF28CC04AB63BA9BF46370B154724FC39D72F0D7309951EB90

Function 00F45660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00F456BB
_wcslen.LIBCMT ref: 00F456CD
_wcslen.LIBCMT ref: 00F456D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00F45816

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 0d083ba911337c532b78387e92feb70130748113f8081853f98620c92ddee6f7
Instruction ID: 0263d15a4596222ee49baa85e2fd6479b2098eda2353bc99080948a88d111d00
Opcode Fuzzy Hash: 0d083ba911337c532b78387e92feb70130748113f8081853f98620c92ddee6f7
Instruction Fuzzy Hash: B911D676A00609A7DF20EF61CC85AEE7FACEF11B70B104126FD15D6182E770C985EB60

Function 00EE1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd8cda326bdd4a470073248b13b62925e822de39d1f1806d224130155482043c
Instruction ID: 245ae72c7a507e5608e74b65613eab721c16cf7f7fd510a272fe76063361bc8f
Opcode Fuzzy Hash: dd8cda326bdd4a470073248b13b62925e822de39d1f1806d224130155482043c
Instruction Fuzzy Hash: E201A2B220A69E3EF6111A7A6CC1F67665CDF813B9B313369F521721D2DB718C805160

Function 00F11A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00F11A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F11A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F11A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F11A8A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 9d5d1fc6f81c8a030d981ea8e2e5ac23b6672b3be264fada9eeefaef294a9c6a
Instruction ID: 1bbea2bb65b87c40498f4d670ce790139663af64f390c488bee94a3f67f03aa4
Opcode Fuzzy Hash: 9d5d1fc6f81c8a030d981ea8e2e5ac23b6672b3be264fada9eeefaef294a9c6a
Instruction Fuzzy Hash: 4811E53AD01219FFEB119BA58985FADBB78FF08750F200091EA04B7290D6716E50AB94

Function 00F1E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00F1E1FD
MessageBoxW.USER32(?,?,?,?), ref: 00F1E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00F1E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00F1E24D

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 2a093e42266717669cf720b3af50c0bf6d7488903baa1f8bfe518ff2c064f058
Instruction ID: 8f04275dc0ba3104a68298e5d6a874b9d675ea833524ba8f166a1c0dd121ce15
Opcode Fuzzy Hash: 2a093e42266717669cf720b3af50c0bf6d7488903baa1f8bfe518ff2c064f058
Instruction Fuzzy Hash: 8011C876E04258BBD7019FA89C09AEE7FACAB46320F144355FD14E3291D6B0C94497A0

Function 00EDD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00EDCFF9,00000000,00000004,00000000), ref: 00EDD218
GetLastError.KERNEL32 ref: 00EDD224
__dosmaperr.LIBCMT ref: 00EDD22B
ResumeThread.KERNEL32(00000000), ref: 00EDD249

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: b06731aef86f6e9026929aa089c11b8c933d5db861379183c65d6f68ce263ef8
Instruction ID: 104a4b70da5b7f70d694ec4cb1dca743a275fd4e2c2ea2777b4a8216ef6b5086
Opcode Fuzzy Hash: b06731aef86f6e9026929aa089c11b8c933d5db861379183c65d6f68ce263ef8
Instruction Fuzzy Hash: 9601D636409208BBC7115FA5DC05BAE7AADDF92334F10221AF925B63E0CB718902D6A0

Function 00F49EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00EC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00EC9BB2

GetClientRect.USER32(?,?), ref: 00F49F31
GetCursorPos.USER32(?), ref: 00F49F3B
ScreenToClient.USER32(?,?), ref: 00F49F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00F49F7A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 828dbc93d223c6aa9b635fb528c2f061407a6961747daa558e27604718bb77bf
Instruction ID: 918c79c037c3dddd6543eba0e3bad03af000c6d2bde86f39ec5ccf528af3f434
Opcode Fuzzy Hash: 828dbc93d223c6aa9b635fb528c2f061407a6961747daa558e27604718bb77bf
Instruction Fuzzy Hash: 18118836A0111AABDB00EF68C8499EE7BBCFB06321F000451FD11E3141C374BE86EBA1

Function 00EB600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00EB604C
GetStockObject.GDI32(00000011), ref: 00EB6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00EB606A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 5820bba856aa40eb3b528291cd770fbd6703606970fa93a110e6284bdf63e328
Instruction ID: af3237ec5e60cb95aaf8f20ba6e07aa676eb85f84b37682d142738c919d4cefc
Opcode Fuzzy Hash: 5820bba856aa40eb3b528291cd770fbd6703606970fa93a110e6284bdf63e328
Instruction Fuzzy Hash: 5E115E7250250DBFEF225F959C44AFB7B69EF19364F041215FE1466110D73ADC60AB90

Function 00ED3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00ED3B56

Part of subcall function 00ED3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00ED3AD2
Part of subcall function 00ED3AA3: ___AdjustPointer.LIBCMT ref: 00ED3AED

_UnwindNestedFrames.LIBCMT ref: 00ED3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00ED3B7C
CallCatchBlock.LIBVCRUNTIME ref: 00ED3BA4

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 9d948bb80d4c9dcd1c0ae637561622039dbd882413de7f23549dafc1cd6a9271
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: F9018072100148BBCF115FA5CC42DEB3FADEF58754F04400AFE4866221C332D962EBA1

Function 00EE3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00EB13C6,00000000,00000000,?,00EE301A,00EB13C6,00000000,00000000,00000000,?,00EE328B,00000006,FlsSetValue), ref: 00EE30A5
GetLastError.KERNEL32(?,00EE301A,00EB13C6,00000000,00000000,00000000,?,00EE328B,00000006,FlsSetValue,00F52290,FlsSetValue,00000000,00000364,?,00EE2E46), ref: 00EE30B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00EE301A,00EB13C6,00000000,00000000,00000000,?,00EE328B,00000006,FlsSetValue,00F52290,FlsSetValue,00000000), ref: 00EE30BF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: fff34b67956f022b6a7a6b22676abdb9e363f1a15470ef743a8732b8ff7738f4
Instruction ID: e274db089e20397059cee0f87f547aafc99deb682b0cacef5b93a19437990191
Opcode Fuzzy Hash: fff34b67956f022b6a7a6b22676abdb9e363f1a15470ef743a8732b8ff7738f4
Instruction Fuzzy Hash: 3F01203630226EABCB318BBB9C4C9A77798AF46775B101620FD05F3140C721D901C6D0

Function 00F17464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00F1747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00F17497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00F174AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00F174CA

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 4896e2ae91bb77395a83871d45bffe5e6429b946ee982ccd6b7460b7dad14f5c
Instruction ID: 419fc03d92118ba7c3a4630f8a6055a0504bac4fff0c7bee1064d150300b7448
Opcode Fuzzy Hash: 4896e2ae91bb77395a83871d45bffe5e6429b946ee982ccd6b7460b7dad14f5c
Instruction Fuzzy Hash: 3211A1B5206314DBE720DF14DD08BD27BFCEB00B00F108569AA5AD71A1D774E984FB90

Function 00F1B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F1ACD3,?,00008000), ref: 00F1B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F1ACD3,?,00008000), ref: 00F1B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F1ACD3,?,00008000), ref: 00F1B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F1ACD3,?,00008000), ref: 00F1B126

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 1f40908677910c4dfc3394cac749fc31d53566ad520d616b9139e10dcaa15092
Instruction ID: a243fdfa89a7f1c1f1e1157eeceab16c64c70468ea27ecc181902ded9f647be2
Opcode Fuzzy Hash: 1f40908677910c4dfc3394cac749fc31d53566ad520d616b9139e10dcaa15092
Instruction Fuzzy Hash: 12116D31C0252CE7CF00AFE5E958BEEBB78FF5A711F214089D951B2281CB305690AB91

Function 00F47E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00F47E33
ScreenToClient.USER32(?,?), ref: 00F47E4B
ScreenToClient.USER32(?,?), ref: 00F47E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00F47E8A

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: bafb62e87e5dede0baa518e2feddc4adb113dacc8dfb2bafbd5af7bc05414f0c
Instruction ID: 2cfcff7a337da9691b40374805efc57aaad0bba1590faae38221e654f377399a
Opcode Fuzzy Hash: bafb62e87e5dede0baa518e2feddc4adb113dacc8dfb2bafbd5af7bc05414f0c
Instruction Fuzzy Hash: BF1140B9D0020AAFDB41DF98C884AEEBBF9FB19310F509166E915E3210D735AA54DF90

Function 00F12DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F12DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00F12DD6
GetCurrentThreadId.KERNEL32 ref: 00F12DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F12DE4

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 8fd723a6ad52fddcab17ca86480219ff05b0c0b2cce48a66030a3fc6a64e4c58
Instruction ID: ad399318790847272a5fdc4df79963f9b734e22e2be6da7cd9ae563d0bcfc529
Opcode Fuzzy Hash: 8fd723a6ad52fddcab17ca86480219ff05b0c0b2cce48a66030a3fc6a64e4c58
Instruction Fuzzy Hash: CAE0657550222876D76017A3EC0DFE73E5CEB53B61F015015B505D10809A908480E6F0

Function 00F48863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00EC9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00EC9693
Part of subcall function 00EC9639: SelectObject.GDI32(?,00000000), ref: 00EC96A2
Part of subcall function 00EC9639: BeginPath.GDI32(?), ref: 00EC96B9
Part of subcall function 00EC9639: SelectObject.GDI32(?,00000000), ref: 00EC96E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00F48887
LineTo.GDI32(?,?,?), ref: 00F48894
EndPath.GDI32(?), ref: 00F488A4
StrokePath.GDI32(?), ref: 00F488B2

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: b9955ac1f453b9492dba3b44a84196bd9026a439454dbe5ad7aed494d693f1e9
Instruction ID: 850a8658df739853a5b003d50c955420386ce0cea8e5af5b20a6132456af7b16
Opcode Fuzzy Hash: b9955ac1f453b9492dba3b44a84196bd9026a439454dbe5ad7aed494d693f1e9
Instruction Fuzzy Hash: 2DF03A3A042258BADB125F98AC09FDE3E59AF16310F048100FE11A50E2C7755552EBE9

Function 00EC98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00EC98CC
SetTextColor.GDI32(?,?), ref: 00EC98D6
SetBkMode.GDI32(?,00000001), ref: 00EC98E9
GetStockObject.GDI32(00000005), ref: 00EC98F1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 5dba8cdd9b24e13462d16bf5db77cfd927dc8e288b57b744f4b9d3cd5e58b034
Instruction ID: 0b2974d432e9e53bbf87cf5e57d0ed45fcb3f6c65fee87258e6e9c183b8c633b
Opcode Fuzzy Hash: 5dba8cdd9b24e13462d16bf5db77cfd927dc8e288b57b744f4b9d3cd5e58b034
Instruction Fuzzy Hash: 05E06535645284AADB615B74AC09BE83F20AB66735F049219FAF5540E1C7715640BB10

Function 00F1162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00F11634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00F111D9), ref: 00F1163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00F111D9), ref: 00F11648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00F111D9), ref: 00F1164F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 794cea5382d22caff4b4156ae8eff61031ff2d8f147c3377634d5147fb0a4e95
Instruction ID: 2d1ce30cd2377a2aca675d589f6ad139e092cb3b9f9f767d9723339535ff4c7f
Opcode Fuzzy Hash: 794cea5382d22caff4b4156ae8eff61031ff2d8f147c3377634d5147fb0a4e95
Instruction Fuzzy Hash: 64E04F35A022159BE7A01FA49D0DB963B68AF667A1F144808FA45C9090D6644480AB90

Function 00F0D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00F0D858
GetDC.USER32(00000000), ref: 00F0D862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F0D882
ReleaseDC.USER32(?), ref: 00F0D8A3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 24a5ddb7e00eab1b0c0f260118d295ff37adcda9b2f9e79ffd9c5b58f26ba253
Instruction ID: 19bdadc490bbe1ac15df9b733fea91ff0486feabc5561aa30739ab11d88685a7
Opcode Fuzzy Hash: 24a5ddb7e00eab1b0c0f260118d295ff37adcda9b2f9e79ffd9c5b58f26ba253
Instruction Fuzzy Hash: 03E01275805208DFCB919FA4D90866DBBF1FB19310F15E059FC0AE7250C7354501BF80

Function 00F0D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00F0D86C
GetDC.USER32(00000000), ref: 00F0D876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F0D882
ReleaseDC.USER32(?), ref: 00F0D8A3

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: ed3b93855970766238f60c8ddad9a2d65e10c86ba0253214e99425207ecde1cc
Instruction ID: 404b2ae5048e555f84f2eb2be78833af558c919cf3803b62c10e09273a1ea54a
Opcode Fuzzy Hash: ed3b93855970766238f60c8ddad9a2d65e10c86ba0253214e99425207ecde1cc
Instruction Fuzzy Hash: 32E01A78805208DFCB909FA4D80866DBBF1BB18310B15A048FC0AE7260C7395901AF80

Function 00F24D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB7620: _wcslen.LIBCMT ref: 00EB7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00F24ED4

Strings

LPT, xrefs: 00F24DFB
*, xrefs: 00F24E10

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: b7683f0648d0e991d62d8f7be7d0d125d4937522373d5a314f3d56a5d7ed7bdd
Instruction ID: f74a511435d70ce15cf5caec42acfceb053817e333e20b82f90f09ff8bd3ea51
Opcode Fuzzy Hash: b7683f0648d0e991d62d8f7be7d0d125d4937522373d5a314f3d56a5d7ed7bdd
Instruction Fuzzy Hash: 1F91D075A002149FCB14DF58C580EAABBF1BF84314F198099E80AAF3A2C771ED85DB90

Function 00EDE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00EDE30D

Strings

pow, xrefs: 00EDE2E5, 00EDE302

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 96dfbbe85f1f31a8115a9f05a93423482fb213b34ee63d03f669acdb4895d1f4
Instruction ID: 6d99b9644e0805d83b1fd23b10da4ffff103f19288e391e96407a1f11bc65c46
Opcode Fuzzy Hash: 96dfbbe85f1f31a8115a9f05a93423482fb213b34ee63d03f669acdb4895d1f4
Instruction Fuzzy Hash: A4519261A0C24A96CB157715DD053BA3BE8EB41745F307E5AE0D57A3F8EB308C82AA46

Function 00ECE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00ECE1B1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 0ce7ffef8d2915fa1719ca237d2e30d924e6dd9181c2ea8495db8b870cccf4e6
Instruction ID: 5298a87b017ff4aae061599e90a530a20bfa404d08a97e4c1585d74ea8a61c93
Opcode Fuzzy Hash: 0ce7ffef8d2915fa1719ca237d2e30d924e6dd9181c2ea8495db8b870cccf4e6
Instruction Fuzzy Hash: FC513675A00346DFDB29DF64C481BFA7BA8EF15320F245459ECA1AB2D0D6349D43EB90

Function 00ECF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00ECF2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00ECF2BB

Strings

@, xrefs: 00ECF2AF

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 67e97dd5be33ccf76507c4ec44e446f084a4c0fffe66bb423d011fc56163e525
Instruction ID: e924c2b5a6ccdce6a8e82a053a51c9f7ea81944e73b2790c9324bd5228871f84
Opcode Fuzzy Hash: 67e97dd5be33ccf76507c4ec44e446f084a4c0fffe66bb423d011fc56163e525
Instruction Fuzzy Hash: A151467150C748ABD320AF10DC86BABBBF8FB84300F81985DF1D9911A5EB708529CB67

Function 00F35745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00F357E0
_wcslen.LIBCMT ref: 00F357EC

Strings

CALLARGARRAY, xrefs: 00F357E6, 00F357EB

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 730cd8827568f5274d6c954ca2f3877448b6018c543f5771d47d427b1770b7c3
Instruction ID: 733d7a1343a19242acbbc47a8b6945f5f904c3a293e4f7b5e7265c1d5e4ada7d
Opcode Fuzzy Hash: 730cd8827568f5274d6c954ca2f3877448b6018c543f5771d47d427b1770b7c3
Instruction Fuzzy Hash: 0F41AC71E002099FCB14DFA8C8829EEBBF5FF99730F105029E505A7292E7349D81DBA0

Function 00F2D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00F2D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00F2D13A

Strings

|, xrefs: 00F2D10B

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: 6cf00a8526f6f1c630c0ac68910f84022a758bbba0f3e24e415d3068c268e64f
Instruction ID: 2802270bf2ba63d3d6d25705ee9254ca982b66ff982cfa6eed9993ea823d10df
Opcode Fuzzy Hash: 6cf00a8526f6f1c630c0ac68910f84022a758bbba0f3e24e415d3068c268e64f
Instruction Fuzzy Hash: E2311871D00219ABDF15EFA4DC85AEFBFB9FF04310F100019E815B62A2E735AA16DB60

Function 00F4356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00F43621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00F4365C

Strings

static, xrefs: 00F435BC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 26d91f80e7b32c6d1b4c75603565906442067bb747abed1e015621defcad6c3b
Instruction ID: 6637691342d484effcc2655121d5ab7d4b982e87659fd5ab3fab6abbf4bccac2
Opcode Fuzzy Hash: 26d91f80e7b32c6d1b4c75603565906442067bb747abed1e015621defcad6c3b
Instruction Fuzzy Hash: F531AD71500205AADB209F28DC81EFB77A9FF88720F019619FCA597280DA34AD81E760

Function 00F44537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00F4461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00F44634

Strings

', xrefs: 00F4458E

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 66c467fe08c39e6146c70f8c0396c837473c222cc6abee785818fb628798dff9
Instruction ID: 0ab3116fcd1d22663a23e1e24ef23ae62669d9e5dc5c977b5337887f83b7e30d
Opcode Fuzzy Hash: 66c467fe08c39e6146c70f8c0396c837473c222cc6abee785818fb628798dff9
Instruction Fuzzy Hash: 44313675A0120A9FDF14CFA9C981BEABBB5FF09300F15416AED04AB381E770A941DF90

Function 00F431EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00F4327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F43287

Strings

Combobox, xrefs: 00F43249

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 0af5c5f251f0ffc50c4b66cc9d38564d2a55e93590b75a377416c85481aaf530
Instruction ID: c4851701b64dcfa500ed57a306efe16167a358c82dc90ff45e95dfb2a196b940
Opcode Fuzzy Hash: 0af5c5f251f0ffc50c4b66cc9d38564d2a55e93590b75a377416c85481aaf530
Instruction Fuzzy Hash: 2F11B2717002087FFF259E54DC81EFB3B6AEB943A4F104225FD18A7290D6B59E51A760

Function 00F43710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00EB600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00EB604C
Part of subcall function 00EB600E: GetStockObject.GDI32(00000011), ref: 00EB6060
Part of subcall function 00EB600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00EB606A

GetWindowRect.USER32(00000000,?), ref: 00F4377A
GetSysColor.USER32(00000012), ref: 00F43794

Strings

static, xrefs: 00F43757

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 5c1af9774b1458b8a87b4f4fa8f99edc94ffa0e490a815edd0e37e28c4b6e23d
Instruction ID: 091f898a8ce2ff2bb79acfddbd16d7a02fe3b752736b6ab1742ae986297d8d06
Opcode Fuzzy Hash: 5c1af9774b1458b8a87b4f4fa8f99edc94ffa0e490a815edd0e37e28c4b6e23d
Instruction Fuzzy Hash: 1D1129B261020AAFDF10DFA8CC46AEA7BB8FB09354F005515FD95E2250E735E851AB50

Function 00F2CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00F2CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00F2CDA6

Strings

<local>, xrefs: 00F2CD66

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 7081119a02c0b3976bd5f9509bbcad883faf2b233476842f9be667a3ea954017
Instruction ID: 2a5615bb580cfe9a9d76f374873f71c5f1400bb17fd2f7e56265c8f915baffed
Opcode Fuzzy Hash: 7081119a02c0b3976bd5f9509bbcad883faf2b233476842f9be667a3ea954017
Instruction Fuzzy Hash: 5C1106766016367AD7344B669C44FEBBE6CEF127B4F804226F52983080D3749844E6F1

Function 00F43429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00F434AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00F434BA

Strings

edit, xrefs: 00F4348F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 4c6b7d0a7fcfcfe8545f9269714a8d311c43e0d56ed6ccd55ac915bf4ba4975d
Instruction ID: 5634d3192b375e6247fb6d77e7cb85da2ce431d78d124bc405dd2483dd71f7ce
Opcode Fuzzy Hash: 4c6b7d0a7fcfcfe8545f9269714a8d311c43e0d56ed6ccd55ac915bf4ba4975d
Instruction Fuzzy Hash: 81118C71600208ABEB229E64DC44AFB3BAAEB15374F504324FD65932E4C775ED91AB60

Function 00F16C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

CharUpperBuffW.USER32(?,?,?), ref: 00F16CB6
_wcslen.LIBCMT ref: 00F16CC2

Strings

STOP, xrefs: 00F16CBC, 00F16CC1

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: d1381c8291202fbab28ee3bed4035c1db139e3b23d012c15d1e6179bc12f4f20
Instruction ID: d89293f24d46cb53857a84300f6ab7f95b5eef067ecd494ae93e0e7946243ae8
Opcode Fuzzy Hash: d1381c8291202fbab28ee3bed4035c1db139e3b23d012c15d1e6179bc12f4f20
Instruction Fuzzy Hash: 7E01C432A005278BCB219FBDDC809FF77E5EA617207500525E852E6191EB31D980E690

Function 00F11CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F13CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F13CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00F11D4C

Strings

ComboBox, xrefs: 00F11CEB
ListBox, xrefs: 00F11D16

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 8fb7cb7c53a5a9d4b59faf778eab81f0b1f27db9004389280fbda517e6f597a2
Instruction ID: 655cba63ae357f42cc2dbc570b15ff4d2290117354ec4a711746ca89eeca0f01
Opcode Fuzzy Hash: 8fb7cb7c53a5a9d4b59faf778eab81f0b1f27db9004389280fbda517e6f597a2
Instruction Fuzzy Hash: 23014C31A01218ABCB08EBA4DC51DFF77E8FF52360B10050AF936673C2EA305948E761

Function 00F11BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F13CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F13CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00F11C46

Strings

ComboBox, xrefs: 00F11BE5
ListBox, xrefs: 00F11C10

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 58afdaadd1c6732d23390c02c81e60f2339bfd39c287b30524ab6f57fddf2681
Instruction ID: 6c9db5478e042ba05d30bee224f100aa6375e06a62b0f55661e04c5aceb29e99
Opcode Fuzzy Hash: 58afdaadd1c6732d23390c02c81e60f2339bfd39c287b30524ab6f57fddf2681
Instruction Fuzzy Hash: 1D01A775B8110867CB08EB90DD51EFFB7E8AB51340F141019AA0677282EA649E48AAF2

Function 00F11C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F13CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F13CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00F11CC8

Strings

ComboBox, xrefs: 00F11C69
ListBox, xrefs: 00F11C94

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: d04ddf4d18507cda1d40ed0ebca3e74fd74f0caa5352416e9206669b983fb380
Instruction ID: 6cd640639a43e0fa88c110d2433082fc4547493eb33396b98cf912df094a4e07
Opcode Fuzzy Hash: d04ddf4d18507cda1d40ed0ebca3e74fd74f0caa5352416e9206669b983fb380
Instruction Fuzzy Hash: B701DB75B4111C67CF04E794CE51AFF77E8AB11340F241015B90673282EA649F48E6F2

Function 00F11D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00EB9CB3: _wcslen.LIBCMT ref: 00EB9CBD

Part of subcall function 00F13CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F13CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00F11DD3

Strings

ComboBox, xrefs: 00F11D75
ListBox, xrefs: 00F11DA0

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: f431cc93d50d7500c4d2c6d312948371c858caa2647c72c4ab954ea8c7f1ac59
Instruction ID: 760a4276d202f06bd8b3faeb8dfb45d464ea228e70b1a1f03f2f0bfc4f9dab3a
Opcode Fuzzy Hash: f431cc93d50d7500c4d2c6d312948371c858caa2647c72c4ab954ea8c7f1ac59
Instruction Fuzzy Hash: 70F02D71B4121867CB04F7A4DC51FFF77F8BB01350F140915B926732C2EA64590896A1

Function 00F3747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00F37493
_wcslen.LIBCMT ref: 00F374B9

Strings

3, 3, 16, 1, xrefs: 00F37483

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: e0cadb0dccf189067faa248c9153d71ef7353e7b66a2ee388e3a4a1412b1b87c
Instruction ID: 0068207d57ff40d8695faad291be393d413ff547372ed9056e057bc3e552d91d
Opcode Fuzzy Hash: e0cadb0dccf189067faa248c9153d71ef7353e7b66a2ee388e3a4a1412b1b87c
Instruction Fuzzy Hash: 2EE023816143119153313376DCC157F56C9CFD9770B10141BF985D1396E694DD9263A1

Function 00F10B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00F10B23

Strings

Error allocating memory., xrefs: 00F10B1C
AutoIt, xrefs: 00F10B17

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 6825bda146a3d0c498ea1858e10452419e708697d7fb99d8fd6b05b1242a2f06
Instruction ID: f1eb87626073f4ecf8d1923ecafc78d6c497fc86e29e8f907e9ff4b672d525df
Opcode Fuzzy Hash: 6825bda146a3d0c498ea1858e10452419e708697d7fb99d8fd6b05b1242a2f06
Instruction Fuzzy Hash: 94E092312853183BD21026947C03F897FC48B05B20F10542BFB48A55C38AE2649026EA

Function 00ED0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00ECF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00ED0D71,?,?,?,00EB100A), ref: 00ECF7CE

IsDebuggerPresent.KERNEL32(?,?,?,00EB100A), ref: 00ED0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00EB100A), ref: 00ED0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00ED0D7F

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 76979728f47ac605d598572ed10bc26ac538c3ca805630749e3b59c00246fe84
Instruction ID: b9e17ab8cdbc39467a3cd5fb9e0351fb3f937908a31350b2879cc06e205b0f61
Opcode Fuzzy Hash: 76979728f47ac605d598572ed10bc26ac538c3ca805630749e3b59c00246fe84
Instruction Fuzzy Hash: A1E06D742003018BD3609FB8E4047827BE5EB14745F04592EE886D6752DBF1E5499BA1

Function 00F23017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00F2302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00F23044

Strings

aut, xrefs: 00F23038

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 0257aa8ad770440592f8d33110d13b3097e7c5168bf6b5272d5befb49a0a47ec
Instruction ID: 494c52ccb668f0ea3c8ec3b73d2ceec920fe15aa931d127035195cc80bdbacf6
Opcode Fuzzy Hash: 0257aa8ad770440592f8d33110d13b3097e7c5168bf6b5272d5befb49a0a47ec
Instruction Fuzzy Hash: 3CD05E7650132867DA60A7A4AC0EFCB3A6CDB05750F0002A2BA55E2091DAF4DA84CAD5

Function 00F0D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00F0D220

Strings

%.3d, xrefs: 00F0D22B
X64, xrefs: 00F0D2A8

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: e0a513effc16b45b57c9b3df6c8596921149475aba4f8bb9aa99870851e67f6c
Instruction ID: b9b6a18a9ede6d901494e46737859e325cdd1c99c15a4e237112422f24a32e37
Opcode Fuzzy Hash: e0a513effc16b45b57c9b3df6c8596921149475aba4f8bb9aa99870851e67f6c
Instruction Fuzzy Hash: EFD01262809218EACB9096D0CD45EB9B3BCEB19301F508466FC0AA1080D735C5097B62

Function 00F42356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F4236C
PostMessageW.USER32(00000000), ref: 00F42373

Part of subcall function 00F1E97B: Sleep.KERNEL32 ref: 00F1E9F3

Strings

Shell_TrayWnd, xrefs: 00F42365

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 74c8fbc774c661df17cc8050b8f1f9d848bcc1da993806e58b59836e24c81454
Instruction ID: 06752dac8c351376f928a9efbd83340b2de6b2f50bad091701bd2ece14ba168a
Opcode Fuzzy Hash: 74c8fbc774c661df17cc8050b8f1f9d848bcc1da993806e58b59836e24c81454
Instruction Fuzzy Hash: 43D022363C23007BE2A8B330DC0FFCA76149B11B00F0089067B0AEA0D0C8F0B801DA84

Function 00F42322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F4232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00F4233F

Part of subcall function 00F1E97B: Sleep.KERNEL32 ref: 00F1E9F3

Strings

Shell_TrayWnd, xrefs: 00F42325

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 74b35a4587939df5d7e9844b6251bbfc6402b6761c4d32be7bf06adf007b18c8
Instruction ID: 390f5613230a9ac27bee0aed1e5edb522e5b6d52b22020a86e6719068735319f
Opcode Fuzzy Hash: 74b35a4587939df5d7e9844b6251bbfc6402b6761c4d32be7bf06adf007b18c8
Instruction Fuzzy Hash: 30D0223A381300B7E2A8B330DC0FFCA7A149B10B00F0089067B0AEA0D0C8F0A801DA80

Function 00EEBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00EEBE93
GetLastError.KERNEL32 ref: 00EEBEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EEBEFC

Memory Dump Source

Source File: 00000000.00000002.2964351488.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.2964335212.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F4C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964411407.0000000000F72000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964465828.0000000000F7C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2964488044.0000000000F84000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 5fc50560cbf18e028edc02dce6c58e82074dba6ff1fea3d789f85748f0476b45
Instruction ID: 0c1c501bd3fe4d4bf5b9b7c4c60960108c85bcf7c1ecb971dc6a1c0ede92788d
Opcode Fuzzy Hash: 5fc50560cbf18e028edc02dce6c58e82074dba6ff1fea3d789f85748f0476b45
Instruction Fuzzy Hash: B841FA3470128EAFCF218FA6DC44ABB7BA5EF41314F146169F959B72A1DB308D01DBA0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre