Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1528041
MD5:	545d9448a199121f0c35b6250dd8fc5d
SHA1:	e9eb02c3fd60d1b6c53284f94decf9716bf34776
SHA256:	e2d5cec7f69289d807ddd4e2557b9a4c94f0d7ee9695aab176820479a62d7198
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 6308 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 545D9448A199121F0C35B6250DD8FC5D)

taskkill.exe (PID: 6528 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5800 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2312 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2196 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2144 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 5004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5380 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 6308	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 518sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_75.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_75.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: file.exe, 00000000.00000002.2922966294.0000000001068000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_87.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_75.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_75.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_87.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_87.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_75.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_75.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_75.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_75.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_75.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_75.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_75.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_75.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_75.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_75.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_75.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_75.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_87.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_75.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_75.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_75.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_87.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_75.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_75.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_87.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_87.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_87.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_87.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_87.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_87.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_75.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_75.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.1691018722.0000000000794000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_75.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.44:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.44:443 -> 192.168.2.4:49919 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_0082EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0082ED6A

Source: C:\Users\user\Desktop\file.exe

0_2_0082EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_0081AA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00849576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00849576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_66af0d23-4
Source: file.exe, 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_21a04f6a-9
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_fb77a531-1
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_948d8805-c

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_0081D5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00811201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00811201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_0081E8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8060	0_2_007B8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822046	0_2_00822046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00818298	0_2_00818298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE4FF	0_2_007EE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E676B	0_2_007E676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844873	0_2_00844873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BCAF0	0_2_007BCAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DCAA0	0_2_007DCAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CCC39	0_2_007CCC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6DD9	0_2_007E6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CB119	0_2_007CB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B91C0	0_2_007B91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1394	0_2_007D1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1706	0_2_007D1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D781B	0_2_007D781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C997D	0_2_007C997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B7920	0_2_007B7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D19B0	0_2_007D19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7A4A	0_2_007D7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1C77	0_2_007D1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D7CA7	0_2_007D7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E9EEE	0_2_007E9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083BE44	0_2_0083BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D1F32	0_2_007D1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007CF9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 007D0A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@46/30@14/9

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008237B5 GetLastError,FormatMessageW,

0_2_008237B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008110BF AdjustTokenPrivileges,CloseHandle,		0_2_008110BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_008116C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_008251CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0083A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0083A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0082648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_007B42A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4108:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6492:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4076:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5232:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5380 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5380 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007B42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D0A76 push ecx; ret

0_2_007D0A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_007CF98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00841C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00841C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-95019

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7178			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1774			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.7 %

Source: C:\Users\user\Desktop\file.exe TID: 6312

Thread sleep time: -71780s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7178 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0081DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008268EE FindFirstFileW,FindClose,	0_2_008268EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_0082698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_0081D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00829642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0082979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00829B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00825C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007B42DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0082EAA2 BlockInput,

0_2_0082EAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_007E2622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007B42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D4CE8 mov eax, dword ptr fs:[00000030h]

0_2_007D4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00810B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00810B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007E2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_007D083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D09D5 SetUnhandledExceptionFilter,	0_2_007D09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_007D0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00811201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007F2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_007F2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0081B226 SendInput,keybd_event,

0_2_0081B226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_008322DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00810B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00811663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00811663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007D0698 cpuid

0_2_007D0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00828195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00828195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0080D27A GetUserNameW,

0_2_0080D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007EBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_007EBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_007B42DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 6308, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 6308, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00831204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00831204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00831806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00831806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	216.58.212.174	true	false	unknown
www3.l.google.com	216.58.206.78	true	false	unknown
play.google.com	142.250.185.78	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
youtube.com	172.217.16.142	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	unknown
https://www.google.com/favicon.ico	false	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_75.13.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_75.13.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_87.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_75.13.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_87.13.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_75.13.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_75.13.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_75.13.dr	false		unknown
https://support.google.com/accounts?hl=	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_75.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_75.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.78	play.google.com	United States	15169	GOOGLEUS	false
216.58.206.78	www3.l.google.com	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	unknown	United States	15169	GOOGLEUS	false
216.58.212.174	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
172.217.16.142	youtube.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528041
Start date and time:	2024-10-07 14:37:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@46/30@14/9
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 41 Number of non-executed functions: 311
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.78, 173.194.76.84, 142.250.181.227, 34.104.35.123, 142.250.185.227, 142.250.186.67, 142.250.186.74, 142.250.186.170, 172.217.16.202, 142.250.74.202, 172.217.16.138, 142.250.184.202, 142.250.185.170, 142.250.186.42, 216.58.206.74, 142.250.184.234, 142.250.181.234, 142.250.185.202, 172.217.18.10, 142.250.185.138, 216.58.212.170, 142.250.185.234, 172.217.18.106, 142.250.185.74, 172.217.23.106, 216.58.212.138, 216.58.206.42, 142.250.185.106, 199.232.210.172, 192.229.221.95, 172.217.18.3, 64.233.166.84, 172.217.23.110
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	original.eml	Get hash	malicious	Tycoon2FA	Browse
	https://globalairt.com/arull.php?7088797967704b536932307466507a53354b54456b744b3872584b3037555338375031633872445172564277413d1	Get hash	malicious	Unknown	Browse
	http://twbcompany.com	Get hash	malicious	Unknown	Browse
	https://danielvasconcellos.com.br/cliente2024	Get hash	malicious	Phisher	Browse
	https://bono-sicherheitstechniksharefile.btn-ebikes.com/	Get hash	malicious	HtmlDropper	Browse
	https://drive.google.com/open?id=1oGceeKLej675-k84a5Gv9NOY5w5hDjkF	Get hash	malicious	Unknown	Browse
	xwZfYpo16i.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse
	https://sportmansguilde.com/?https://www.office.com	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	https://emmaway-my.sharepoint.com/:f:/g/personal/jessica_emmaway_uk/Eodal0AmsKFKtMeEeNJG0V0B3d0_hcKMrsOYen-8p5FxhQ?e=bBSdNW	Get hash	malicious	Unknown	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://twbcompany.com	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	https://bono-sicherheitstechniksharefile.btn-ebikes.com/	Get hash	malicious	HtmlDropper	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	https://drive.google.com/open?id=1oGceeKLej675-k84a5Gv9NOY5w5hDjkF	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	xwZfYpo16i.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	https://emmaway-my.sharepoint.com/:f:/g/personal/jessica_emmaway_uk/Eodal0AmsKFKtMeEeNJG0V0B3d0_hcKMrsOYen-8p5FxhQ?e=bBSdNW	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	http://www.twbcompany.com	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	https://cloud.list.lu/index.php/s/znw4dNSttiDzHTB	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	c3KH2gLNrM.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	172.202.163.200 184.28.90.27 13.107.246.44
	http://46.27.141.62	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698852
Entropy (8bit):	5.594980353163612
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLJiH7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxJiyU+
MD5:	AA9FDCBE29C6D043DC83A7DAD848CCC3
SHA1:	E3F0A387A0A4B060620C975E1C70AA20294F3F22
SHA-256:	1A624C24D6D712C633F0B034606610DAD6B5AD7890FBFA3A9B204BD33207D60E
SHA-512:	C93878CE1281349204ABDB4444B18A12C03A010D1A252827EBFE45523E834988CE95D6E625FF82A60934D7A275AD8DAAC689E4412C5719ACCA8C9E1D4365B4D3
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792853825531523
Encrypted:	false
SSDEEP:	6144:x5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:pOeKGSpgu/
MD5:	D6A4595EF381156A4C38FC1268C40783
SHA1:	75B2E4139EE5014416D280B02E1F57724B0A4240
SHA-256:	9E6266EF7F49A5256F373AB78F9D0AE688CA964F542892F5FF0563F05AC6C676
SHA-512:	ACC3385A52ABFA53EE68286C86F2266C2BE7D12350F31AEFD91052616CF417207E5F27A31FEC5FB4B5DDA705C599DD0B724ACA88E9FF682289C3B473902CD79C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEEvjRYpfMDihaNwG0swUsVgVpBIg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGiXTMuN04FgQ4LzahFtNqboYL9eA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583833501012071
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	545d9448a199121f0c35b6250dd8fc5d
SHA1:	e9eb02c3fd60d1b6c53284f94decf9716bf34776
SHA256:	e2d5cec7f69289d807ddd4e2557b9a4c94f0d7ee9695aab176820479a62d7198
SHA512:	df272367c5cfbcdd80181657f18e5acc672a2996ab745d438c91473940bd07b91affb2a0432de23b757e5a8b7c1ef0f257645b551b280cd6e87e17140cb19e21
SSDEEP:	24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8a4xK:8TvC/MTQYxsWR7a4
TLSH:	8E159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6703D3AA [Mon Oct 7 12:27:22 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007FCE58B87C13h
jmp 00007FCE58B8751Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FCE58B876FDh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FCE58B876CAh
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007FCE58B8A2BDh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007FCE58B8A308h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007FCE58B8A2F1h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	213ae2aa941e8d6464b0c23e4c9739bd	False	0.3167317708333333	data	5.333196057444654	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 14:38:00.392256975 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:00.392298937 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:00.392960072 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:00.393485069 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:00.393500090 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.012394905 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.014657974 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.014683962 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.015115023 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.015191078 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.016213894 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.016271114 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.017745972 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.017811060 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.018105984 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.018115997 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.068671942 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.285121918 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.285213947 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.285233974 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.285356998 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.285408974 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.412377119 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 7, 2024 14:38:01.533814907 CEST	49732	443	192.168.2.4	172.217.16.142
Oct 7, 2024 14:38:01.533860922 CEST	443	49732	172.217.16.142	192.168.2.4
Oct 7, 2024 14:38:01.546330929 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:01.546356916 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:01.546408892 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:01.546708107 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:01.546716928 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.172522068 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.173219919 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.173247099 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.174079895 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.174226046 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.175081015 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.175175905 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.176270008 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.176347971 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.176508904 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.176517010 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.224994898 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.500161886 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.500227928 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.500338078 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.500368118 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.500530958 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:02.502800941 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.502801895 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.803025007 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 14:38:02.803066015 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 14:38:04.656519890 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:04.656572104 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:04.656658888 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:04.656984091 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:04.656992912 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:05.160893917 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:05.160917997 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:05.160995007 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:05.171039104 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:05.171050072 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:05.279834986 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:05.280092001 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:05.280143023 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:05.281765938 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:05.281868935 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:05.282918930 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:05.283011913 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:05.334893942 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:05.334961891 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:05.381654024 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:05.779922962 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:05.780008078 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:05.992741108 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:05.992754936 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:05.993655920 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:06.039128065 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:06.056162119 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:06.099396944 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:06.232489109 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:06.232645988 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:06.232722998 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:06.235308886 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:06.235327959 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:06.235344887 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:06.235349894 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:06.473345995 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:06.473376036 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:06.473520041 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:06.474049091 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:06.474066019 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:07.095312119 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:07.095457077 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:07.098772049 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:07.098803043 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:07.099534988 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:07.100801945 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:07.147407055 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:07.351650000 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:07.351814032 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:07.351891994 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:07.352948904 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:07.352967978 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:07.352977991 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 14:38:07.352982998 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 14:38:09.379775047 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:09.379800081 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:09.379849911 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:09.388766050 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:09.388783932 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.009311914 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.009486914 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.009546995 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.009898901 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.009968042 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.010548115 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.010608912 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.011606932 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.011662006 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.011739969 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.011749029 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.054682016 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.320631027 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.320759058 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.320861101 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.320883989 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.320933104 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.320961952 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.325798035 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.325906038 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.325921059 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.331717968 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.331801891 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.331801891 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.331826925 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.331885099 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.337392092 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.337486982 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.343620062 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.343703985 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.343703985 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.343725920 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.343781948 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.397396088 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:10.397458076 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:10.397546053 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:10.397844076 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:10.397876024 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:10.405879974 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.405915976 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.405970097 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.405987024 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.406016111 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.410654068 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.410671949 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.410753965 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.410769939 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.410850048 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.416668892 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.416742086 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.422660112 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.422769070 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.422782898 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.428658009 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.428733110 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.428745985 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.434674025 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.434766054 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.434779882 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.434916019 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.435012102 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.435141087 CEST	49757	443	192.168.2.4	216.58.206.78
Oct 7, 2024 14:38:10.435164928 CEST	443	49757	216.58.206.78	192.168.2.4
Oct 7, 2024 14:38:10.465600967 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:10.465641022 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:10.465711117 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:10.529930115 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:10.529953003 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.009222031 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.009459019 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.009525061 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.010273933 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.010348082 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.011291027 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.011348963 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.012274027 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.012371063 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.012547970 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.012566090 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.053921938 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.145127058 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.145365000 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.145382881 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.145695925 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.145768881 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.146292925 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.146384001 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.147448063 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.147501945 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.147732973 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.147738934 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.196176052 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.298820972 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.299623966 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.299777031 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.300002098 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.300054073 CEST	443	49760	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.300082922 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.300132990 CEST	49760	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.301294088 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.301347017 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.301426888 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.301749945 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.301780939 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.434220076 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.434478998 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.434552908 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.434915066 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.434937000 CEST	443	49761	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.434947014 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.434982061 CEST	49761	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.435971022 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.436013937 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.436078072 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.436526060 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.436544895 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.908432007 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.908782959 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.908822060 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.910022974 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.910096884 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.912532091 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.912599087 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.912837982 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.912895918 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.913037062 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.913047075 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.913068056 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:11.955441952 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:11.959580898 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.038568974 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.039094925 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.039118052 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.039477110 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.039545059 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.040112972 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.040163994 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.040308952 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.040384054 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.040484905 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.040493011 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.040518999 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.083427906 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.084882021 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.100847960 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.100960016 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.101026058 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.101716042 CEST	49763	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.101742029 CEST	443	49763	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.249329090 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.249430895 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.249475002 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.250144958 CEST	49764	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:12.250171900 CEST	443	49764	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:12.418842077 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:12.463397980 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:12.677546978 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:12.677659988 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:12.677745104 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:12.677747011 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:12.677819014 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:12.677881002 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:12.677901030 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:12.678097010 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:12.678162098 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:12.679630041 CEST	49741	443	192.168.2.4	142.250.186.68
Oct 7, 2024 14:38:12.679668903 CEST	443	49741	142.250.186.68	192.168.2.4
Oct 7, 2024 14:38:14.226433992 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:14.226481915 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:14.226665020 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:14.227847099 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:14.227864981 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:14.919661045 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:14.920053005 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:14.923507929 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:14.923518896 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:14.923855066 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:14.975858927 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:15.511296034 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:15.555408955 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730565071 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730601072 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730607986 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730640888 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730655909 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730675936 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730726957 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:15.730726957 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:15.730760098 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:15.730771065 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730789900 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.730859041 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:15.730859041 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:15.730876923 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.731425047 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:15.731518984 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:16.319499016 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:16.319529057 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:16.319582939 CEST	49771	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:16.319605112 CEST	443	49771	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:18.494599104 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:18.494693995 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:18.494790077 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:18.495165110 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:18.495181084 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:19.112257004 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:19.112461090 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:19.112488985 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:19.113219023 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:19.113483906 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:19.113578081 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:19.113615990 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:19.113672972 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:19.113687992 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:19.424042940 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:19.425000906 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:19.425364971 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:19.426455021 CEST	49780	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:19.426498890 CEST	443	49780	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:41.539935112 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:41.539980888 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:41.540057898 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:41.540291071 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:41.540299892 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.218883038 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.272022009 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.327821970 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.327843904 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.329158068 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.350402117 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.350589037 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.350627899 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.350627899 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.350742102 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.397104979 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.640748024 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.642457008 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.642651081 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.643193960 CEST	49781	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.643224001 CEST	443	49781	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.916744947 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.916815042 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:42.916995049 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.917258978 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:42.917268991 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.442464113 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.442554951 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.442825079 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.442944050 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.442976952 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.543374062 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.543649912 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.543667078 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.544167995 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.544615030 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.544683933 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.544841051 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.544864893 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.544869900 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.810355902 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.810650110 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:43.810722113 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.811290979 CEST	49782	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:43.811320066 CEST	443	49782	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:44.082626104 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:44.083223104 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:44.083287954 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:44.084877014 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:44.085294008 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:44.085397959 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:44.085397959 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:44.085427999 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:44.085719109 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:44.131764889 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:44.306838036 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:44.307255030 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:44.307413101 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:44.307487011 CEST	49783	443	192.168.2.4	142.250.185.78
Oct 7, 2024 14:38:44.307513952 CEST	443	49783	142.250.185.78	192.168.2.4
Oct 7, 2024 14:38:52.906330109 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:52.906418085 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:52.906527996 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:52.906888962 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:52.906924009 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.581974983 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.582063913 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.586476088 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.586532116 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.586796045 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.595093966 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.635415077 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.849261045 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.849282980 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.849329948 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.849493980 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.849493980 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.849560976 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.849630117 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.850236893 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.850289106 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.850316048 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.850321054 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.850359917 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.850388050 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.853709936 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.853744984 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:53.853770971 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 7, 2024 14:38:53.853786945 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 7, 2024 14:38:54.398320913 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:54.398377895 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:54.398449898 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:54.398714066 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:54.398726940 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.028558016 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.028661013 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.029906034 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.029926062 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.030107021 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.037746906 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.083405972 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.136630058 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.136647940 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.136660099 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.136744022 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.136764050 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.136814117 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.218662977 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.218683004 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.218740940 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.218772888 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.218786955 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.219367981 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.221658945 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.221673012 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.221744061 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.221750021 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.221791983 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.300935030 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.300951958 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.301071882 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.301096916 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.301171064 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.302304029 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.302319050 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.302380085 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.302386999 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.302427053 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.303343058 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.303358078 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.303422928 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.303428888 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.303469896 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.304951906 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.304965019 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.305035114 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.305039883 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.305082083 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.384423971 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.384439945 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.384650946 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.384676933 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.384731054 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.385133982 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.385147095 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.385216951 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.385222912 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.385265112 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.385732889 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.385746002 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.385802984 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.385808945 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.385849953 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.386585951 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.386600018 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.386662006 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.386667013 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.386709929 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.387032032 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.387077093 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.387124062 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.387824059 CEST	49785	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.387839079 CEST	443	49785	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.416172028 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.416208029 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.416363001 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.418843985 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.418936014 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.418962002 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.418975115 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.419013023 CEST	49787	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.419049025 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.419101000 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.419126034 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.419152021 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.419214964 CEST	49787	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.420154095 CEST	49789	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.420186043 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.420247078 CEST	49789	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.420372009 CEST	49787	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.420408964 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.420933008 CEST	49789	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.420948029 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.421684027 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.421691895 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:55.421756029 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.421863079 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:55.421871901 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.038564920 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.039256096 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.039280891 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.039591074 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.039593935 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.045793056 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.046067953 CEST	49789	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.046097994 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.046361923 CEST	49789	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.046367884 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.061713934 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.062035084 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.062113047 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.062324047 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.062338114 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.066343069 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.066615105 CEST	49787	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.066694021 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.066842079 CEST	49787	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.066857100 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.086620092 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.086952925 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.086967945 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.087203979 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.087208986 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.140944958 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.140960932 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.141016960 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.141045094 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.141084909 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.141268015 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.141268015 CEST	49786	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.141307116 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.141330957 CEST	443	49786	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.143466949 CEST	49791	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.143553972 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.143645048 CEST	49791	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.143749952 CEST	49791	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.143774986 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.152133942 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.152268887 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.152343988 CEST	49789	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.152368069 CEST	49789	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.152379036 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.152436018 CEST	49789	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.152441978 CEST	443	49789	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.154537916 CEST	49792	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.154628038 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.154716969 CEST	49792	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.154813051 CEST	49792	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.154836893 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.173526049 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.173588037 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.173670053 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.173691034 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.173748016 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.173759937 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.173785925 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.173815966 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.173846006 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.173846006 CEST	49788	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.173861980 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.173878908 CEST	443	49788	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.175455093 CEST	49793	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.175477028 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.175543070 CEST	49793	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.175642967 CEST	49793	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.175652981 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.180423975 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.180495977 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.180560112 CEST	49787	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.180635929 CEST	49787	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.180635929 CEST	49787	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.180679083 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.180705070 CEST	443	49787	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.182216883 CEST	49794	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.182224989 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.182310104 CEST	49794	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.182385921 CEST	49794	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.182394981 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.206209898 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.206235886 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.206325054 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.206335068 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.206494093 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.206504107 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.206511021 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.206650019 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.206686974 CEST	443	49790	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.206731081 CEST	49790	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.208168983 CEST	49795	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.208197117 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.208262920 CEST	49795	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.208369970 CEST	49795	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.208385944 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.793808937 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.794650078 CEST	49792	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.794730902 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.795351028 CEST	49792	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.795366049 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.800268888 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.800628901 CEST	49791	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.800688982 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.801007986 CEST	49791	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.801023006 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.805119991 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.805525064 CEST	49793	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.805546045 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:56.806072950 CEST	49793	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:56.806078911 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.050060034 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.050720930 CEST	49794	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.050734997 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.051095009 CEST	49794	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.051100969 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.137356997 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.137435913 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.137548923 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.137737989 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.137763023 CEST	49791	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.137891054 CEST	49793	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.137907028 CEST	49791	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.137907982 CEST	49791	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.137922049 CEST	49793	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.137922049 CEST	49793	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.137938023 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.137948036 CEST	443	49793	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.137959957 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.137989998 CEST	443	49791	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.138427973 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.138508081 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.138608932 CEST	49792	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.138964891 CEST	49792	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.138966084 CEST	49792	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.139034033 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.139070034 CEST	443	49792	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.141091108 CEST	49796	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.141140938 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.141259909 CEST	49797	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.141288996 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.141316891 CEST	49796	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.141350985 CEST	49797	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.141385078 CEST	49796	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.141402006 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.141416073 CEST	49797	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.141419888 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.142065048 CEST	49798	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.142071009 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.142142057 CEST	49798	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.142313004 CEST	49798	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.142323017 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.151496887 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.151570082 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.151626110 CEST	49794	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.151803017 CEST	49794	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.151803017 CEST	49794	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.151813984 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.151823997 CEST	443	49794	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.153292894 CEST	49799	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.153316975 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.153389931 CEST	49799	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.153505087 CEST	49799	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.153522015 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.226875067 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.227328062 CEST	49795	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.227391005 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.227516890 CEST	49795	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.227533102 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.323851109 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.323915005 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.324110985 CEST	49795	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.324997902 CEST	49795	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.324997902 CEST	49795	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.325046062 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.325077057 CEST	443	49795	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.328046083 CEST	49800	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.328073978 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.328138113 CEST	49800	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.328336000 CEST	49800	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.328345060 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.767952919 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.768564939 CEST	49798	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.768601894 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.769001007 CEST	49798	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.769006968 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.772015095 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.772473097 CEST	49797	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.772488117 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.772824049 CEST	49797	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.772830009 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.778186083 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.778544903 CEST	49796	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.778568029 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.779102087 CEST	49796	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.779109001 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.788877010 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.789210081 CEST	49799	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.789218903 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.790041924 CEST	49799	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.790047884 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.868247032 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.868381023 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.868448019 CEST	49798	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.868535995 CEST	49798	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.868555069 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.868563890 CEST	49798	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.868567944 CEST	443	49798	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.871458054 CEST	49801	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.871542931 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.871644974 CEST	49801	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.871776104 CEST	49801	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.871797085 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.885482073 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.885639906 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.885699034 CEST	49797	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.885813951 CEST	49797	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.885813951 CEST	49797	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.885822058 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.885828972 CEST	443	49797	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.886106014 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.886236906 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.886296034 CEST	49796	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.886324883 CEST	49796	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.886348009 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.886363029 CEST	49796	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.886370897 CEST	443	49796	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.888113976 CEST	49802	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.888135910 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.888210058 CEST	49802	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.888211966 CEST	49803	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.888261080 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.888310909 CEST	49802	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.888320923 CEST	49803	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.888325930 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.888461113 CEST	49803	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.888479948 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.895483971 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.895627022 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.895710945 CEST	49799	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.895797968 CEST	49799	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.895813942 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.895843983 CEST	49799	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.895853996 CEST	443	49799	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.897759914 CEST	49804	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.897810936 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.897880077 CEST	49804	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.897981882 CEST	49804	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.897995949 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.953512907 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.953972101 CEST	49800	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.953993082 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:57.954703093 CEST	49800	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:57.954710007 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.052958012 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.053107977 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.053189039 CEST	49800	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.053338051 CEST	49800	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.053356886 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.053369045 CEST	49800	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.053375959 CEST	443	49800	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.055911064 CEST	49805	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.056005001 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.056099892 CEST	49805	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.056227922 CEST	49805	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.056250095 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.503057957 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.505007982 CEST	49801	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.505084991 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.505544901 CEST	49801	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.505557060 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.535645008 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.536183119 CEST	49804	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.536211967 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.537060976 CEST	49804	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.537065983 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.551393032 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.551760912 CEST	49802	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.551778078 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.552130938 CEST	49802	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.552141905 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.562761068 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.563402891 CEST	49803	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.563417912 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.563734055 CEST	49803	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.563740969 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.609566927 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.609656096 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.609720945 CEST	49801	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.609971046 CEST	49801	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.609971046 CEST	49801	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.610009909 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.610033989 CEST	443	49801	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.612427950 CEST	49806	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.612521887 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.612607956 CEST	49806	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.612706900 CEST	49806	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.612725973 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.652880907 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.653038979 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.653218985 CEST	49804	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.662715912 CEST	49804	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.662741899 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.662872076 CEST	49804	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.662878990 CEST	443	49804	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.665059090 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.665129900 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.665190935 CEST	49802	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.667537928 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.667700052 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.667758942 CEST	49803	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.670402050 CEST	49802	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.670402050 CEST	49802	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.670423031 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.670444012 CEST	443	49802	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.670540094 CEST	49803	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.670540094 CEST	49803	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.670557022 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.670567989 CEST	443	49803	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.674756050 CEST	49807	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.674784899 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.674860001 CEST	49807	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.675390959 CEST	49808	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.675411940 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.675471067 CEST	49808	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.675981045 CEST	49809	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.676018953 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.676093102 CEST	49809	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.676120996 CEST	49807	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.676135063 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.676192999 CEST	49808	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.676206112 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.676259041 CEST	49809	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.676278114 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.688209057 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.688594103 CEST	49805	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.688631058 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.688981056 CEST	49805	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.688991070 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.802903891 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.803060055 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.803145885 CEST	49805	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.803226948 CEST	49805	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.803272963 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.803304911 CEST	49805	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.803322077 CEST	443	49805	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.806936979 CEST	49810	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.806977034 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:58.807038069 CEST	49810	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.807158947 CEST	49810	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:58.807168961 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.260687113 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.261194944 CEST	49806	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.261253119 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.261606932 CEST	49806	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.261619091 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.305128098 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.306344986 CEST	49807	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.306405067 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.306674004 CEST	49807	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.306687117 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.308418036 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.308651924 CEST	49809	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.308681965 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.308897018 CEST	49809	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.308902979 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.311383009 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.311599970 CEST	49808	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.311626911 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.311836004 CEST	49808	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.311842918 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.358958006 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.359083891 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.359153032 CEST	49806	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.359276056 CEST	49806	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.359306097 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.359329939 CEST	49806	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.359344006 CEST	443	49806	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.362255096 CEST	49811	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.362293959 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.362377882 CEST	49811	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.362517118 CEST	49811	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.362531900 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.410979033 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.411045074 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.411123991 CEST	49807	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.411236048 CEST	49807	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.411236048 CEST	49807	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.411281109 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.411308050 CEST	443	49807	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.413007021 CEST	49812	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.413038015 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.413106918 CEST	49812	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.413187981 CEST	49812	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.413196087 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.415415049 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.415564060 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.415621042 CEST	49808	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.415673971 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.415740013 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.415785074 CEST	49809	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.416544914 CEST	49808	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.416558027 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.416567087 CEST	49808	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.416572094 CEST	443	49808	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.416835070 CEST	49809	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.416856050 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.416870117 CEST	49809	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.416877985 CEST	443	49809	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.418699980 CEST	49813	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.418766975 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.418802977 CEST	49814	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.418821096 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.418845892 CEST	49813	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.418905020 CEST	49814	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.418935061 CEST	49813	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.418952942 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.418993950 CEST	49814	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.419018030 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.467206955 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.467577934 CEST	49810	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.467600107 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.468020916 CEST	49810	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.468028069 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.567543030 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.567605972 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.567650080 CEST	49810	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.567740917 CEST	49810	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.567756891 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.567770004 CEST	49810	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.567776918 CEST	443	49810	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.570761919 CEST	49815	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.570784092 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:38:59.570837975 CEST	49815	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.570986032 CEST	49815	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:38:59.570996046 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.010083914 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.010909081 CEST	49811	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.010922909 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.011542082 CEST	49811	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.011548042 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.031604052 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.032809019 CEST	49812	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.032819986 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.034559011 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.037914991 CEST	49812	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.037919998 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.037926912 CEST	49814	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.038002968 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.038388968 CEST	49814	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.038407087 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.068360090 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.069004059 CEST	49813	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.069040060 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.069546938 CEST	49813	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.069561005 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.122489929 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.122539043 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.122591972 CEST	49811	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.122802973 CEST	49811	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.122828960 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.122844934 CEST	49811	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.122852087 CEST	443	49811	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.126565933 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.126636982 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.126740932 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.126961946 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.126991987 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.404390097 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.404448032 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.404474020 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.404531002 CEST	49814	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.404546976 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.404597044 CEST	49812	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.404841900 CEST	49814	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.404890060 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.404922009 CEST	49814	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.404938936 CEST	443	49814	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.405925035 CEST	49812	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.405940056 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.405953884 CEST	49812	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.405960083 CEST	443	49812	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.406374931 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.406537056 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.406603098 CEST	49813	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.408041954 CEST	49813	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.408066988 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.408092976 CEST	49813	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.408106089 CEST	443	49813	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.409318924 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.410263062 CEST	49815	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.410270929 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.410872936 CEST	49815	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.410878897 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.411942959 CEST	49818	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.412034035 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.412317991 CEST	49818	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.412549973 CEST	49818	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.412580967 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.412710905 CEST	49819	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.412803888 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.412885904 CEST	49819	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.413068056 CEST	49819	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.413109064 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.414141893 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.414228916 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.414319992 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.414474964 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.414505005 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.507091045 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.507215977 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.507277966 CEST	49815	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.507491112 CEST	49815	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.507499933 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.507509947 CEST	49815	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.507514954 CEST	443	49815	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.511224031 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.511254072 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:00.511329889 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.511518955 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:00.511533022 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.028024912 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.030530930 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.054706097 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.066572905 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.073216915 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.073220015 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.083158016 CEST	49818	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.083188057 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.083848000 CEST	49818	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.083859921 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.085494995 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.085505009 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.085980892 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.085992098 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.086685896 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.086710930 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.087289095 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.087301970 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.091403961 CEST	49819	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.091473103 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.091764927 CEST	49819	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.091778994 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.178572893 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.181025982 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.181181908 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.181261063 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.181639910 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.181730032 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.181785107 CEST	49818	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.183542013 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.183696985 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.183762074 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.190452099 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.190526009 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.190601110 CEST	49819	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.234146118 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.267586946 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.267613888 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.267975092 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.267985106 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.268564939 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.268589020 CEST	49819	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.268625975 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.268646955 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.268656969 CEST	49817	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.268675089 CEST	443	49817	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.268677950 CEST	49819	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.268695116 CEST	443	49819	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.269061089 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.269061089 CEST	49820	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.269129992 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.269160986 CEST	443	49820	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.270587921 CEST	49818	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.270606041 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.270628929 CEST	49818	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.270638943 CEST	443	49818	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.272923946 CEST	49822	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.272975922 CEST	443	49822	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.273127079 CEST	49822	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.273164034 CEST	49822	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.273173094 CEST	443	49822	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.274197102 CEST	49823	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.274286985 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.274395943 CEST	49823	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.274625063 CEST	49824	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.274655104 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.274764061 CEST	49823	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.274805069 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.274831057 CEST	49824	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.274832010 CEST	49824	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.274879932 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.275382042 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.275419950 CEST	443	49825	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.275470972 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.275553942 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.275563955 CEST	443	49825	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.368855000 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.369013071 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.369081974 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.369173050 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.369196892 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.369213104 CEST	49821	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.369220018 CEST	443	49821	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.371402025 CEST	49826	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.371437073 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.371498108 CEST	49826	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.371611118 CEST	49826	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.371620893 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.922360897 CEST	443	49825	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.922952890 CEST	443	49822	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.923043966 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.923079967 CEST	443	49825	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.923232079 CEST	49822	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.923243999 CEST	443	49822	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.923429966 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.923435926 CEST	443	49825	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.923741102 CEST	49822	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.923747063 CEST	443	49822	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.927022934 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.927328110 CEST	49824	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.927372932 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.927632093 CEST	49824	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.927639008 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.929752111 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.929987907 CEST	49823	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.930016041 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:01.930258036 CEST	49823	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:01.930263996 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.013025999 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.013709068 CEST	49826	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.013748884 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.014178038 CEST	49826	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.014184952 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.017893076 CEST	443	49825	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.018053055 CEST	443	49825	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.018218040 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.018218040 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.018218040 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.020720959 CEST	49827	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.020762920 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.020868063 CEST	49827	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.020983934 CEST	49827	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.020997047 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.025682926 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.025820971 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.025882959 CEST	49824	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.025928974 CEST	49824	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.025938034 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.025954962 CEST	49824	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.025960922 CEST	443	49824	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.027713060 CEST	49828	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.027776957 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.027872086 CEST	49828	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.027992964 CEST	49828	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.028014898 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.034255981 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.034327030 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.034383059 CEST	49823	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.034470081 CEST	49823	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.034476042 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.034512043 CEST	49823	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.034517050 CEST	443	49823	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.036206961 CEST	49829	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.036319971 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.036427021 CEST	49829	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.036544085 CEST	49829	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.036567926 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.038491011 CEST	443	49822	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.039007902 CEST	443	49822	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.039091110 CEST	49822	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.039091110 CEST	49822	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.039129019 CEST	49822	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.039146900 CEST	443	49822	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.040649891 CEST	49830	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.040672064 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.040755987 CEST	49830	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.040879011 CEST	49830	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.040890932 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.115595102 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.115751028 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.115880013 CEST	49826	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.116048098 CEST	49826	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.116070032 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.116081953 CEST	49826	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.116089106 CEST	443	49826	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.118938923 CEST	49831	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.119025946 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.119128942 CEST	49831	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.119288921 CEST	49831	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.119314909 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.318922043 CEST	49825	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.318958998 CEST	443	49825	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.658924103 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.659060001 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.659074068 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.659594059 CEST	49828	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.659651995 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.659708977 CEST	49829	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.659774065 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.660047054 CEST	49828	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.660060883 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.660090923 CEST	49829	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.660104990 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.660296917 CEST	49827	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.660322905 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.660598993 CEST	49827	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.660605907 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.753334045 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.753499985 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.753649950 CEST	49827	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.753916979 CEST	49827	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.753964901 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.753995895 CEST	49827	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.754012108 CEST	443	49827	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.756680012 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.756828070 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.756927013 CEST	49828	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.757368088 CEST	49832	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.757375956 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.757447958 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.757447958 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.757519960 CEST	49829	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.757541895 CEST	49828	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.757576942 CEST	49832	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.757586956 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.757602930 CEST	49828	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.757610083 CEST	443	49828	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.758465052 CEST	49829	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.758507967 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.758555889 CEST	49829	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.758570910 CEST	443	49829	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.759251118 CEST	49832	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.759279966 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.764919043 CEST	49833	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.765016079 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.765049934 CEST	49834	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.765069962 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.765158892 CEST	49833	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.765275002 CEST	49834	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.765275002 CEST	49833	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.765316010 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:02.765340090 CEST	49834	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:02.765352964 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.373557091 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.374030113 CEST	49832	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.374080896 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.374452114 CEST	49832	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.374465942 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.392061949 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.392415047 CEST	49833	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.392493963 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.392782927 CEST	49833	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.392796993 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.419795990 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.422581911 CEST	49834	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.422641039 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.423151016 CEST	49834	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.423204899 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.471236944 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.471299887 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.471406937 CEST	49832	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.472757101 CEST	49832	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.472757101 CEST	49832	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.472795963 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.472819090 CEST	443	49832	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.477273941 CEST	49835	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.477324009 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.477395058 CEST	49835	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.477531910 CEST	49835	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.477557898 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.490299940 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.490452051 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.490546942 CEST	49833	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.490703106 CEST	49833	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.490703106 CEST	49833	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.490746021 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.490772963 CEST	443	49833	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.525386095 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.525540113 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.525717020 CEST	49834	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.532815933 CEST	49834	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.532815933 CEST	49834	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.532883883 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.532919884 CEST	443	49834	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.631545067 CEST	49836	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.631593943 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.631656885 CEST	49836	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.701963902 CEST	49837	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.702009916 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.702341080 CEST	49837	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.705615044 CEST	49836	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.705640078 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:03.718050957 CEST	49837	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:03.718092918 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.086478949 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.087038040 CEST	49835	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.087080002 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.087697983 CEST	49835	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.087712049 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.186767101 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.186845064 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.187011003 CEST	49835	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.187140942 CEST	49835	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.187175035 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.187201023 CEST	49835	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.187216997 CEST	443	49835	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.190380096 CEST	49838	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.190427065 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.190514088 CEST	49838	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.190680027 CEST	49838	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.190692902 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.319946051 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.320439100 CEST	49836	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.320461988 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.321057081 CEST	49836	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.321062088 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.341368914 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.341792107 CEST	49837	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.341833115 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.342261076 CEST	49837	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.342288971 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.415700912 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.415844917 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.415915012 CEST	49836	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.415960073 CEST	49836	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.415971994 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.415987015 CEST	49836	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.415992022 CEST	443	49836	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.418724060 CEST	49839	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.418740034 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.418819904 CEST	49839	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.418947935 CEST	49839	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.418952942 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.443873882 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.444022894 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.444113016 CEST	49837	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.453895092 CEST	49837	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.453912973 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.453928947 CEST	49837	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.453937054 CEST	443	49837	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.456264019 CEST	49840	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.456341982 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.456521988 CEST	49840	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.456669092 CEST	49840	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.456688881 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.531505108 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.532219887 CEST	49830	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.532243967 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.532457113 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.532773972 CEST	49830	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.532784939 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.533032894 CEST	49831	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.533077002 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.533399105 CEST	49831	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.533426046 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.673036098 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.673243046 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.673362017 CEST	49830	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.673428059 CEST	49830	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.673428059 CEST	49830	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.673465967 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.673490047 CEST	443	49830	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.673835039 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.674005985 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.674206972 CEST	49831	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.674287081 CEST	49831	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.674287081 CEST	49831	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.674329996 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.674360991 CEST	443	49831	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.676623106 CEST	49841	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.676716089 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.676754951 CEST	49842	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.676776886 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.676805019 CEST	49841	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.676867962 CEST	49842	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.677093983 CEST	49841	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.677176952 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.677225113 CEST	49842	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.677267075 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.709641933 CEST	49843	443	192.168.2.4	142.250.186.132
Oct 7, 2024 14:39:04.709728003 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:04.709932089 CEST	49843	443	192.168.2.4	142.250.186.132
Oct 7, 2024 14:39:04.710215092 CEST	49843	443	192.168.2.4	142.250.186.132
Oct 7, 2024 14:39:04.710238934 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:04.861942053 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.862617970 CEST	49838	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.862636089 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.863315105 CEST	49838	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.863322020 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.958971024 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.959054947 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.959156990 CEST	49838	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.959769964 CEST	49838	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.959789991 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.959815025 CEST	49838	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.959822893 CEST	443	49838	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.964200974 CEST	49844	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.964253902 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:04.964342117 CEST	49844	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.964508057 CEST	49844	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:04.964526892 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.041187048 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.041939974 CEST	49839	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.041966915 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.042599916 CEST	49839	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.042607069 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.122567892 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.126250029 CEST	49840	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.126293898 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.126753092 CEST	49840	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.126765013 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.147330046 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.147561073 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.147628069 CEST	49839	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.153090000 CEST	49839	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.153119087 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.153135061 CEST	49839	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.153147936 CEST	443	49839	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.167769909 CEST	49845	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.167877913 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.167970896 CEST	49845	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.179965973 CEST	49845	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.180008888 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.222666025 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.222831011 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.222918034 CEST	49840	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.223009109 CEST	49840	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.223009109 CEST	49840	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.223050117 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.223077059 CEST	443	49840	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.227679968 CEST	49846	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.227705956 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.227807999 CEST	49846	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.227920055 CEST	49846	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.227931976 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.310046911 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.310553074 CEST	49842	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.310591936 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.310914040 CEST	49842	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.310920000 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.311577082 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:05.311835051 CEST	49843	443	192.168.2.4	142.250.186.132
Oct 7, 2024 14:39:05.311845064 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:05.312297106 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:05.312551975 CEST	49843	443	192.168.2.4	142.250.186.132
Oct 7, 2024 14:39:05.312635899 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:05.327372074 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.327769995 CEST	49841	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.327788115 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.328068018 CEST	49841	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.328073025 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.354233980 CEST	49843	443	192.168.2.4	142.250.186.132
Oct 7, 2024 14:39:05.410854101 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.410999060 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.411081076 CEST	49842	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.411221027 CEST	49842	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.411257029 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.411286116 CEST	49842	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.411299944 CEST	443	49842	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.414802074 CEST	49847	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.414859056 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.414946079 CEST	49847	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.415107012 CEST	49847	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.415117979 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.424949884 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.425108910 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.425179005 CEST	49841	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.425223112 CEST	49841	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.425240040 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.425262928 CEST	49841	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.425272942 CEST	443	49841	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.427695036 CEST	49848	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.427743912 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.427839994 CEST	49848	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.428006887 CEST	49848	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.428026915 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.617799044 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.618268967 CEST	49844	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.618313074 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.618711948 CEST	49844	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.618720055 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.749941111 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.750101089 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.750185966 CEST	49844	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.750397921 CEST	49844	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.750422001 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.750436068 CEST	49844	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.750443935 CEST	443	49844	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.753935099 CEST	49849	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.753973007 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.754065037 CEST	49849	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.754290104 CEST	49849	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.754306078 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.773127079 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.778399944 CEST	49846	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.778461933 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.780036926 CEST	49846	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.780054092 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.831752062 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.832129955 CEST	49845	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.832165003 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.832526922 CEST	49845	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.832542896 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.929336071 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.929507017 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.929603100 CEST	49845	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.929779053 CEST	49845	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.929831028 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.929862976 CEST	49845	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.929878950 CEST	443	49845	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.933042049 CEST	49850	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.933069944 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:05.933163881 CEST	49850	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.933291912 CEST	49850	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:05.933300018 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.034372091 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.034980059 CEST	49847	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.035008907 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.035454035 CEST	49847	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.035461903 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.043113947 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.043704987 CEST	49848	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.043740034 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.044007063 CEST	49848	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.044028044 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.134994984 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.135163069 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.135334969 CEST	49847	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.135668039 CEST	49847	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.135694027 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.135740995 CEST	49847	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.135750055 CEST	443	49847	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.138114929 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.138237953 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.138313055 CEST	49848	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.138570070 CEST	49851	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.138606071 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.138676882 CEST	49851	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.138725996 CEST	49848	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.138736010 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.138746023 CEST	49848	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.138751030 CEST	443	49848	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.139545918 CEST	49851	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.139564991 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.140543938 CEST	49852	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.140600920 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.140669107 CEST	49852	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.140752077 CEST	49852	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.140764952 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.399184942 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.399733067 CEST	49849	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.399755955 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.400181055 CEST	49849	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.400186062 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.496563911 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.496622086 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.496678114 CEST	49849	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.496891022 CEST	49849	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.496907949 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.496920109 CEST	49849	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.496927023 CEST	443	49849	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.499924898 CEST	49853	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.499983072 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.500087023 CEST	49853	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.500250101 CEST	49853	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.500278950 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.592493057 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.593096018 CEST	49850	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.593107939 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.593780041 CEST	49850	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.593786955 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.692919970 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.693080902 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.693289042 CEST	49850	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.693341017 CEST	49850	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.693351984 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.693363905 CEST	49850	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.693368912 CEST	443	49850	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.696789026 CEST	49854	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.696846008 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.696947098 CEST	49854	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.697099924 CEST	49854	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.697127104 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.769825935 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.770323038 CEST	49851	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.770348072 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.770529985 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.770765066 CEST	49852	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.770811081 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.770838022 CEST	49851	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.770843983 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.771121025 CEST	49852	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.771133900 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.865701914 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.865833998 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.866005898 CEST	49851	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.866257906 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.866276979 CEST	49851	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.866292953 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.866307020 CEST	49851	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.866312027 CEST	443	49851	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.866408110 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.866583109 CEST	49852	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.867603064 CEST	49852	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.867603064 CEST	49852	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.867651939 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.867737055 CEST	443	49852	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.870902061 CEST	49855	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.870950937 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.871077061 CEST	49855	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.871730089 CEST	49856	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.871752024 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.871809959 CEST	49856	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.871896982 CEST	49855	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.871929884 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:06.871994019 CEST	49856	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:06.872006893 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.147392988 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.148139954 CEST	49853	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.148175955 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.148812056 CEST	49853	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.148822069 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.249918938 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.249988079 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.250073910 CEST	49853	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.250310898 CEST	49853	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.250310898 CEST	49853	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.250338078 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.250360966 CEST	443	49853	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.253972054 CEST	49857	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.254012108 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.254108906 CEST	49857	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.254266977 CEST	49857	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.254285097 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.330975056 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.331131935 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.331221104 CEST	49846	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.331304073 CEST	49846	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.331304073 CEST	49846	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.331347942 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.331376076 CEST	443	49846	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.334407091 CEST	49858	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.334420919 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.334520102 CEST	49858	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.334688902 CEST	49858	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.334702969 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.338932037 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.339330912 CEST	49854	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.339370966 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.339956045 CEST	49854	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.339967966 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.437541008 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.437686920 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.437758923 CEST	49854	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.437817097 CEST	49854	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.437818050 CEST	49854	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.437844038 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.437865973 CEST	443	49854	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.440340042 CEST	49859	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.440368891 CEST	443	49859	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.440439939 CEST	49859	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.440602064 CEST	49859	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.440614939 CEST	443	49859	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.499278069 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.499721050 CEST	49855	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.499735117 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.500284910 CEST	49855	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.500292063 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.501039028 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.501334906 CEST	49856	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.501348972 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.501801968 CEST	49856	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.501806974 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.594888926 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.595041990 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.595103979 CEST	49855	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.595242023 CEST	49855	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.595267057 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.595282078 CEST	49855	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.595289946 CEST	443	49855	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.598334074 CEST	49860	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.598366976 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.598432064 CEST	49860	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.598606110 CEST	49860	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.598627090 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.824183941 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.824866056 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.824928045 CEST	49856	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.824975967 CEST	49856	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.824992895 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.825002909 CEST	49856	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.825009108 CEST	443	49856	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.828049898 CEST	49861	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.828118086 CEST	443	49861	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.828203917 CEST	49861	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.828385115 CEST	49861	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.828428030 CEST	443	49861	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.894608021 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.895205021 CEST	49857	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.895239115 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.895575047 CEST	49857	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.895581007 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.991920948 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.991969109 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.992021084 CEST	49857	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.992232084 CEST	49857	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.992249966 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.992259026 CEST	49857	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.992264032 CEST	443	49857	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.995510101 CEST	49862	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.995548010 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.995726109 CEST	49862	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.995872974 CEST	49862	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.995899916 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.998199940 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.998562098 CEST	49858	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.998579979 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:07.999167919 CEST	49858	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:07.999172926 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.070606947 CEST	443	49859	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.071152925 CEST	49859	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.071181059 CEST	443	49859	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.071675062 CEST	49859	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.071692944 CEST	443	49859	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.109847069 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.109918118 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.110024929 CEST	49858	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.110224962 CEST	49858	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.110224962 CEST	49858	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.110239983 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.110248089 CEST	443	49858	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.112756014 CEST	49863	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.112806082 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.112893105 CEST	49863	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.112996101 CEST	49863	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.113010883 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.198383093 CEST	443	49859	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.198535919 CEST	443	49859	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.198774099 CEST	49859	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.198775053 CEST	49859	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.199409962 CEST	49859	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.199424028 CEST	443	49859	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.200820923 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.200917959 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.201005936 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.201112032 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.201143980 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.237989902 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.238384962 CEST	49860	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.238416910 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.238734007 CEST	49860	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.238740921 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.335659981 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.335829973 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.336028099 CEST	49860	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.336105108 CEST	49860	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.336127996 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.336167097 CEST	49860	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.336174965 CEST	443	49860	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.339354038 CEST	49865	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.339471102 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.339570999 CEST	49865	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.339720011 CEST	49865	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.339757919 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.491287947 CEST	443	49861	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.498528004 CEST	49861	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.498553038 CEST	443	49861	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.499155998 CEST	49861	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.499161959 CEST	443	49861	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.595925093 CEST	443	49861	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.596080065 CEST	443	49861	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.596148014 CEST	49861	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.649529934 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.660332918 CEST	49861	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.660361052 CEST	443	49861	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.663124084 CEST	49862	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.663151979 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.663815975 CEST	49862	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.663826942 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.666169882 CEST	49867	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.666233063 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.666306973 CEST	49867	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.666444063 CEST	49867	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.666461945 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.733997107 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.738012075 CEST	49863	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.738059998 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.741585970 CEST	49863	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.741615057 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.757020950 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.757080078 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.757138014 CEST	49862	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.763118029 CEST	49862	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.763142109 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.763165951 CEST	49862	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.763179064 CEST	443	49862	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.801665068 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.801728010 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.801837921 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.805787086 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.805807114 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.828442097 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.829077959 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.829164028 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.829771996 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.829787970 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.832741976 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.832818031 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.832876921 CEST	49863	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.833405018 CEST	49863	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.833405018 CEST	49863	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.833425999 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.833435059 CEST	443	49863	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.875967026 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.876044989 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.876127958 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.876300097 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.876337051 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.930742025 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.930799961 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.930883884 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.930921078 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.931190968 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.931253910 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.936459064 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.936500072 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.936526060 CEST	49864	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.936541080 CEST	443	49864	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.955163002 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.955231905 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.955310106 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.959270000 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.959304094 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.961122036 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.961630106 CEST	49865	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.961719990 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:08.962110996 CEST	49865	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:08.962127924 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.061768055 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.061907053 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.062105894 CEST	49865	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.062217951 CEST	49865	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.062217951 CEST	49865	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.062262058 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.062293053 CEST	443	49865	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.064953089 CEST	49871	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.064990997 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.065185070 CEST	49871	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.067289114 CEST	49871	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.067305088 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.308974028 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.314476967 CEST	49867	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.314532042 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.315346003 CEST	49867	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.315357924 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.410027981 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.410195112 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.410362005 CEST	49867	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.410490036 CEST	49867	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.410520077 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.410543919 CEST	49867	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.410556078 CEST	443	49867	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.414007902 CEST	49872	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.414069891 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.414161921 CEST	49872	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.414331913 CEST	49872	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.414351940 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.458112001 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.458833933 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.458894968 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.459378004 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.459382057 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.495071888 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.497337103 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.497421026 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.498044014 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.498099089 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.554337978 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.554352999 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.554428101 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.554449081 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.554954052 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.555056095 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.555505037 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.555527925 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.555541992 CEST	49868	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.555548906 CEST	443	49868	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.566061020 CEST	49873	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.566109896 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.566186905 CEST	49873	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.566333055 CEST	49873	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.566351891 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.569955111 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.573906898 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.573990107 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.574753046 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.574767113 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.592478991 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.592542887 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.592612028 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.592632055 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.592672110 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.592689991 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.592729092 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.595232964 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.595268965 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.595295906 CEST	49869	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.595309973 CEST	443	49869	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.608445883 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.608489037 CEST	443	49874	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.608566046 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.610392094 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.610410929 CEST	443	49874	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.667494059 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.667547941 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.667624950 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.667658091 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.667769909 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.667823076 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.667864084 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.667895079 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.667895079 CEST	49870	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.667913914 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.667933941 CEST	443	49870	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.672792912 CEST	49875	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.672847986 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.672925949 CEST	49875	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.673263073 CEST	49875	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.673291922 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.741729975 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.742429972 CEST	49871	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.742465019 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.743062973 CEST	49871	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.743069887 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.836003065 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.836236000 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.836431980 CEST	49871	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.836879969 CEST	49871	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.836879969 CEST	49871	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.836905956 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.836918116 CEST	443	49871	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.840377092 CEST	49876	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.840416908 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:09.840579987 CEST	49876	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.840667009 CEST	49876	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:09.840673923 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.266450882 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.266920090 CEST	49872	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.266971111 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.267419100 CEST	49872	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.267432928 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.366610050 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.366914034 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.367003918 CEST	49872	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.367072105 CEST	49872	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.367072105 CEST	49872	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.367100954 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.367124081 CEST	443	49872	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.369838953 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.369864941 CEST	443	49877	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.369945049 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.370068073 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.370081902 CEST	443	49877	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.435856104 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.436413050 CEST	49873	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.436496019 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.436887026 CEST	49873	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.436901093 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.442564964 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.442827940 CEST	49875	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.442856073 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.443299055 CEST	49875	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.443310022 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.443624973 CEST	443	49874	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.443847895 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.443876028 CEST	443	49874	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.444408894 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.444463968 CEST	443	49874	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.533613920 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.533654928 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.533845901 CEST	49873	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.533931017 CEST	49873	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.533931017 CEST	49873	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.533972979 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.534003973 CEST	443	49873	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.536849022 CEST	49878	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.536864996 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.536947012 CEST	49878	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.537091970 CEST	49878	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.537100077 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.539058924 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.539216995 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.539283991 CEST	49875	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.539335966 CEST	49875	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.539335966 CEST	49875	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.539355040 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.539380074 CEST	443	49875	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.541718960 CEST	49879	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.541795015 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.541884899 CEST	49879	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.542004108 CEST	49879	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.542027950 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.547660112 CEST	443	49874	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.547965050 CEST	443	49874	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.548204899 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.548206091 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.548206091 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.550291061 CEST	49880	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.550376892 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.550463915 CEST	49880	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.550602913 CEST	49880	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.550638914 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.683265924 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.683770895 CEST	49876	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.683805943 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.684279919 CEST	49876	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.684284925 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.778542995 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.779532909 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.779623985 CEST	49876	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.780455112 CEST	49876	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.780455112 CEST	49876	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.780493975 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.780519009 CEST	443	49876	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.783160925 CEST	49881	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.783196926 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.783390999 CEST	49881	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.783431053 CEST	49881	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.783437014 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:10.851723909 CEST	49874	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:10.851771116 CEST	443	49874	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.015033960 CEST	443	49877	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.015587091 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.015607119 CEST	443	49877	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.015986919 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.016005039 CEST	443	49877	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.114483118 CEST	443	49877	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.114859104 CEST	443	49877	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.115080118 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.115080118 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.115080118 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.127597094 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.127657890 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.127731085 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.127917051 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.127928972 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.170838118 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.184231043 CEST	49878	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.184251070 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.186431885 CEST	49878	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.186450958 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.191605091 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.192123890 CEST	49880	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.192183971 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.192472935 CEST	49880	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.192487001 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.200861931 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.203253031 CEST	49879	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.203270912 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.203846931 CEST	49879	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.203859091 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.280638933 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.280750036 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.280920029 CEST	49878	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.291785002 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.292979956 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.293268919 CEST	49880	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.302187920 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.302694082 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.302895069 CEST	49879	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.385176897 CEST	49878	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.385176897 CEST	49878	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.385200977 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.385212898 CEST	443	49878	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.386904001 CEST	49880	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.386904001 CEST	49880	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.386972904 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.387006044 CEST	443	49880	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.387617111 CEST	49879	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.387639046 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.387650013 CEST	49879	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.387655020 CEST	443	49879	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.394270897 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.431701899 CEST	49877	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.431721926 CEST	443	49877	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.432168961 CEST	49881	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.432228088 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.432476044 CEST	49881	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.432518959 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.441472054 CEST	49883	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.441524029 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.441636086 CEST	49883	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.441735983 CEST	49883	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.441754103 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.442970991 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.443068981 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.443147898 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.443665981 CEST	49885	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.443725109 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.443787098 CEST	49885	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.444000006 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.444036007 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.444066048 CEST	49885	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.444086075 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.524461985 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.524804115 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.524879932 CEST	49881	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.524909019 CEST	49881	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.524921894 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.524931908 CEST	49881	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.524936914 CEST	443	49881	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.527334929 CEST	49887	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.527435064 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:11.527503967 CEST	49887	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.527947903 CEST	49887	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:11.527983904 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.083115101 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.083657026 CEST	49885	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.083743095 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.084115028 CEST	49885	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.084130049 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.104342937 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.104722023 CEST	49883	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.104799032 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.105109930 CEST	49883	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.105123997 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.105750084 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.105993032 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.106055021 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.106290102 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.106302023 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.175750971 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.176464081 CEST	49887	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.176496029 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.176889896 CEST	49887	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.176901102 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.179778099 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.180063963 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.180144072 CEST	49885	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.180212021 CEST	49885	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.180212021 CEST	49885	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.180254936 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.180279970 CEST	443	49885	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.182843924 CEST	49888	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.182893038 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.182971954 CEST	49888	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.183094978 CEST	49888	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.183108091 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.203834057 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.204400063 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.204544067 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.204624891 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.204639912 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.204674959 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.204735994 CEST	49883	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.204737902 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.204780102 CEST	49883	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.204796076 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.204813957 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.204814911 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.204844952 CEST	49883	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.204847097 CEST	49884	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.204859018 CEST	443	49884	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.204859972 CEST	443	49883	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.207206011 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.207292080 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.207317114 CEST	49890	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.207334995 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.207376003 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.207457066 CEST	49890	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.207540989 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.207540989 CEST	49890	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.207576990 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.207608938 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.271253109 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.271456003 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.271867037 CEST	49887	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.271951914 CEST	49887	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.271951914 CEST	49887	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.271994114 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.272026062 CEST	443	49887	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.274703026 CEST	49891	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.274789095 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.274889946 CEST	49891	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.275026083 CEST	49891	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.275047064 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.793067932 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.794329882 CEST	49888	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.794394970 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.794795990 CEST	49888	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.794809103 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.834534883 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.835124969 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.835149050 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.835233927 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.835484982 CEST	49890	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.835493088 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.835769892 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.835777044 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.835830927 CEST	49890	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.835835934 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.888138056 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.888334990 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.888521910 CEST	49888	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.888603926 CEST	49888	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.888603926 CEST	49888	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.888648987 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.888675928 CEST	443	49888	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.891896963 CEST	49892	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.891949892 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.892041922 CEST	49892	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.892246008 CEST	49892	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.892265081 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.928587914 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.929075003 CEST	49891	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.929158926 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.929429054 CEST	49891	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.929445028 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.933548927 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.933799982 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.933881044 CEST	49890	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.933934927 CEST	49890	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.933934927 CEST	49890	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.933967113 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.933988094 CEST	443	49890	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.934093952 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.934343100 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.934392929 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.934415102 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.934464931 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.934633970 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.934633970 CEST	49889	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.934648037 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.934668064 CEST	443	49889	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.936335087 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.936371088 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.936481953 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.936569929 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.936577082 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.937239885 CEST	49894	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.937247038 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:12.937319994 CEST	49894	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.937509060 CEST	49894	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:12.937520027 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.029361010 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.029525042 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.029732943 CEST	49891	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.029788971 CEST	49891	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.029819012 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.029869080 CEST	49891	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.029885054 CEST	443	49891	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.032315969 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.032362938 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.032444954 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.032629967 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.032650948 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.505247116 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.505763054 CEST	49892	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.505827904 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.506206989 CEST	49892	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.506221056 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.547549009 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.547950029 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.547980070 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.548369884 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.548376083 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.553417921 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.553706884 CEST	49894	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.553725004 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.554061890 CEST	49894	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.554065943 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.600107908 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.600275993 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.600368023 CEST	49892	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.614275932 CEST	49892	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.614315987 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.614341974 CEST	49892	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.614356041 CEST	443	49892	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.645427942 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.645481110 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.645541906 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.645548105 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.645596027 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.648680925 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.648947001 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.649008989 CEST	49894	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.652189016 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.678832054 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:13.678940058 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:13.679028034 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:13.679457903 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:13.679534912 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:13.679603100 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:13.679775000 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:13.679814100 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:13.680128098 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:13.680164099 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:13.690267086 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.690284014 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.690321922 CEST	49893	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.690327883 CEST	443	49893	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.691883087 CEST	49894	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.691888094 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.691917896 CEST	49894	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.691920996 CEST	443	49894	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.693316936 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.693336964 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.704062939 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.704072952 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.796211958 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.796689034 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.796758890 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.796785116 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.796818972 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.796879053 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.851063967 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.851088047 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.851111889 CEST	49895	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.851123095 CEST	443	49895	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.857359886 CEST	49898	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.857404947 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.857472897 CEST	49898	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.858135939 CEST	49898	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.858154058 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.858865023 CEST	49899	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.858936071 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.859000921 CEST	49899	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.859148979 CEST	49899	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.859180927 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.859765053 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.859838963 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.859910011 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.859958887 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.860013962 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.860033989 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.860049963 CEST	443	49901	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:13.860116005 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.860222101 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:13.860245943 CEST	443	49901	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.288755894 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.289165974 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.289202929 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.289738894 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.290041924 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.290132046 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.290199995 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.290239096 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.290309906 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.297935009 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.298149109 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.298185110 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.299489021 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.299770117 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.299865961 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.299865961 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.299884081 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.299957991 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.350258112 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.486571074 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.487195969 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.487278938 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.487679005 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.487694025 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.505662918 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.506139040 CEST	49898	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.506162882 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.506984949 CEST	49898	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.506992102 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.522185087 CEST	443	49901	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.522721052 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.522815943 CEST	443	49901	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.523228884 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.523242950 CEST	443	49901	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.540487051 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.540772915 CEST	49899	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.540787935 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.541058064 CEST	49899	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.541064024 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.555775881 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.555927038 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.555999994 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.556301117 CEST	49896	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.556335926 CEST	443	49896	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.566032887 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.566857100 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.566922903 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.567118883 CEST	49897	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:14.567142963 CEST	443	49897	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:14.582568884 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.582693100 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.582745075 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.582760096 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.582803965 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.582942963 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.582973957 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.582982063 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.582998037 CEST	49900	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.583004951 CEST	443	49900	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.585836887 CEST	49902	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.585892916 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.586117029 CEST	49902	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.586117029 CEST	49902	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.586190939 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.604285002 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.604517937 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.604589939 CEST	49898	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.604705095 CEST	49898	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.604721069 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.604762077 CEST	49898	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.604769945 CEST	443	49898	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.606638908 CEST	49903	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.606672049 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.606744051 CEST	49903	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.606854916 CEST	49903	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.606868982 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.622646093 CEST	443	49901	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.644023895 CEST	443	49901	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.644109964 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.644110918 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.644110918 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.645859003 CEST	49904	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.645889997 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.645946980 CEST	49904	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.646061897 CEST	49904	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.646075964 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.646275043 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.646445036 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.646506071 CEST	49899	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.646548986 CEST	49899	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.646563053 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.646591902 CEST	49899	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.646596909 CEST	443	49899	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.648483038 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.648570061 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.648648977 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.648786068 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.648821115 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.944150925 CEST	49901	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.944219112 CEST	443	49901	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.998930931 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.999442101 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.999483109 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:14.999857903 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:14.999866962 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.107537031 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.107857943 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.107975006 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.108020067 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.108042955 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.108083963 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.108103991 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.108117104 CEST	49882	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.108122110 CEST	443	49882	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.110750914 CEST	49906	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.110816002 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.110902071 CEST	49906	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.111036062 CEST	49906	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.111054897 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.194865942 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.195444107 CEST	49902	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.195529938 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.195755959 CEST	49902	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.195772886 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.226687908 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:15.226762056 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:15.227015972 CEST	49843	443	192.168.2.4	142.250.186.132
Oct 7, 2024 14:39:15.258902073 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.259260893 CEST	49904	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.259289980 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.259599924 CEST	49904	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.259608984 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.259708881 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.259959936 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.260020018 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.260237932 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.260251045 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.272907019 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.273148060 CEST	49903	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.273206949 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.273433924 CEST	49903	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.273447990 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.293227911 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.293323040 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.293435097 CEST	49902	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.293597937 CEST	49902	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.293643951 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.293675900 CEST	49902	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.293692112 CEST	443	49902	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.296664000 CEST	49907	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.296715975 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.296802044 CEST	49907	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.296943903 CEST	49907	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.296964884 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.353410959 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.353656054 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.353732109 CEST	49904	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.353764057 CEST	49904	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.353764057 CEST	49904	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.353779078 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.353787899 CEST	443	49904	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.354681969 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.354758978 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.354831934 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.354893923 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.354932070 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.354994059 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.354995012 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.355038881 CEST	49905	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.355066061 CEST	443	49905	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.355622053 CEST	49908	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.355695963 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.355773926 CEST	49908	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.355875015 CEST	49908	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.355895042 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.356544018 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.356579065 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.356642962 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.356745958 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.356760025 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.371848106 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.372036934 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.372109890 CEST	49903	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.372160912 CEST	49903	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.372189045 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.372236013 CEST	49903	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.372251034 CEST	443	49903	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.374111891 CEST	49910	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.374135017 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.374216080 CEST	49910	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.374320030 CEST	49910	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.374340057 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.755764008 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.756314993 CEST	49906	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.756357908 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.756772041 CEST	49906	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.756787062 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.853735924 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.854326963 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.854384899 CEST	49906	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.854433060 CEST	49906	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.854465008 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.854490042 CEST	49906	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.854505062 CEST	443	49906	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.856997013 CEST	49911	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.857039928 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.857119083 CEST	49911	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.857227087 CEST	49911	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.857235909 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.915477037 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.915958881 CEST	49907	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.915993929 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.916376114 CEST	49907	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.916379929 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.968683004 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.969095945 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.969172955 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:15.969456911 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:15.969471931 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.015626907 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.016177893 CEST	49910	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.016197920 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.016454935 CEST	49910	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.016467094 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.016799927 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.017026901 CEST	49908	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.017057896 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.017296076 CEST	49908	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.017301083 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.019723892 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.019792080 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.019849062 CEST	49907	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.019968987 CEST	49907	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.019985914 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.019994974 CEST	49907	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.019999981 CEST	443	49907	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.024353027 CEST	49912	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.024451971 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.024528980 CEST	49912	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.024653912 CEST	49912	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.024674892 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.062978983 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.063081026 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.063196898 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.063261032 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.063345909 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.096901894 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.096901894 CEST	49909	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.096952915 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.096981049 CEST	443	49909	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.102705956 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.102794886 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.102885962 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.103497028 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.103533983 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.115298986 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.115762949 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.115845919 CEST	49910	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.116743088 CEST	49910	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.116760969 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.116785049 CEST	49910	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.116800070 CEST	443	49910	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.119970083 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.120306015 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.120362043 CEST	49908	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.129420996 CEST	49914	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.129443884 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.129523039 CEST	49914	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.141807079 CEST	49914	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.141830921 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.141907930 CEST	49908	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.141922951 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.141949892 CEST	49908	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.141954899 CEST	443	49908	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.156388044 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.156483889 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.156578064 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.158677101 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.158714056 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.881268024 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.885971069 CEST	49911	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.886013031 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:16.886507988 CEST	49911	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:16.886513948 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.267975092 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.268330097 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.268409967 CEST	49911	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.268457890 CEST	49911	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.268480062 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.268490076 CEST	49911	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.268495083 CEST	443	49911	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.270930052 CEST	49916	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.270965099 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.271044970 CEST	49916	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.271161079 CEST	49916	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.271173000 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.348367929 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.348936081 CEST	49912	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.349020004 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.349351883 CEST	49912	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.349407911 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.353315115 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.353806973 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.353838921 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.354089022 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.354096889 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.362126112 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.362500906 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.362540007 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.362893105 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.362904072 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.364284992 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.364604950 CEST	49914	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.364622116 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.365092039 CEST	49914	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.365097046 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.445606947 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.445653915 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.445837021 CEST	49912	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.446088076 CEST	49912	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.446139097 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.446192026 CEST	49912	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.446208954 CEST	443	49912	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.448421955 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.448457003 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.448566914 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.448695898 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.448719978 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.451072931 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.451183081 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.451268911 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.451289892 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.451364040 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.451364040 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.451426029 CEST	49913	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.451455116 CEST	443	49913	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.453469038 CEST	49918	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.453478098 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.453530073 CEST	49918	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.453712940 CEST	49918	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.453722954 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.460941076 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.461009026 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.461103916 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.461103916 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.461163998 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.462791920 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.462791920 CEST	49915	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.462809086 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.462830067 CEST	443	49915	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.464603901 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.464623928 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.464729071 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.464818954 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.464826107 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.467291117 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.468091965 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.468164921 CEST	49914	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.468353033 CEST	49914	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.468365908 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.468415022 CEST	49914	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.468429089 CEST	443	49914	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.469927073 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.469971895 CEST	443	49920	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.470047951 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.470141888 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.470156908 CEST	443	49920	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.988069057 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.988662958 CEST	49916	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.988684893 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:17.989002943 CEST	49916	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:17.989008904 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.086848021 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.086991072 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.087052107 CEST	49916	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.087109089 CEST	49916	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.087117910 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.087127924 CEST	49916	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.087131977 CEST	443	49916	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.089864016 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.089953899 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.090056896 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.090192080 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.090214968 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.138672113 CEST	443	49920	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.139178038 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.139239073 CEST	443	49920	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.139584064 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.139595985 CEST	443	49920	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.154669046 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.155419111 CEST	49918	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.155457973 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.155471087 CEST	49918	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.155478954 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.158504963 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.158797026 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.158828020 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.159123898 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.159131050 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.159487009 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.159866095 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.159882069 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.161953926 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.161962032 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.240900993 CEST	443	49920	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.241570950 CEST	443	49920	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.241772890 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.241772890 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.241772890 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.244985104 CEST	49922	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.245070934 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.245177031 CEST	49922	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.245326042 CEST	49922	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.245356083 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.259079933 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.259311914 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.259409904 CEST	49918	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.261703014 CEST	49918	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.261703014 CEST	49918	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.261719942 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.261729956 CEST	443	49918	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.261828899 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.261885881 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.261944056 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.261959076 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.262029886 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.262079954 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.262171984 CEST	49923	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.262247086 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.262255907 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.262265921 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.262293100 CEST	49919	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.262296915 CEST	443	49919	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.262368917 CEST	49923	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.263025999 CEST	49923	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.263062000 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.264883041 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.264904022 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.264939070 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.264971018 CEST	49924	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.264971018 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.264991999 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.265050888 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.265050888 CEST	49924	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.265099049 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.265099049 CEST	49917	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.265104055 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.265110016 CEST	443	49917	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.265963078 CEST	49924	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.265975952 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.266705990 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.266721010 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.266787052 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.266899109 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.266911030 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.553766966 CEST	49920	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.553852081 CEST	443	49920	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.706775904 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.707221031 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.707258940 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.707668066 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.707679987 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.806241035 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.806643963 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.806766033 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.806835890 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.806835890 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.806922913 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.806922913 CEST	49921	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.806966066 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.806998014 CEST	443	49921	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.809267044 CEST	49926	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.809284925 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.809375048 CEST	49926	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.809484959 CEST	49926	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.809493065 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.868011951 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.868546963 CEST	49922	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.868607998 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.868798971 CEST	49922	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.868815899 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.884823084 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.885600090 CEST	49923	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.885641098 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.886193991 CEST	49923	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.886205912 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.888767958 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.889107943 CEST	49924	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.889146090 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.889379978 CEST	49924	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.889393091 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.922530890 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.923477888 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.923485041 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.924036026 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.924038887 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.965764999 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.965837955 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.965925932 CEST	49922	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.966042042 CEST	49922	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.966080904 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.966106892 CEST	49922	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.966123104 CEST	443	49922	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.968159914 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.968200922 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.968267918 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.968369961 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.968384027 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.985759974 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.985930920 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.986011982 CEST	49923	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.986082077 CEST	49923	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.986082077 CEST	49923	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.986116886 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.986140013 CEST	443	49923	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.986768007 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.986813068 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.986864090 CEST	49924	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.987072945 CEST	49924	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.987088919 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.987102985 CEST	49924	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.987108946 CEST	443	49924	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.988792896 CEST	49928	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.988878012 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.988955975 CEST	49928	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.989614964 CEST	49929	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.989645958 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.989700079 CEST	49929	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.989770889 CEST	49928	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.989804983 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:18.989830971 CEST	49929	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:18.989845037 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.022610903 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.022686005 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.022763968 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.022773981 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.022794008 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.022878885 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.023025036 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.023036003 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.023046970 CEST	49925	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.023051977 CEST	443	49925	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.025088072 CEST	49930	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.025122881 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.025196075 CEST	49930	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.025300026 CEST	49930	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.025307894 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.423758030 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.424307108 CEST	49926	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.424318075 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.424731016 CEST	49926	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.424734116 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.518512964 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.518688917 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.518779039 CEST	49926	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.518980026 CEST	49926	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.518991947 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.519001961 CEST	49926	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.519006014 CEST	443	49926	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.522094011 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.522156954 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.522290945 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.522654057 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.522676945 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.578712940 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.579379082 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.579401016 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.579715014 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.579721928 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.589612961 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.590080976 CEST	49928	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.590114117 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.590765953 CEST	49928	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.590778112 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.596812963 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.597167969 CEST	49929	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.597210884 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.597496986 CEST	49929	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.597505093 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.652497053 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.652910948 CEST	49930	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.652925014 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.653228998 CEST	49930	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.653234959 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.674356937 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.674479008 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.674521923 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.674540043 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.674586058 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.675262928 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.675287008 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.675302982 CEST	49927	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.675309896 CEST	443	49927	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.681874990 CEST	49932	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.681915045 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.682001114 CEST	49932	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.682301044 CEST	49932	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.682324886 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.691179037 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.691318035 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.691405058 CEST	49929	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.691553116 CEST	49929	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.691572905 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.691603899 CEST	49929	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.691611052 CEST	443	49929	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.693945885 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.694031000 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.694111109 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.694263935 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.694298983 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.731424093 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.731657028 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.731734037 CEST	49928	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.731784105 CEST	49928	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.731813908 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.731839895 CEST	49928	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.731854916 CEST	443	49928	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.733747005 CEST	49934	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.733772993 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.733858109 CEST	49934	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.733958960 CEST	49934	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.733983994 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.747564077 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.747725964 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.747800112 CEST	49930	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.747853994 CEST	49930	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.747875929 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.747890949 CEST	49930	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.747900009 CEST	443	49930	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.749753952 CEST	49935	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.749797106 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:19.749871969 CEST	49935	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.749957085 CEST	49935	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:19.749972105 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.141163111 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.141701937 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.141736984 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.142368078 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.142374039 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.242412090 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.242908001 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.243007898 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.243040085 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.243087053 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.243177891 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.243218899 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.243248940 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.243269920 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.243292093 CEST	49931	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.243300915 CEST	443	49931	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.246166945 CEST	49936	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.246195078 CEST	443	49936	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.246274948 CEST	49936	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.246424913 CEST	49936	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.246432066 CEST	443	49936	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.318236113 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.318742990 CEST	49932	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.318763971 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.319117069 CEST	49932	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.319123030 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.322025061 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.322427034 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.322480917 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.322760105 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.322772980 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.338325977 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.338768005 CEST	49934	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.338799000 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.339102983 CEST	49934	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.339112997 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.360560894 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.363559008 CEST	49935	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.363584995 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.363890886 CEST	49935	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.363895893 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.418792963 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.419059038 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.419138908 CEST	49932	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.419198036 CEST	49932	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.419212103 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.419225931 CEST	49932	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.419233084 CEST	443	49932	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.419627905 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.419687033 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.419770002 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.419781923 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.419845104 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.419904947 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.419904947 CEST	49933	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.419941902 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.419964075 CEST	443	49933	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.422111988 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.422152996 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.422261953 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.422353029 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.422362089 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.422374964 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.422390938 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.422434092 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.422629118 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.422643900 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.434513092 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.434561014 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.434736013 CEST	49934	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.434792995 CEST	49934	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.434811115 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.434834003 CEST	49934	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.434847116 CEST	443	49934	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.437144995 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.437163115 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.437329054 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.437401056 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.437407970 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.458125114 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.458421946 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.458543062 CEST	49935	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.458631992 CEST	49935	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.458637953 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.458651066 CEST	49935	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.458656073 CEST	443	49935	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.460859060 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.460942984 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.461035013 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.461184978 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.461220026 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.859770060 CEST	443	49936	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.860613108 CEST	49936	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.860627890 CEST	443	49936	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.861545086 CEST	49936	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.861548901 CEST	443	49936	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.955446005 CEST	443	49936	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.955710888 CEST	443	49936	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.955832005 CEST	49936	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.956753016 CEST	49936	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.956768036 CEST	443	49936	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.986089945 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:20.986185074 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:20.987365007 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.047931910 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.068789959 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.070851088 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.091628075 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.101986885 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.116049051 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.116127014 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.147304058 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.178570986 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.178585052 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.179016113 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.179022074 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.179279089 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.179359913 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.187661886 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.187689066 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.188014030 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.188021898 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.188580036 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.188590050 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.189004898 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.189009905 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.189958096 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.189964056 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.191437960 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.191442966 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.272541046 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.272814989 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.272882938 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.272945881 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.272964954 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.272977114 CEST	49940	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.272984028 CEST	443	49940	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.276460886 CEST	49942	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.276530981 CEST	443	49942	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.276613951 CEST	49942	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.276802063 CEST	49942	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.276815891 CEST	443	49942	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.281311989 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.281960011 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.282016993 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.282058001 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.282083035 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.282098055 CEST	49938	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.282104969 CEST	443	49938	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.283601046 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.284907103 CEST	49943	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.284933090 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.284981966 CEST	49943	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.285124063 CEST	49943	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.285140038 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.286088943 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.286134958 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.286165953 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.286179066 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.286191940 CEST	49939	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.286196947 CEST	443	49939	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.288600922 CEST	49944	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.288675070 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.288746119 CEST	49944	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.288943052 CEST	49944	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.288978100 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.290360928 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.290503979 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.290549040 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.290733099 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.290734053 CEST	49937	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.290741920 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.290750980 CEST	443	49937	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.293124914 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.293169975 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.293242931 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.293354034 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.293374062 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.841979980 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.842611074 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.842677116 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.843223095 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.843239069 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.918159008 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.918414116 CEST	443	49942	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.918616056 CEST	49944	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.918695927 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.918776989 CEST	49942	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.918842077 CEST	443	49942	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.919044018 CEST	49944	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.919058084 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.919300079 CEST	49942	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.919313908 CEST	443	49942	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.923578978 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.923870087 CEST	49943	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.923926115 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.924171925 CEST	49943	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.924185991 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.931884050 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.932241917 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.932271957 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.932532072 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.932539940 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.936747074 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.936809063 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.936866999 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.936887026 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.937064886 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.937064886 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.937071085 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.937120914 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.937125921 CEST	49941	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.937159061 CEST	443	49941	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.939891100 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.939920902 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:21.939996958 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.940161943 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:21.940166950 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.013905048 CEST	443	49942	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.014060020 CEST	443	49942	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.014153004 CEST	49942	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.014153004 CEST	49942	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.014236927 CEST	49942	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.014272928 CEST	443	49942	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.014631033 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.014733076 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.014795065 CEST	49944	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.014905930 CEST	49944	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.014954090 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.014983892 CEST	49944	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.015001059 CEST	443	49944	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.016791105 CEST	49947	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.016838074 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.016911983 CEST	49947	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.017060995 CEST	49947	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.017092943 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.017184019 CEST	49948	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.017220020 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.017277956 CEST	49948	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.017400026 CEST	49948	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.017414093 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.017887115 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.018038034 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.018095970 CEST	49943	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.018148899 CEST	49943	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.018148899 CEST	49943	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.018181086 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.018203020 CEST	443	49943	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.020131111 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.020195007 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.020267963 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.020354986 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.020375967 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.028038979 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.028089046 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.028140068 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.028151989 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.028258085 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.028281927 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.028301001 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.028314114 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.028320074 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.028331995 CEST	49945	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.028336048 CEST	443	49945	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.030416965 CEST	49950	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.030448914 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.030524015 CEST	49950	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.030672073 CEST	49950	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.030702114 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.594635963 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.595313072 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.595350027 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.595994949 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.596002102 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.650058031 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.650590897 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.650665998 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.651146889 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.651161909 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.655751944 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.656074047 CEST	49947	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.656131029 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.656527042 CEST	49947	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.656539917 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.660094023 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.660391092 CEST	49948	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.660418987 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.660846949 CEST	49948	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.660851955 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.694144011 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.694220066 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.694349051 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.694369078 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.694434881 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.694596052 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.694641113 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.694669962 CEST	49946	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.694684982 CEST	443	49946	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.694768906 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.695445061 CEST	49950	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.695462942 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.696257114 CEST	49950	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.696261883 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.698482037 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.698513985 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.698592901 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.698801041 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.698808908 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.746126890 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.746186018 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.746292114 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.746309042 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.746354103 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.746520042 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.746520042 CEST	49949	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.746542931 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.746553898 CEST	443	49949	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.749386072 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.749393940 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.749483109 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.749645948 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.749650002 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.754807949 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.754841089 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.754889965 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.754966974 CEST	49947	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.755126953 CEST	49947	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.755161047 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.755212069 CEST	49947	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.755227089 CEST	443	49947	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.758150101 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.758196115 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.758263111 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.758486986 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.758502960 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.760874987 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.761023045 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.761337996 CEST	49948	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.781086922 CEST	49948	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.781099081 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.781131983 CEST	49948	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.781136990 CEST	443	49948	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.785398006 CEST	49954	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.785419941 CEST	443	49954	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.785500050 CEST	49954	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.785640955 CEST	49954	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.785646915 CEST	443	49954	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.794785023 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.796030045 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.796113014 CEST	49950	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.796272039 CEST	49950	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.796272039 CEST	49950	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.796283960 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.796293974 CEST	443	49950	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.798710108 CEST	49955	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.798722029 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:22.798791885 CEST	49955	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.798902988 CEST	49955	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:22.798913956 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.342768908 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.343148947 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.343307972 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.343333006 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.343369007 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.343375921 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.343794107 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.343797922 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.343980074 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.343983889 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.365896940 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.367094040 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.367117882 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.367423058 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.367429018 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.422568083 CEST	443	49954	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.422935009 CEST	49954	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.422965050 CEST	443	49954	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.423460007 CEST	49954	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.423470020 CEST	443	49954	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.424742937 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.424989939 CEST	49955	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.425003052 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.425463915 CEST	49955	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.425467968 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.442518950 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.442545891 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.442605019 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.442611933 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.442629099 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.442676067 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.442847967 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.442862988 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.442872047 CEST	49951	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.442878962 CEST	443	49951	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.444099903 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.444153070 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.444207907 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.444251060 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.444298983 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.444775105 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.444778919 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.444797039 CEST	49952	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.444799900 CEST	443	49952	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.446666956 CEST	49956	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.446732998 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.446810961 CEST	49956	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.446913958 CEST	49956	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.446938992 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.446943998 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.446978092 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.447032928 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.447094917 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.447104931 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.461733103 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.461770058 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.461824894 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.461828947 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.461869001 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.461997032 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.461997032 CEST	49953	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.462008953 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.462018967 CEST	443	49953	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.464171886 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.464190960 CEST	443	49958	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.464266062 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.464394093 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.464409113 CEST	443	49958	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.519144058 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.519305944 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.519406080 CEST	49955	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.519486904 CEST	49955	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.519501925 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.519512892 CEST	49955	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.519520044 CEST	443	49955	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.522438049 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.522475958 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.522562981 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.523643017 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.523682117 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.552273989 CEST	443	49954	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.552628994 CEST	443	49954	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.552751064 CEST	49954	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.552751064 CEST	49954	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.553312063 CEST	49954	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.553333044 CEST	443	49954	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.555372000 CEST	49960	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.555464983 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:23.555557966 CEST	49960	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.555677891 CEST	49960	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:23.555716991 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.078142881 CEST	443	49958	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.079134941 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.079163074 CEST	443	49958	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.079696894 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.079715014 CEST	443	49958	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.089514017 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.090209961 CEST	49956	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.090274096 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.090631962 CEST	49956	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.090645075 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.094561100 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.095604897 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.095621109 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.096266985 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.096271992 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.140986919 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.141516924 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.141554117 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.142023087 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.142033100 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.174092054 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.174406052 CEST	443	49958	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.174822092 CEST	49960	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.174894094 CEST	443	49958	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.174909115 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.175066948 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.175066948 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.175066948 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.175250053 CEST	49960	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.175266981 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.178503990 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.178595066 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.178805113 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.178881884 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.178905010 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.187009096 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.187160015 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.187233925 CEST	49956	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.187284946 CEST	49956	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.187284946 CEST	49956	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.187319040 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.187340975 CEST	443	49956	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.189330101 CEST	49962	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.189352989 CEST	443	49962	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.189424992 CEST	49962	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.189513922 CEST	49962	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.189541101 CEST	443	49962	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.194385052 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.194679976 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.194736004 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.194746971 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.194797039 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.194830894 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.194847107 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.194859982 CEST	49957	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.194865942 CEST	443	49957	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.197204113 CEST	49963	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.197302103 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.197401047 CEST	49963	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.197510958 CEST	49963	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.197545052 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.236895084 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.237240076 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.237329006 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.237346888 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.237375021 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.237574100 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.237627029 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.237639904 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.237678051 CEST	49959	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.237690926 CEST	443	49959	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.239707947 CEST	49964	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.239784002 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.239851952 CEST	49964	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.239933014 CEST	49964	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.239953995 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.270168066 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.270345926 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.270442009 CEST	49960	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.270519018 CEST	49960	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.270558119 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.270601034 CEST	49960	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.270617962 CEST	443	49960	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.273056030 CEST	49965	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.273102045 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.273264885 CEST	49965	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.273298979 CEST	49965	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.273307085 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.490611076 CEST	49958	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.490644932 CEST	443	49958	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.829231024 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.830068111 CEST	49963	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.830131054 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.830729008 CEST	49963	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.830784082 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.832408905 CEST	443	49962	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.832987070 CEST	49962	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.833055019 CEST	443	49962	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.833282948 CEST	49962	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.833301067 CEST	443	49962	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.837150097 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.838927031 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.838957071 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.839323997 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.839335918 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.895123959 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.895529985 CEST	49964	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.895555019 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.895879030 CEST	49964	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.895885944 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.924777985 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.925192118 CEST	49965	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.925215006 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.925542116 CEST	49965	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.925546885 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.928714037 CEST	443	49962	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.928886890 CEST	443	49962	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.929043055 CEST	49962	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.929043055 CEST	49962	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.929311991 CEST	49962	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.929336071 CEST	443	49962	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.929503918 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.929584980 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.929733038 CEST	49963	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.929776907 CEST	49963	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.929776907 CEST	49963	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.929800987 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.929816961 CEST	443	49963	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.931711912 CEST	49966	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.931744099 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.931807041 CEST	49966	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.931902885 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.931940079 CEST	49966	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.931941032 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.931945086 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.932024002 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.932106018 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.932121992 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.938111067 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.938153028 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.938193083 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.938224077 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.938260078 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.938405037 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.938405037 CEST	49961	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.938422918 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.938443899 CEST	443	49961	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.940315008 CEST	49968	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.940351009 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:24.940424919 CEST	49968	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.940557957 CEST	49968	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:24.940574884 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.000653028 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.000897884 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.000941992 CEST	49964	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.000984907 CEST	49964	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.001010895 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.001043081 CEST	49964	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.001050949 CEST	443	49964	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.003058910 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.003103971 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.003171921 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.003304958 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.003323078 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.024234056 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.025005102 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.025099993 CEST	49965	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.025181055 CEST	49965	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.025181055 CEST	49965	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.025224924 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.025253057 CEST	443	49965	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.026782036 CEST	49970	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.026818037 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.026889086 CEST	49970	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.026998043 CEST	49970	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.027014017 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.731086016 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.731614113 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.731628895 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.732019901 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.732027054 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.734860897 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.735183954 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.735239983 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.735604048 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.735615969 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.736696005 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.736895084 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.736963034 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.737174988 CEST	49966	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.737220049 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.737386942 CEST	49970	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.737401009 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.737618923 CEST	49966	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.737626076 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.737842083 CEST	49970	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.737852097 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.738111973 CEST	49968	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.738142014 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.738581896 CEST	49968	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.738589048 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.831279993 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.831357002 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.831438065 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.831448078 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.831511974 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.831655979 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.834732056 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.834732056 CEST	49967	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.834743023 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.834747076 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.834748983 CEST	443	49967	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.834808111 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.835078001 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.835078001 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.835211039 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.836972952 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.838545084 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.838592052 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.838615894 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.838651896 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.838758945 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.838798046 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.838823080 CEST	49969	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.838839054 CEST	443	49969	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.838903904 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.839061022 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.839121103 CEST	49970	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.839415073 CEST	49970	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.839415073 CEST	49970	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.839432955 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.839453936 CEST	443	49970	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.839684963 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.839735985 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.839742899 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.839791059 CEST	49968	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.839967012 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.839989901 CEST	49968	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.839991093 CEST	49968	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.840013027 CEST	49966	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.840019941 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.840045929 CEST	443	49968	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.841672897 CEST	49966	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.841700077 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.841715097 CEST	49966	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.841722965 CEST	443	49966	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.844031096 CEST	49972	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.844116926 CEST	443	49972	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.844202042 CEST	49972	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.845307112 CEST	49973	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.845347881 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.845407009 CEST	49973	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.846251965 CEST	49972	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.846287966 CEST	443	49972	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.846911907 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.846920967 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.846991062 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.847094059 CEST	49973	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.847110987 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.847122908 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.847134113 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.847671986 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.847696066 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:25.847765923 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.847867966 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:25.847893000 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.452337027 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.452811003 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.452933073 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.452951908 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.453200102 CEST	49973	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.453231096 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.453632116 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.453639030 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.453819036 CEST	49973	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.453824043 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.459893942 CEST	443	49972	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.460336924 CEST	49972	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.460380077 CEST	443	49972	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.460903883 CEST	49972	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.460915089 CEST	443	49972	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.462455034 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.462821007 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.462836981 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.463288069 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.463293076 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.503735065 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.504761934 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.504838943 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.505328894 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.505342007 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.547830105 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.547905922 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.548013926 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.548065901 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.548110962 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.548221111 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.548221111 CEST	49971	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.548252106 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.548273087 CEST	443	49971	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.548491955 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.548542023 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.548583984 CEST	49973	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.548700094 CEST	49973	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.548716068 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.548724890 CEST	49973	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.548729897 CEST	443	49973	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.550970078 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.551022053 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.551094055 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.551198959 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.551215887 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.551265955 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.551287889 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.551342964 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.551424026 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.551431894 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.555356026 CEST	443	49972	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.555546999 CEST	443	49972	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.555638075 CEST	49972	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.555638075 CEST	49972	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.555706024 CEST	49972	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.555732012 CEST	443	49972	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.557210922 CEST	49978	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.557223082 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.557293892 CEST	49978	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.557393074 CEST	49978	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.557405949 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.558409929 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.558511972 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.558569908 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.558578014 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.558630943 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.558670998 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.558681965 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.558690071 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.558693886 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.558713913 CEST	49974	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.558718920 CEST	443	49974	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.560390949 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.560405016 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.560478926 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.560580015 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.560595036 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.604432106 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.604502916 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.604598045 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.604609966 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.604665995 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.605011940 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.605011940 CEST	49975	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.605078936 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.605113983 CEST	443	49975	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.608022928 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.608069897 CEST	443	49980	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:26.608155966 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.608290911 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:26.608308077 CEST	443	49980	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.161043882 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.161761999 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.161789894 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.162035942 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.162040949 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.171684027 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.172144890 CEST	49978	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.172167063 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.172471046 CEST	49978	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.172491074 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.187062025 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.187535048 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.187561989 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.187932968 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.187939882 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.195898056 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.196268082 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.196279049 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.196522951 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.196528912 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.250154018 CEST	443	49980	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.250709057 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.250806093 CEST	443	49980	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.251008034 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.251024008 CEST	443	49980	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.256295919 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.256436110 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.256536961 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.256550074 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.256810904 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.256810904 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.256810904 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.259541988 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.259630919 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.259722948 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.259823084 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.259848118 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.266011000 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.267642975 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.267703056 CEST	49978	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.267715931 CEST	49978	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.267729998 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.267740011 CEST	49978	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.267745018 CEST	443	49978	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.269768000 CEST	49982	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.269792080 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.269871950 CEST	49982	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.269987106 CEST	49982	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.270015001 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.288013935 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.288033009 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.288193941 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.288212061 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.288358927 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.288366079 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.288395882 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.288408041 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.288444996 CEST	443	49976	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.288495064 CEST	49976	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.290981054 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.291035891 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.291115046 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.291240931 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.291256905 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.309783936 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.309814930 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.309854031 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.309887886 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.309916019 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.310070992 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.310080051 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.310112000 CEST	49979	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.310116053 CEST	443	49979	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.311753988 CEST	49984	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.311765909 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.311829090 CEST	49984	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.311943054 CEST	49984	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.311954021 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.349402905 CEST	443	49980	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.349572897 CEST	443	49980	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.349864960 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.349864960 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.349864960 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.351735115 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.351766109 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.351839066 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.351953030 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.351965904 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.570188046 CEST	49977	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.570203066 CEST	443	49977	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:27.664239883 CEST	49980	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:27.664314985 CEST	443	49980	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.091501951 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.096561909 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.098635912 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.101851940 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.102794886 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.139945030 CEST	49982	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.140008926 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.140327930 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.140351057 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.140371084 CEST	49982	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.140425920 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.140537977 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.140762091 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.140980005 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.140985966 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.141417027 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.141423941 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.141762018 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.141766071 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.141969919 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.141998053 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.142261982 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.142275095 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.142749071 CEST	49984	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.142791033 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.143040895 CEST	49984	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.143053055 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.232563019 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.232755899 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.232789993 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.232836008 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.232881069 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.232952118 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.232970953 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.232985020 CEST	49983	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.232991934 CEST	443	49983	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.233931065 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.233998060 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.234049082 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.234055042 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.234102011 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.234148979 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.234359026 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.234365940 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.234375000 CEST	49985	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.234379053 CEST	443	49985	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.235132933 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.235594988 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.235680103 CEST	49984	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.236870050 CEST	49986	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.236885071 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.236942053 CEST	49986	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.236963987 CEST	49984	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.236994028 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.237020016 CEST	49984	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.237034082 CEST	443	49984	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.237591028 CEST	49986	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.237600088 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.238354921 CEST	49987	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.238394022 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.238465071 CEST	49987	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.238873959 CEST	49987	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.238900900 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.239240885 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.239273071 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.239335060 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.239423037 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.239430904 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.242868900 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.243024111 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.243096113 CEST	49982	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.243669987 CEST	49982	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.243669987 CEST	49982	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.243711948 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.243740082 CEST	443	49982	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.246773958 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.246818066 CEST	443	49989	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.247014999 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.247014999 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.247083902 CEST	443	49989	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.256766081 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.256836891 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.256894112 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.256911993 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.256942034 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.257148027 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.257148027 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.257148027 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.257235050 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.259882927 CEST	49990	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.259931087 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.260013103 CEST	49990	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.263060093 CEST	49990	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.263092041 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.394222021 CEST	49843	443	192.168.2.4	142.250.186.132
Oct 7, 2024 14:39:28.394288063 CEST	443	49843	142.250.186.132	192.168.2.4
Oct 7, 2024 14:39:28.568741083 CEST	49981	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.568773031 CEST	443	49981	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.850811958 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.851439953 CEST	49986	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.851449013 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.852087975 CEST	49986	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.852092028 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.860388041 CEST	443	49989	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.861006021 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.861093998 CEST	443	49989	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.861624956 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.861640930 CEST	443	49989	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.870970011 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.871512890 CEST	49987	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.871589899 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.871928930 CEST	49987	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.871942997 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.876437902 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.877022028 CEST	49990	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.877084970 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.877474070 CEST	49990	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.877489090 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.882277012 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.882675886 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.882709980 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.883255005 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.883260965 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.946935892 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.947419882 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.947473049 CEST	49986	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.952334881 CEST	49986	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.952334881 CEST	49986	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.952358961 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.952369928 CEST	443	49986	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.955910921 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.955955982 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.956033945 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.956226110 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.956233978 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.957446098 CEST	443	49989	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.957626104 CEST	443	49989	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.957809925 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.957809925 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.957811117 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.960659027 CEST	49992	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.960748911 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.960845947 CEST	49992	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.960979939 CEST	49992	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.961016893 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.967876911 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.968203068 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.968291998 CEST	49987	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.970487118 CEST	49987	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.970532894 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.970561981 CEST	49987	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.970577955 CEST	443	49987	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.974257946 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.974435091 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.974649906 CEST	49990	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.977188110 CEST	49990	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.977188110 CEST	49990	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.977257013 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.977300882 CEST	443	49990	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.980792046 CEST	49993	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.980885983 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.980916977 CEST	49994	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.980937958 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.980986118 CEST	49993	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.981044054 CEST	49994	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.981122017 CEST	49993	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.981151104 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.981251955 CEST	49994	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.981276035 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.985888958 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.985955000 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.986012936 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.986022949 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.986064911 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.986119032 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.986231089 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.986238956 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.986249924 CEST	49988	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.986253023 CEST	443	49988	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.989186049 CEST	49995	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.989274979 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:28.989382982 CEST	49995	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.989521980 CEST	49995	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:28.989548922 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.259212017 CEST	49989	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.259244919 CEST	443	49989	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.578161955 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.578692913 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.578727961 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.579161882 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.579165936 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.586663008 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.586991072 CEST	49992	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.587060928 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.587354898 CEST	49992	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.587368011 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.597789049 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.598082066 CEST	49994	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.598164082 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.598474979 CEST	49994	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.598491907 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.618320942 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.618633986 CEST	49995	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.618665934 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.619025946 CEST	49995	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.619035959 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.621421099 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.621669054 CEST	49993	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.621707916 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.621943951 CEST	49993	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.621958017 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.676528931 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.676554918 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.676601887 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.676639080 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.676728964 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.676862001 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.676862001 CEST	49991	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.676908016 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.676934004 CEST	443	49991	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.680346966 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.680429935 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.680516005 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.680653095 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.680685997 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.692580938 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.692723036 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.692810059 CEST	49994	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.693001986 CEST	49994	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.693001986 CEST	49994	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.693049908 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.693078995 CEST	443	49994	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.693131924 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.693687916 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.693762064 CEST	49992	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.693814039 CEST	49992	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.693814039 CEST	49992	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.693844080 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.693870068 CEST	443	49992	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.695957899 CEST	49998	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.696002007 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.696105003 CEST	49998	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.696221113 CEST	49998	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.696239948 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.696949959 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.696990013 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.697060108 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.697208881 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.697228909 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.737744093 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.737965107 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.738034010 CEST	49995	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.738140106 CEST	49995	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.738140106 CEST	49995	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.738153934 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.738173008 CEST	443	49995	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.739649057 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.739820004 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.739876032 CEST	49993	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.739903927 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.739938974 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.739991903 CEST	49993	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.740014076 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.740051031 CEST	49993	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.740065098 CEST	443	49993	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.740154982 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.740242958 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.740323067 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.740411997 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.740433931 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.743918896 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.744004011 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:29.744079113 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.745009899 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:29.745047092 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.305593967 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.307173967 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.308475018 CEST	49998	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.308518887 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.308895111 CEST	49998	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.308903933 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.309082985 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.309159994 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.309336901 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.309349060 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.373184919 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.373275042 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.378401995 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.401881933 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.401978970 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.402092934 CEST	49998	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.406656027 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.406694889 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.406755924 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.406801939 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.406801939 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.413042068 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.415530920 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.428774118 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.435729027 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.435744047 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.435741901 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.435796022 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.436140060 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.436156034 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.436291933 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.436315060 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.436330080 CEST	49996	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.436338902 CEST	443	49996	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.436387062 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.436393023 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.436676979 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.436707020 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.437000990 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.437014103 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.437491894 CEST	49998	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.437516928 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.437555075 CEST	49998	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.437563896 CEST	443	49998	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.439858913 CEST	50002	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.439914942 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.440006971 CEST	50002	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.440124035 CEST	50002	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.440139055 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.440192938 CEST	50003	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.440257072 CEST	443	50003	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.443552971 CEST	50003	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.443830013 CEST	50003	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.443861961 CEST	443	50003	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.530945063 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.531713963 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.531852007 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.531950951 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.532010078 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.532181978 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.532241106 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.532279968 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.532982111 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.532982111 CEST	50000	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.533026934 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.533056021 CEST	443	50000	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.535115004 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.535294056 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.535351992 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.540199995 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.540239096 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.540292025 CEST	50001	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.540307045 CEST	443	50001	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.553898096 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.553920031 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.553968906 CEST	49999	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.553982019 CEST	443	49999	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.560801029 CEST	50004	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.560837984 CEST	443	50004	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.560913086 CEST	50004	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.561593056 CEST	50005	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.561619997 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.561765909 CEST	50004	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.561784029 CEST	443	50004	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.561912060 CEST	50005	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.562139988 CEST	50005	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.562165022 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.562572002 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.562592030 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:30.562647104 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.562719107 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:30.562726021 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.356004953 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.356060028 CEST	443	50004	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.356462955 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.356606960 CEST	50002	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.356666088 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.356713057 CEST	50004	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.356728077 CEST	443	50004	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.357048988 CEST	50005	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.357104063 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.357410908 CEST	50004	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.357415915 CEST	443	50004	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.357418060 CEST	50005	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.357429981 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.357517004 CEST	50002	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.357532024 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.359128952 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.359455109 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.359477997 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.359915018 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.359925985 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.362554073 CEST	443	50003	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.362809896 CEST	50003	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.362868071 CEST	443	50003	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.363241911 CEST	50003	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.363255024 CEST	443	50003	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.451023102 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.451719999 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.451822042 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.451917887 CEST	50002	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.452002048 CEST	50002	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.452049017 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.452080965 CEST	50002	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.452096939 CEST	443	50002	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.452107906 CEST	443	50004	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.452286005 CEST	443	50004	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.452470064 CEST	50004	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.452470064 CEST	50004	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.452514887 CEST	50004	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.452536106 CEST	443	50004	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.452743053 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.452903032 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.453082085 CEST	50005	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.453190088 CEST	50005	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.453190088 CEST	50005	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.453236103 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.453265905 CEST	443	50005	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.455734968 CEST	50007	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.455781937 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.455800056 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.455848932 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.455857992 CEST	50007	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.455904961 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.455960989 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456113100 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456146955 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456160069 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456170082 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456192970 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456242085 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456295013 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456322908 CEST	50007	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456342936 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456362009 CEST	50009	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456368923 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456382036 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456412077 CEST	50006	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456425905 CEST	443	50006	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456428051 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.456486940 CEST	50009	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456617117 CEST	50009	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.456646919 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.458693027 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.458715916 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.458802938 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.458910942 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.458925009 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.478221893 CEST	443	50003	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.478308916 CEST	443	50003	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.478471994 CEST	50003	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.478471994 CEST	50003	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.478504896 CEST	50003	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.478518963 CEST	443	50003	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.480770111 CEST	50011	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.480794907 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:31.480870008 CEST	50011	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.480993986 CEST	50011	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:31.481009007 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.083209038 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.083811045 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.083844900 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.084445953 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.084455013 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.094110966 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.094626904 CEST	50007	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.094646931 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.095169067 CEST	50007	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.095196009 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.104523897 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.104934931 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.104952097 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.105456114 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.105463982 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.107801914 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.108181953 CEST	50009	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.108196020 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.108545065 CEST	50009	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.108551025 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.115772009 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.116287947 CEST	50011	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.116300106 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.116766930 CEST	50011	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.116771936 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.194286108 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.194463015 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.194530964 CEST	50007	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.194588900 CEST	50007	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.194612980 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.194628954 CEST	50007	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.194637060 CEST	443	50007	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.197789907 CEST	50012	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.197838068 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.197921038 CEST	50012	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.198084116 CEST	50012	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.198096991 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.204236031 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.204458952 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.204585075 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.204616070 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.204662085 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.204709053 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.204741001 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.204766989 CEST	50010	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.204781055 CEST	443	50010	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.206433058 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.206999063 CEST	50013	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.207091093 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.207175016 CEST	50013	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.207330942 CEST	50013	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.207369089 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.207469940 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.207528114 CEST	50009	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.207571030 CEST	50009	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.207591057 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.207613945 CEST	50009	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.207626104 CEST	443	50009	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.207962990 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.208151102 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.208210945 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.208241940 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.208266973 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.208314896 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.208342075 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.208358049 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.208370924 CEST	50008	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.208378077 CEST	443	50008	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.209769011 CEST	50014	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.209790945 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.209855080 CEST	50014	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.210016012 CEST	50014	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.210041046 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.210653067 CEST	50015	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.210665941 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.210732937 CEST	50015	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.210855007 CEST	50015	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.210869074 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.214816093 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.214893103 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.214947939 CEST	50011	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.215033054 CEST	50011	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.215038061 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.215050936 CEST	50011	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.215056896 CEST	443	50011	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.217076063 CEST	50016	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.217086077 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.217155933 CEST	50016	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.217314959 CEST	50016	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.217329025 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.822964907 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.823961020 CEST	50013	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.824012995 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.825190067 CEST	50013	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.825197935 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.826064110 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.826631069 CEST	50014	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.826648951 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.827327967 CEST	50014	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.827334881 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.839565039 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.840164900 CEST	50012	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.840226889 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.840492010 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.841485977 CEST	50012	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.841502905 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.841720104 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.841835022 CEST	50016	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.841865063 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.842500925 CEST	50016	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.842510939 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.842904091 CEST	50015	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.842933893 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.843486071 CEST	50015	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.843497038 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.916991949 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.917123079 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.917362928 CEST	50013	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.920317888 CEST	50013	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.920361042 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.920536041 CEST	50013	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.920552015 CEST	443	50013	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.921128988 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.921423912 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.921510935 CEST	50014	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.921519041 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.922166109 CEST	50014	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.922175884 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.922197104 CEST	50014	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.922202110 CEST	443	50014	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.930994034 CEST	50017	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.931025028 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.931129932 CEST	50017	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.931510925 CEST	50017	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.931525946 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.933381081 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.933412075 CEST	443	50018	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.933490992 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.933986902 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.934024096 CEST	443	50018	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.938467979 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.939148903 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.939162016 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.939254045 CEST	50016	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.939496040 CEST	50016	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.939538956 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.939568043 CEST	50016	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.939584017 CEST	443	50016	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.939649105 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.939728975 CEST	50015	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.940685987 CEST	50015	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.940711021 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.940733910 CEST	50015	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.940745115 CEST	443	50015	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.944122076 CEST	50019	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.944174051 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.944257021 CEST	50019	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.945022106 CEST	50019	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.945054054 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.946321011 CEST	50020	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.946382046 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.946453094 CEST	50020	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.946607113 CEST	50020	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.946624994 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.970172882 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.970330000 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.970551014 CEST	50012	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.971558094 CEST	50012	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.971558094 CEST	50012	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.971589088 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.971611977 CEST	443	50012	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.975006104 CEST	50021	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.975070000 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:32.975171089 CEST	50021	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.992877960 CEST	50021	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:32.992918015 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.543847084 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.544509888 CEST	50017	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.544572115 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.545120001 CEST	50017	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.545139074 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.560487986 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.560946941 CEST	50020	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.560971022 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.561475992 CEST	50020	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.561481953 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.570141077 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.570477962 CEST	50019	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.570543051 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.570987940 CEST	50019	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.571002007 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.571677923 CEST	443	50018	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.571990013 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.572015047 CEST	443	50018	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.572438002 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.572448969 CEST	443	50018	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.617439032 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.618103027 CEST	50021	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.618165970 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.618642092 CEST	50021	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.618696928 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.648297071 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.648380041 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.648663044 CEST	50017	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.648907900 CEST	50017	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.648907900 CEST	50017	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.648952007 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.648981094 CEST	443	50017	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.652396917 CEST	50022	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.652484894 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.652827978 CEST	50022	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.652827978 CEST	50022	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.652961969 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.657177925 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.657332897 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.657403946 CEST	50020	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.657557964 CEST	50020	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.657557964 CEST	50020	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.657576084 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.657583952 CEST	443	50020	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.660125971 CEST	50023	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.660149097 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.660219908 CEST	50023	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.660375118 CEST	50023	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.660387993 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.670156956 CEST	443	50018	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.670550108 CEST	443	50018	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.670741081 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.670741081 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.670742035 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.673325062 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.673368931 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.673453093 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.673620939 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.673641920 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.681833982 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.681900978 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.681962013 CEST	50019	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.682157993 CEST	50019	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.682193995 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.682219982 CEST	50019	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.682235003 CEST	443	50019	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.685010910 CEST	50025	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.685048103 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.685128927 CEST	50025	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.685300112 CEST	50025	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.685318947 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.732618093 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.733160019 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.733254910 CEST	50021	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.733340979 CEST	50021	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.733340979 CEST	50021	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.733382940 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.733413935 CEST	443	50021	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.737806082 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.737850904 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.737921953 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.738095999 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.738106966 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:33.976969004 CEST	50018	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:33.977009058 CEST	443	50018	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.273427963 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.277070045 CEST	50023	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.277103901 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.277686119 CEST	50023	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.277693987 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.295325994 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.296125889 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.296885967 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.296902895 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.296911001 CEST	50025	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.296976089 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.297389030 CEST	50025	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.297405005 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.297481060 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.297487974 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.305819988 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.309762001 CEST	50022	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.309839010 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.310348988 CEST	50022	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.310363054 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.351341009 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.352297068 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.352382898 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.352876902 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.352931976 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.370251894 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.370397091 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.370637894 CEST	50023	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.371074915 CEST	50023	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.371074915 CEST	50023	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.371126890 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.371144056 CEST	443	50023	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.374581099 CEST	50027	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.374628067 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.374735117 CEST	50027	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.374922037 CEST	50027	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.374932051 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.390085936 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.390604973 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.390701056 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.390710115 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.390870094 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.390870094 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.390870094 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.393574953 CEST	50028	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.393663883 CEST	443	50028	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.393765926 CEST	50028	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.393925905 CEST	50028	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.393961906 CEST	443	50028	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.394849062 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.395109892 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.395184994 CEST	50025	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.395267963 CEST	50025	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.395267963 CEST	50025	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.395328045 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.395358086 CEST	443	50025	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.397891998 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.397984982 CEST	443	50029	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.398097992 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.398240089 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.398283958 CEST	443	50029	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.410295963 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.410511971 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.410615921 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.410943985 CEST	50022	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.411107063 CEST	50022	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.411107063 CEST	50022	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.411149979 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.411175966 CEST	443	50022	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.413917065 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.414004087 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.414105892 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.414247990 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.414268970 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.446965933 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.447045088 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.447128057 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.447165966 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.447197914 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.447288036 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.447453976 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.447480917 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.447527885 CEST	50026	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.447542906 CEST	443	50026	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.450122118 CEST	50031	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.450206041 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.450484037 CEST	50031	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.450484037 CEST	50031	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.450562954 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:34.695168018 CEST	50024	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:34.695199013 CEST	443	50024	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.651289940 CEST	443	50029	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.653623104 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.653712034 CEST	443	50029	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.658775091 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.658790112 CEST	443	50029	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.663124084 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.663203955 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.663208961 CEST	443	50028	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.664047956 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.664079905 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.665206909 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.666850090 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.666862011 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.669913054 CEST	50028	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.669976950 CEST	443	50028	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.672568083 CEST	50028	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.672585011 CEST	443	50028	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.675462961 CEST	50031	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.675477982 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.678694963 CEST	50031	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.678706884 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.685178041 CEST	50027	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.685185909 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.691519976 CEST	50027	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.691524029 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.750221968 CEST	443	50029	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.750327110 CEST	443	50029	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.750504971 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.750504971 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.750504971 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.752929926 CEST	50032	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.753021002 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.753115892 CEST	50032	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.753221989 CEST	50032	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.753241062 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.760313988 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.760545015 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.760612011 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.760675907 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.760719061 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.760803938 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.760803938 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.760803938 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.762429953 CEST	50033	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.762486935 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.762562990 CEST	50033	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.762660980 CEST	50033	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.762670040 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.766103029 CEST	443	50028	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.766324997 CEST	443	50028	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.766479969 CEST	50028	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.766479969 CEST	50028	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.767335892 CEST	50028	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.767376900 CEST	443	50028	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.768016100 CEST	50034	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.768055916 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.768127918 CEST	50034	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.768234968 CEST	50034	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.768244028 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.775173903 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.775561094 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.775630951 CEST	50031	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.775662899 CEST	50031	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.775681019 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.775705099 CEST	50031	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.775718927 CEST	443	50031	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.777344942 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.777378082 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.777442932 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.777540922 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.777555943 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.783106089 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.783262968 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.783312082 CEST	50027	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.783363104 CEST	50027	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.783375025 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.783392906 CEST	50027	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.783397913 CEST	443	50027	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.785367966 CEST	50036	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.785430908 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:35.785505056 CEST	50036	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.785609961 CEST	50036	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:35.785629988 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.053508043 CEST	50029	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.053580999 CEST	443	50029	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.069132090 CEST	50030	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.069148064 CEST	443	50030	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.376852989 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.377794027 CEST	50033	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.377827883 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.378160000 CEST	50033	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.378189087 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.395081043 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.395421028 CEST	50034	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.395443916 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.395817995 CEST	50034	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.395824909 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.403837919 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.404155016 CEST	50032	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.404201984 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.404524088 CEST	50032	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.404537916 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.410053968 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.410357952 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.410373926 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.410526991 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.410716057 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.410727978 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.410969019 CEST	50036	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.411011934 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.411278009 CEST	50036	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.411292076 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.482764006 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.482824087 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.482884884 CEST	50033	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.482914925 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.483192921 CEST	50033	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.483192921 CEST	50033	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.483205080 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.483234882 CEST	443	50033	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.485698938 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.485795021 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.485892057 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.486016989 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.486044884 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.490154028 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.490303040 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.490375996 CEST	50034	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.490400076 CEST	50034	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.490416050 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.490457058 CEST	50034	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.490463972 CEST	443	50034	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.492358923 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.492381096 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.492459059 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.492587090 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.492613077 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.502819061 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.502873898 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.502933025 CEST	50032	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.503017902 CEST	50032	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.503017902 CEST	50032	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.503057003 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.503078938 CEST	443	50032	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.504810095 CEST	50039	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.504903078 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.504997015 CEST	50039	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.505103111 CEST	50039	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.505135059 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.506712914 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.506772041 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.506825924 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.506848097 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.506938934 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.506972075 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.507013083 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.507329941 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.507432938 CEST	443	50035	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.507489920 CEST	50035	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.507740021 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.507782936 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.507833004 CEST	50036	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.507852077 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.507921934 CEST	50036	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.507949114 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.507981062 CEST	50036	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.508080006 CEST	443	50036	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.508991003 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.509079933 CEST	443	50040	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.509150028 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.509463072 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.509495020 CEST	443	50040	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.509928942 CEST	50041	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.510015965 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:36.510101080 CEST	50041	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.510173082 CEST	50041	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:36.510196924 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.118266106 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.118964911 CEST	50039	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.119025946 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.119316101 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.119359970 CEST	50039	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.119375944 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.119606018 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.119669914 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.119872093 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.119889021 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.128698111 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.128917933 CEST	50041	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.128940105 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.129190922 CEST	50041	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.129196882 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.129714012 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.130047083 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.130111933 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.130209923 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.130233049 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.165157080 CEST	443	50040	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.165716887 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.165780067 CEST	443	50040	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.165941000 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.165957928 CEST	443	50040	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.216248989 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.216295958 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.216417074 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.216514111 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.216586113 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.216672897 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.216674089 CEST	50038	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.216721058 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.216749907 CEST	443	50038	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.219621897 CEST	50042	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.219650030 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.219829082 CEST	50042	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.219965935 CEST	50042	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.219973087 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.223825932 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.223979950 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.224042892 CEST	50041	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.224057913 CEST	50041	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.224065065 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.224073887 CEST	50041	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.224076986 CEST	443	50041	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.226084948 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.226175070 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.226265907 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.226392984 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.226413012 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.226826906 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.226876020 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.226939917 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.227004051 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.227040052 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.227094889 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.227144957 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.227144957 CEST	50037	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.227178097 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.227200985 CEST	443	50037	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.228923082 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.228969097 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.229048014 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.229156017 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.229172945 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.231858015 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.231914043 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.231992960 CEST	50039	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.232101917 CEST	50039	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.232101917 CEST	50039	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.232134104 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.232158899 CEST	443	50039	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.233825922 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.233850956 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.233918905 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.234031916 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.234040022 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.269006968 CEST	443	50040	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.269527912 CEST	443	50040	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.269730091 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.269730091 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.269730091 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.271310091 CEST	50046	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.271322012 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.271388054 CEST	50046	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.271481037 CEST	50046	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.271486044 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.570292950 CEST	50040	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.570327997 CEST	443	50040	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.834934950 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.836865902 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.837265968 CEST	50042	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.837342978 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.838088036 CEST	50042	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.838103056 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.838613987 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.838656902 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.839395046 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.839407921 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.839849949 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.840295076 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.840307951 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.840868950 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.840876102 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.877948999 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.878386021 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.878391981 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.878947973 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.878951073 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.887804031 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.888087988 CEST	50046	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.888098001 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.888701916 CEST	50046	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.888705969 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.934369087 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.934429884 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.934528112 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.934566975 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.934916019 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.934958935 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.934977055 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.935123920 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.937498093 CEST	50042	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.945590973 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.945667028 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.945804119 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.945810080 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.946096897 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.950285912 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.950285912 CEST	50043	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.950330019 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.950349092 CEST	443	50043	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.951543093 CEST	50042	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.951544046 CEST	50042	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.951617002 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.951653957 CEST	443	50042	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.952172995 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.952172995 CEST	50044	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.952184916 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.952192068 CEST	443	50044	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.955482960 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.955513954 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.955523968 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.955595016 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.955672979 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.955799103 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.955804110 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.955806971 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.955881119 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.955895901 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.956001997 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.956068993 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.956136942 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.956199884 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.956217051 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.977428913 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.977471113 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.977492094 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.977570057 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.977581978 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.977740049 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.980864048 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.980922937 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.981040955 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.981101036 CEST	50046	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.987983942 CEST	50046	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.988003969 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:37.988018036 CEST	50046	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:37.988024950 CEST	443	50046	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.014854908 CEST	50050	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.014955997 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.015062094 CEST	50050	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.015206099 CEST	50050	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.015234947 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.057306051 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.057387114 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.057399035 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.057441950 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.057487011 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.090428114 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.090445042 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.090457916 CEST	50045	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.090466022 CEST	443	50045	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.126185894 CEST	50051	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.126235008 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.126321077 CEST	50051	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.140070915 CEST	50051	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.140101910 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.574471951 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.575426102 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.575454950 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.575900078 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.575906992 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.597443104 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.597942114 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.597991943 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.598577976 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.598592043 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.606568098 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.607023954 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.607083082 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.607361078 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.607374907 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.675820112 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.675890923 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.675935030 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.676034927 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.676049948 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.676088095 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.676202059 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.679022074 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.679471016 CEST	50050	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.679549932 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.680015087 CEST	50050	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.680027962 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.691987038 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.692044973 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.692135096 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.692173004 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.692224026 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.692290068 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.692450047 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.692450047 CEST	50048	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.692485094 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.692507029 CEST	443	50048	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.695822954 CEST	50052	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.695875883 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.695964098 CEST	50052	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.696115971 CEST	50052	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.696125984 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.710526943 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.710587978 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.710686922 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.710706949 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.710776091 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.710860014 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.710897923 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.710905075 CEST	50049	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.710921049 CEST	443	50049	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.713351011 CEST	50053	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.713439941 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.713519096 CEST	50053	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.713624001 CEST	50053	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.713648081 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.753336906 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.753879070 CEST	50051	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.753911972 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.754170895 CEST	50051	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.754183054 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.757155895 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.757230043 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.757327080 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.757343054 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.757400990 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.757404089 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.757404089 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.757457018 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.757457018 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.757457018 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.757477045 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.760176897 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.760236979 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.760319948 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.760490894 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.760514021 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.780973911 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.781838894 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.781920910 CEST	50050	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.781997919 CEST	50050	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.781999111 CEST	50050	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.782040119 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.782066107 CEST	443	50050	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.783842087 CEST	50055	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.783859015 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.783931017 CEST	50055	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.784154892 CEST	50055	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.784172058 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.850330114 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.850406885 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.850625038 CEST	50051	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.850742102 CEST	50051	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.850765944 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.850790977 CEST	50051	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.850805998 CEST	443	50051	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.853595018 CEST	50056	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.853621960 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:38.853693962 CEST	50056	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.853799105 CEST	50056	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:38.853807926 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:39.071410894 CEST	50047	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:39.071434975 CEST	443	50047	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.252316952 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.252890110 CEST	50053	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.252957106 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.253365993 CEST	50053	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.253380060 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.334041119 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.334209919 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.334366083 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.334911108 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.334922075 CEST	50052	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.334940910 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.334969044 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.335063934 CEST	50055	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.335074902 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.335438967 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.335448980 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.335499048 CEST	50055	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.335505962 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.335726976 CEST	50052	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.335732937 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.337641001 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.337945938 CEST	50056	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.337958097 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.338223934 CEST	50056	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.338227987 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.350656033 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.350819111 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.350994110 CEST	50053	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.351229906 CEST	50053	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.351278067 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.351310015 CEST	50053	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.351325989 CEST	443	50053	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.354249001 CEST	50057	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.354288101 CEST	443	50057	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.354372025 CEST	50057	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.354595900 CEST	50057	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.354614019 CEST	443	50057	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.430097103 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.430165052 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.430282116 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.430310965 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.430378914 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.430418968 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.430418968 CEST	50054	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.430448055 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.430469990 CEST	443	50054	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.431010008 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.431170940 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.431237936 CEST	50055	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.431279898 CEST	50055	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.431303978 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.431320906 CEST	50055	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.431329012 CEST	443	50055	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.432272911 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.432298899 CEST	443	50058	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.432573080 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.432573080 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.432602882 CEST	443	50058	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.434779882 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.435950994 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.436016083 CEST	50052	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.436053991 CEST	50052	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.436053991 CEST	50052	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.436060905 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.436070919 CEST	443	50052	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.439158916 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.439208984 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.439254999 CEST	50056	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.439333916 CEST	50056	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.439342022 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.439351082 CEST	50056	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.439354897 CEST	443	50056	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.968003035 CEST	443	50057	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.968570948 CEST	50057	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.968585014 CEST	443	50057	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:40.969326019 CEST	50057	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:40.969332933 CEST	443	50057	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.063049078 CEST	443	50057	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.063888073 CEST	443	50057	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.064187050 CEST	50057	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.064187050 CEST	50057	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.065340042 CEST	50057	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.065356970 CEST	443	50057	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.083492041 CEST	443	50058	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.083976984 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.083992004 CEST	443	50058	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.084733009 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.084737062 CEST	443	50058	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.185035944 CEST	443	50058	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.185197115 CEST	443	50058	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:41.185487986 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.185487986 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.185487986 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.491238117 CEST	50058	443	192.168.2.4	13.107.246.44
Oct 7, 2024 14:39:41.491259098 CEST	443	50058	13.107.246.44	192.168.2.4
Oct 7, 2024 14:39:43.870871067 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:43.870970964 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:43.871062040 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:43.871402025 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:43.871426105 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:43.977119923 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:43.977157116 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:43.977356911 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:43.977487087 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:43.977497101 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.482517004 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.482840061 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.482923031 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.483428955 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.483731985 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.483819962 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.483901978 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.483954906 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.483968019 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.585011959 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.585300922 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.585331917 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.585846901 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.586134911 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.586216927 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.586262941 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.586280107 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.586294889 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.746949911 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.747288942 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.747360945 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.747647047 CEST	50059	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.747692108 CEST	443	50059	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.849407911 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.849577904 CEST	443	50060	216.58.206.46	192.168.2.4
Oct 7, 2024 14:39:44.849656105 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.850553036 CEST	50060	443	192.168.2.4	216.58.206.46
Oct 7, 2024 14:39:44.850570917 CEST	443	50060	216.58.206.46	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 14:38:00.331633091 CEST	53350	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:00.331878901 CEST	62079	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:00.340226889 CEST	53	53350	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:00.340271950 CEST	53	62079	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:00.365885019 CEST	53	64440	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:00.395884991 CEST	53	62211	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:01.537914038 CEST	52757	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:01.538151979 CEST	61005	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:01.545488119 CEST	53	52757	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:01.545876980 CEST	53	61005	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:01.601438046 CEST	53	60384	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:04.648214102 CEST	64228	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:04.648365974 CEST	64161	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:04.655524969 CEST	53	64228	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:04.655555010 CEST	53	64161	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:06.723613977 CEST	53	49348	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:09.346317053 CEST	51100	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:09.346466064 CEST	58744	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:09.353507042 CEST	53	51100	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:09.354383945 CEST	53	58744	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:10.369353056 CEST	58567	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:10.369708061 CEST	64362	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:38:10.376518011 CEST	53	64362	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:10.376796961 CEST	53	58567	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:13.192550898 CEST	53	57768	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:18.544858932 CEST	138	138	192.168.2.4	192.168.2.255
Oct 7, 2024 14:38:18.561418056 CEST	53	52973	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:37.363662004 CEST	53	65188	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:59.905855894 CEST	53	61583	1.1.1.1	192.168.2.4
Oct 7, 2024 14:38:59.970191956 CEST	53	53407	1.1.1.1	192.168.2.4
Oct 7, 2024 14:39:04.700330973 CEST	50540	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:39:04.700489044 CEST	58093	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:39:04.707784891 CEST	53	58093	1.1.1.1	192.168.2.4
Oct 7, 2024 14:39:04.708430052 CEST	53	50540	1.1.1.1	192.168.2.4
Oct 7, 2024 14:39:08.507308960 CEST	53	53470	1.1.1.1	192.168.2.4
Oct 7, 2024 14:39:13.612190962 CEST	52572	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:39:13.612610102 CEST	63787	53	192.168.2.4	1.1.1.1
Oct 7, 2024 14:39:13.619075060 CEST	53	52572	1.1.1.1	192.168.2.4
Oct 7, 2024 14:39:13.619580030 CEST	53	63787	1.1.1.1	192.168.2.4
Oct 7, 2024 14:39:28.402537107 CEST	53	51990	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 14:38:00.331633091 CEST	192.168.2.4	1.1.1.1	0xb4a8	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:00.331878901 CEST	192.168.2.4	1.1.1.1	0x8038	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 14:38:01.537914038 CEST	192.168.2.4	1.1.1.1	0x9477	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.538151979 CEST	192.168.2.4	1.1.1.1	0xfa3e	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 14:38:04.648214102 CEST	192.168.2.4	1.1.1.1	0x4571	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:04.648365974 CEST	192.168.2.4	1.1.1.1	0xb25d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 14:38:09.346317053 CEST	192.168.2.4	1.1.1.1	0x6692	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:09.346466064 CEST	192.168.2.4	1.1.1.1	0x927c	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 14:38:10.369353056 CEST	192.168.2.4	1.1.1.1	0x9f22	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:10.369708061 CEST	192.168.2.4	1.1.1.1	0xe2b6	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 14:39:04.700330973 CEST	192.168.2.4	1.1.1.1	0x7d66	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:39:04.700489044 CEST	192.168.2.4	1.1.1.1	0xe459	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 14:39:13.612190962 CEST	192.168.2.4	1.1.1.1	0xacdf	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:39:13.612610102 CEST	192.168.2.4	1.1.1.1	0x9613	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 14:38:00.340226889 CEST	1.1.1.1	192.168.2.4	0xb4a8	No error (0)	youtube.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:00.340271950 CEST	1.1.1.1	192.168.2.4	0x8038	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545488119 CEST	1.1.1.1	192.168.2.4	0x9477	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545876980 CEST	1.1.1.1	192.168.2.4	0xfa3e	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 14:38:01.545876980 CEST	1.1.1.1	192.168.2.4	0xfa3e	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 14:38:04.655524969 CEST	1.1.1.1	192.168.2.4	0x4571	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:04.655555010 CEST	1.1.1.1	192.168.2.4	0xb25d	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 14:38:09.353507042 CEST	1.1.1.1	192.168.2.4	0x6692	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 14:38:09.353507042 CEST	1.1.1.1	192.168.2.4	0x6692	No error (0)	www3.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:38:09.354383945 CEST	1.1.1.1	192.168.2.4	0x927c	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 14:38:10.376796961 CEST	1.1.1.1	192.168.2.4	0x9f22	No error (0)	play.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:39:04.707784891 CEST	1.1.1.1	192.168.2.4	0xe459	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 14:39:04.708430052 CEST	1.1.1.1	192.168.2.4	0x7d66	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Oct 7, 2024 14:39:13.619075060 CEST	1.1.1.1	192.168.2.4	0xacdf	No error (0)	play.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

accounts.youtube.com

play.google.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	172.217.16.142	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:01 UTC	851	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 12:38:01 UTC	1704	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 12:38:01 GMT Date: Mon, 07 Oct 2024 12:38:01 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: require-trusted-types-for 'script' Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	216.58.212.174	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:02 UTC	869	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 12:38:02 UTC	2634	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 12:38:02 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Content-Security-Policy: require-trusted-types-for 'script' P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 13:08:02 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=rXUGpDLoLPg; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=Uif7pgb-0rU; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 12:38:02 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgNQ%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 12:38:02 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:06 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 12:38:06 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=187656 Date: Mon, 07 Oct 2024 12:38:06 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:07 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 12:38:07 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=187591 Date: Mon, 07 Oct 2024 12:38:07 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 12:38:07 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49757	216.58.206.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:10 UTC	1216	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2119833331&timestamp=1728304688519 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 12:38:10 UTC	1967	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: script-src 'report-sample' 'nonce-DfVLWkec-sbF8xaVGgHCCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 12:38:10 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmJw0pBikPj6kkkNiJ3SZ7AGAHHSv_OsBUB8ufsS63UgVu25xGoMxEUSV1gbgFiIm2PTmv4dbAITnsxNVtJLyi-Mz0xJzSvJLKlMyc9NzMxLzs_PzkwtLk4tKkstijcyMDIxsDSy1DOwiC8wAACWdyy-" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 44 66 56 4c 57 6b 65 63 2d 73 62 46 38 78 61 56 47 67 48 43 43 77 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 761c<html><head><script nonce="DfVLWkec-sbF8xaVGgHCCw">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c Data Ascii: =/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 Data Ascii: {switch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b Data Ascii: ion(a){var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 0a 47 28 22 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f Data Ascii: G("Symbol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="functio
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 Data Ascii: th.random();e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);i
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 63 74 69 6f 6e 28 67 29 7b 72 65 74 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 Data Ascii: ction(g){return g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="functi
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 2e 69 73 4e 61 4e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 Data Ascii: .isNaN",function(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Ma
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e Data Ascii: sure__error__context__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=fun
2024-10-07 12:38:10 UTC	1967	IN	Data Raw: 74 72 69 6e 67 22 3a 62 72 65 61 6b 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b Data Ascii: tring":break;case "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49760	142.250.185.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:11 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 12:38:11 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:38:11 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49761	142.250.185.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:11 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 12:38:11 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:38:11 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49763	142.250.185.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:11 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 518 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 12:38:11 UTC	518	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 30 34 36 38 39 35 34 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728304689545",null,null,null
2024-10-07 12:38:12 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=Buj7pdbmH3gtP_VSOQaST253juyZYvq7XvL3sCVyXmThoz0YoOojOE2FVJS47TYeaLPv9DNi1zG1C6M7R2Rm0Cp-T8H8OEcIZCsiNNkJ5RqiZE0CZcyohixTVkzXIx3y7KePCOWuTuEfLxIsNeH9mH56nBVJ0Op4wKzo6_D5d7RM_h6voK0; expires=Tue, 08-Apr-2025 12:38:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:38:12 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 12:38:12 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 12:38:12 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 12:38:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49764	142.250.185.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:12 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 12:38:12 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 30 34 36 38 39 36 34 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728304689644",null,null,null
2024-10-07 12:38:12 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=occg9Id1LRV6x8Y1sEdchgLdPtGBI4aIG9M2ApW63bCdDmgYfseUXxqm0rl04MTbvafJLABSEv5NgPxr8NP1r3UXRM_v_2L1Nwx7Z3BLWAad4x3ByhNUeC6oKV9j1wWnPGbNAPnX26XubqBF7WpSihMwIWFCUce0kxt8A9MLR_tc92eL1g; expires=Tue, 08-Apr-2025 12:38:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:38:12 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 12:38:12 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 12:38:12 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 12:38:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49741	142.250.186.68	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:12 UTC	1213	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=occg9Id1LRV6x8Y1sEdchgLdPtGBI4aIG9M2ApW63bCdDmgYfseUXxqm0rl04MTbvafJLABSEv5NgPxr8NP1r3UXRM_v_2L1Nwx7Z3BLWAad4x3ByhNUeC6oKV9j1wWnPGbNAPnX26XubqBF7WpSihMwIWFCUce0kxt8A9MLR_tc92eL1g
2024-10-07 12:38:12 UTC	706	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 09:23:58 GMT Expires: Tue, 15 Oct 2024 09:23:58 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 11654 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 12:38:12 UTC	684	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 12:38:12 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
2024-10-07 12:38:12 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 12:38:12 UTC	1390	IN	Data Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBBF!4I
2024-10-07 12:38:12 UTC	576	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49771	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:15 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=f8Engmu88wMWk67&MD=ZL81AYdH HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 12:38:15 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0ade860e-04e6-474d-9da9-ca0888b27fdd MS-RequestId: 30070a36-13cd-4776-89e6-73a58207b035 MS-CV: Gmft2HGg2kqQjh9f.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 12:38:14 GMT Connection: close Content-Length: 24490
2024-10-07 12:38:15 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 12:38:15 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49780	142.250.185.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:19 UTC	1298	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1215 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=occg9Id1LRV6x8Y1sEdchgLdPtGBI4aIG9M2ApW63bCdDmgYfseUXxqm0rl04MTbvafJLABSEv5NgPxr8NP1r3UXRM_v_2L1Nwx7Z3BLWAad4x3ByhNUeC6oKV9j1wWnPGbNAPnX26XubqBF7WpSihMwIWFCUce0kxt8A9MLR_tc92eL1g
2024-10-07 12:38:19 UTC	1215	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 33 30 34 36 38 37 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728304687000",null,null,null,
2024-10-07 12:38:19 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=cM587zGQXjyil_XaCFl6M6YUcC1uqQ20qyAVa1uZHGscS50B5sfvr1Qfl0FJrAdGmgi7FDME3sZOs5pchYioHLf8vbIRuYCjcd85BVYrIiSWo74GQFIPmCgsg8jBSYMt12ErsshldfUSpz65VlT9MRTUGKSceIaT1PqI2H1KrrZWPnR4RRToLmEsJg; expires=Tue, 08-Apr-2025 12:38:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:38:19 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 12:38:19 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 12:38:19 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 12:38:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49781	142.250.185.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:42 UTC	1289	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1067 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cM587zGQXjyil_XaCFl6M6YUcC1uqQ20qyAVa1uZHGscS50B5sfvr1Qfl0FJrAdGmgi7FDME3sZOs5pchYioHLf8vbIRuYCjcd85BVYrIiSWo74GQFIPmCgsg8jBSYMt12ErsshldfUSpz65VlT9MRTUGKSceIaT1PqI2H1KrrZWPnR4RRToLmEsJg
2024-10-07 12:38:42 UTC	1067	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-10-07 12:38:42 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:38:42 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 12:38:42 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 12:38:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49782	142.250.185.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:43 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1285 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cM587zGQXjyil_XaCFl6M6YUcC1uqQ20qyAVa1uZHGscS50B5sfvr1Qfl0FJrAdGmgi7FDME3sZOs5pchYioHLf8vbIRuYCjcd85BVYrIiSWo74GQFIPmCgsg8jBSYMt12ErsshldfUSpz65VlT9MRTUGKSceIaT1PqI2H1KrrZWPnR4RRToLmEsJg
2024-10-07 12:38:43 UTC	1285	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 30 34 37 32 32 30 39 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728304722093",null,null,null
2024-10-07 12:38:43 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:38:43 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 12:38:43 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 12:38:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49783	142.250.185.78	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:44 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1390 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cM587zGQXjyil_XaCFl6M6YUcC1uqQ20qyAVa1uZHGscS50B5sfvr1Qfl0FJrAdGmgi7FDME3sZOs5pchYioHLf8vbIRuYCjcd85BVYrIiSWo74GQFIPmCgsg8jBSYMt12ErsshldfUSpz65VlT9MRTUGKSceIaT1PqI2H1KrrZWPnR4RRToLmEsJg
2024-10-07 12:38:44 UTC	1390	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 30 34 37 32 32 36 32 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728304722620",null,null,null
2024-10-07 12:38:44 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:38:44 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 12:38:44 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 12:38:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49784	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:53 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=f8Engmu88wMWk67&MD=ZL81AYdH HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 12:38:53 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 46eff020-1e07-45c3-8634-1f694ba825e4 MS-RequestId: 93fd8f78-e505-4059-bf83-fcad8457c25f MS-CV: VaXuYwDe+USjrsRU.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 12:38:52 GMT Connection: close Content-Length: 30005
2024-10-07 12:38:53 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-07 12:38:53 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49785	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:55 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:55 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:55 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 04 Oct 2024 23:21:50 GMT ETag: "0x8DCE4CB535A72FA" x-ms-request-id: 4dad204e-401e-005b-4bf5-169c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123855Z-1657d5bbd48dfrdj7px744zp8s000000038000000000bkpt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:55 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 12:38:55 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49786	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:56 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:56 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123856Z-1657d5bbd48dfrdj7px744zp8s000000037000000000dabp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:56 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49789	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:56 UTC	192	OUT	GET /rules/rule120100v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:56 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:56 GMT Content-Type: text/xml Content-Length: 1000 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB097AFC9" x-ms-request-id: a79f927d-a01e-0098-24c9-168556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123856Z-1657d5bbd48sdh4cyzadbb3748000000038000000000h0rz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:56 UTC	1000	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 31 30 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 52 65 73 75 6d 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 33 22 20 49 3d 22 33 30 73 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 35 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120100" V="3" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <A T="2" E="TelemetryResume" /> <TI T="3" I="30s" /> <R T="4" R="120100" /> <TH T="5">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49788	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:56 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:56 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123856Z-1657d5bbd48sdh4cyzadbb3748000000036g00000000mwap x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:56 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49787	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:56 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:56 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123856Z-1657d5bbd48sqtlf1huhzuwq70000000036000000000epku x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:56 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49790	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:56 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:56 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:56 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c59bb0f9-701e-0097-2d01-17b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123856Z-1657d5bbd48xlwdx82gahegw4000000003m000000000mypc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:56 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49792	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:56 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48xsz2nuzq4vfrzg8000000038g00000000mu5r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49791	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:56 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b27588a3-a01e-003d-6001-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48xdq5dkwwugdpzr000000003w000000000556h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49793	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:56 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48sqtlf1huhzuwq70000000037000000000c4pp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49794	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:57 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48t66tjar5xuq22r800000003e000000000e6w8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49795	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:57 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48sqtlf1huhzuwq70000000038000000000a17w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49798	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:57 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48q6t9vvmrkd293mg00000003cg00000000h7x9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49797	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:57 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd482lxwq1dp2t1zwkc000000037g00000000cb3q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49796	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:57 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48tqvfc1ysmtbdrg0000000037000000000q1w0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49799	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:57 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48t66tjar5xuq22r800000003h00000000067w3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:57 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49800	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:57 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:57 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123857Z-1657d5bbd48xlwdx82gahegw4000000003r0000000009q7h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:58 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49801	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:58 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:58 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123858Z-1657d5bbd48vhs7r2p1ky7cs5w00000003ug000000009tyu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:58 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49804	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:58 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:58 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123858Z-1657d5bbd48tqvfc1ysmtbdrg000000003d00000000073a1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:58 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49802	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:58 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:58 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123858Z-1657d5bbd48xdq5dkwwugdpzr000000003pg00000000qmpz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:58 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49803	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:58 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:58 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123858Z-1657d5bbd482tlqpvyz9e93p5400000003n0000000007hb2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:58 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49805	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:58 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:58 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123858Z-1657d5bbd48762wn1qw4s5sd30000000039000000000m0dw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:58 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49806	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:59 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:59 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123859Z-1657d5bbd48tqvfc1ysmtbdrg000000003a000000000fbd9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:59 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49807	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:59 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:59 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123859Z-1657d5bbd48brl8we3nu8cxwgn00000003x00000000017z7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:59 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49809	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:59 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:59 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123859Z-1657d5bbd48tnj6wmberkg2xy800000003mg000000008usp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:59 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49808	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:59 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:59 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123859Z-1657d5bbd48wd55zet5pcra0cg00000003ag00000000nqz5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:59 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49810	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:38:59 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:38:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:38:59 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123859Z-1657d5bbd48t66tjar5xuq22r800000003e000000000e6zv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:38:59 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49811	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:00 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:00 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123900Z-1657d5bbd48762wn1qw4s5sd30000000038g00000000n47b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:00 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49812	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:00 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:00 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123900Z-1657d5bbd48tnj6wmberkg2xy800000003mg000000008uu3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:00 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49814	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:00 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:00 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123900Z-1657d5bbd48gqrfwecymhhbfm8000000028g00000000f60y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49813	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:00 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:00 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123900Z-1657d5bbd48xsz2nuzq4vfrzg800000003b000000000dvgw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49815	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:00 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:00 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123900Z-1657d5bbd487nf59mzf5b3gk8n000000033000000000d3h7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:00 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49818	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 10df1352-f01e-00aa-105a-178521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd48lknvp09v995n7900000000370000000002a4s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:01 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49817	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 7c825ef0-601e-0001-5f02-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd48xsz2nuzq4vfrzg800000003d0000000007sfr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:01 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49820	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd482krtfgrg72dfbtn00000003b00000000011y6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:01 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49819	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd48f7nlxc7n5fnfzh0000000031g00000000k572 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:01 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49821	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 92e59db7-001e-002b-6700-1799f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd48xlwdx82gahegw4000000003sg000000003syz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49825	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd48xlwdx82gahegw4000000003k000000000q1t9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:02 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49822	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd48q6t9vvmrkd293mg00000003bg00000000m2uf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:02 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49824	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd48cpbzgkvtewk0wu000000003f000000000n4sa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:02 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49823	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:01 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:01 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123901Z-1657d5bbd48vhs7r2p1ky7cs5w00000003u000000000bb8t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:02 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49826	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:02 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:02 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 53f69819-801e-0048-7802-17f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123902Z-1657d5bbd48tnj6wmberkg2xy800000003g000000000m9tg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:02 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49829	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:02 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:02 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123902Z-1657d5bbd48dfrdj7px744zp8s000000038g000000009zgb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:02 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49828	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:02 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:02 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 7709e3c3-b01e-0097-5e02-174f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123902Z-1657d5bbd48xdq5dkwwugdpzr000000003q000000000pq6t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:02 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49827	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:02 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:02 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 1be548a6-001e-00a2-4166-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123902Z-1657d5bbd48sqtlf1huhzuwq70000000034000000000n3cp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:02 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49832	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:03 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:03 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123903Z-1657d5bbd487nf59mzf5b3gk8n000000032g00000000e806 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:03 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49833	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:03 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:03 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123903Z-1657d5bbd48sdh4cyzadbb3748000000037000000000nfan x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:03 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49834	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:03 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:03 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 04801829-801e-00ac-6301-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123903Z-1657d5bbd48t66tjar5xuq22r800000003e000000000e75s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:03 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49835	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:04 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:04 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123904Z-1657d5bbd48gqrfwecymhhbfm8000000026000000000ncbk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:04 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49836	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:04 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:04 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123904Z-1657d5bbd48xlwdx82gahegw4000000003n000000000hmdy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:04 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49837	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:04 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123904Z-1657d5bbd48762wn1qw4s5sd30000000039g00000000gtzh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49830	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:04 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:04 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5e879109-c01e-00a2-3e73-172327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123904Z-1657d5bbd48lknvp09v995n790000000036g0000000049hk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:04 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49831	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:04 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:04 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123904Z-1657d5bbd48lknvp09v995n7900000000360000000005ymu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:04 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49838	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:04 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123904Z-1657d5bbd48vhs7r2p1ky7cs5w00000003tg00000000cuh0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49839	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:05 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:05 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 27cd2a1a-001e-0046-1b08-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123905Z-1657d5bbd48wd55zet5pcra0cg00000003bg00000000m026 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:05 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49840	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:05 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:05 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 46a5aa72-701e-0032-6004-17a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123905Z-1657d5bbd48vlsxxpe15ac3q7n00000003fg000000009u5b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:05 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49842	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:05 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:05 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123905Z-1657d5bbd48tqvfc1ysmtbdrg000000003dg000000005uyd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:05 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49841	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:05 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123905Z-1657d5bbd48wd55zet5pcra0cg00000003ag00000000nrqu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49844	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:05 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:05 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123905Z-1657d5bbd48tnj6wmberkg2xy800000003eg00000000p36b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:05 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49846	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:05 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:07 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123907Z-1657d5bbd487nf59mzf5b3gk8n000000037g000000000qqa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:07 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49845	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:05 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:05 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123905Z-1657d5bbd48vlsxxpe15ac3q7n00000003fg000000009u7q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:05 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49847	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:06 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:06 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123906Z-1657d5bbd48dfrdj7px744zp8s000000033g00000000nw8p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:06 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49848	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:06 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:06 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123906Z-1657d5bbd48tqvfc1ysmtbdrg000000003b000000000d1qt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:06 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49849	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:06 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:06 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123906Z-1657d5bbd48xsz2nuzq4vfrzg800000003bg00000000bb1f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:06 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49850	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:06 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:06 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123906Z-1657d5bbd48sdh4cyzadbb3748000000036g00000000mwyp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:06 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49851	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:06 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:06 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123906Z-1657d5bbd48xdq5dkwwugdpzr000000003tg00000000dbsx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:06 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49852	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:06 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:06 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123906Z-1657d5bbd48762wn1qw4s5sd30000000039g00000000gu3x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:06 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49853	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:07 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:07 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123907Z-1657d5bbd48sdh4cyzadbb374800000003dg000000002zvz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:07 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49854	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:07 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:07 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123907Z-1657d5bbd48xlwdx82gahegw4000000003kg00000000pkfa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:07 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49855	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:07 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:07 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 360ff137-701e-0098-1c78-18395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123907Z-1657d5bbd48hzllksrq1r6zsvs00000000m000000000frby x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:07 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49856	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:07 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:07 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123907Z-1657d5bbd48lknvp09v995n790000000034000000000cbug x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:07 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49857	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:07 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:07 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123907Z-1657d5bbd48xdq5dkwwugdpzr000000003s000000000gtq7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:07 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49858	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:07 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:07 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123907Z-1657d5bbd48sqtlf1huhzuwq70000000034g00000000kuq6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:08 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49859	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:08 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: f196d52c-b01e-0002-1604-171b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123908Z-1657d5bbd48t66tjar5xuq22r800000003eg00000000dhrp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49860	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:08 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123908Z-1657d5bbd482lxwq1dp2t1zwkc000000034000000000npcx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49861	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:08 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:08 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123908Z-1657d5bbd48sdh4cyzadbb374800000003c0000000008u4g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:08 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49862	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:08 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123908Z-1657d5bbd48tnj6wmberkg2xy800000003eg00000000p3dx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49863	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:08 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:08 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123908Z-1657d5bbd48q6t9vvmrkd293mg00000003g00000000098pc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:08 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49864	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:08 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:08 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123908Z-1657d5bbd48tqvfc1ysmtbdrg000000003c0000000009uae x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:08 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49865	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:08 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:08 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123908Z-1657d5bbd48t66tjar5xuq22r800000003d000000000h8pq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:09 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49867	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:09 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:09 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123909Z-1657d5bbd48vhs7r2p1ky7cs5w00000003w00000000057de x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:09 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49868	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:09 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:09 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123909Z-1657d5bbd48sdh4cyzadbb3748000000038000000000h1e9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:09 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49869	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:09 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:09 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123909Z-1657d5bbd487nf59mzf5b3gk8n000000031000000000hs0q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:09 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49870	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:09 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:09 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123909Z-1657d5bbd48xdq5dkwwugdpzr000000003rg00000000k0a8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:09 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49871	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:09 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:09 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: fe430463-401e-0047-1f75-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123909Z-1657d5bbd48jwrqbupe3ktsx9w00000003kg00000000p3pm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:09 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49872	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:10 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:10 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123910Z-1657d5bbd48sdh4cyzadbb374800000003cg000000006ydt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:10 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49873	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:10 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:10 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123910Z-1657d5bbd48vhs7r2p1ky7cs5w00000003pg00000000p8ax x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:10 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49875	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:10 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:10 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123910Z-1657d5bbd48tqvfc1ysmtbdrg000000003a000000000fcns x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:10 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49874	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:10 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:10 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123910Z-1657d5bbd48xdq5dkwwugdpzr000000003sg00000000g0q9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:10 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49876	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:10 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:10 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123910Z-1657d5bbd48wd55zet5pcra0cg00000003cg00000000gnnp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:10 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49877	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:11 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:11 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123911Z-1657d5bbd487nf59mzf5b3gk8n000000033000000000d422 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:11 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49878	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:11 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:11 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: b6c21a8e-c01e-008e-115a-177381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123911Z-1657d5bbd48f7nlxc7n5fnfzh0000000031g00000000k5yw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:11 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49880	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:11 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:11 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123911Z-1657d5bbd48jwrqbupe3ktsx9w00000003rg000000009528 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:11 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49879	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:11 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:11 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 76165599-601e-000d-1a02-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123911Z-1657d5bbd48xlwdx82gahegw4000000003hg00000000qr5s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:11 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49881	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:11 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:11 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123911Z-1657d5bbd48762wn1qw4s5sd30000000037000000000rmfe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:11 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49885	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:12 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:12 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123912Z-1657d5bbd48f7nlxc7n5fnfzh0000000033000000000f03g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:12 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49883	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:12 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:12 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123912Z-1657d5bbd482tlqpvyz9e93p5400000003p00000000043qu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:12 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49884	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:12 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:12 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 3a04fc40-501e-007b-3b73-175ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123912Z-1657d5bbd48f7nlxc7n5fnfzh0000000034g00000000bvs0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:12 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49887	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:12 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:12 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123912Z-1657d5bbd48vhs7r2p1ky7cs5w00000003w00000000057mu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:12 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49888	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:12 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:12 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123912Z-1657d5bbd48q6t9vvmrkd293mg00000003k000000000259z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:12 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49889	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:12 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:12 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123912Z-1657d5bbd48xdq5dkwwugdpzr000000003pg00000000qnpx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:12 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49890	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:12 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:12 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fcca05a5-501e-00a0-3202-179d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123912Z-1657d5bbd48jwrqbupe3ktsx9w00000003rg00000000958n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:12 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49891	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:12 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:12 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 31868579-401e-008c-0af2-1686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123912Z-1657d5bbd48762wn1qw4s5sd3000000003bg00000000c14y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:13 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49892	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:13 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:13 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: fbb49b00-e01e-00aa-4806-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123913Z-1657d5bbd48xlwdx82gahegw4000000003r0000000009rkh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:13 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49893	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:13 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:13 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123913Z-1657d5bbd48vhs7r2p1ky7cs5w00000003x0000000001be7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:13 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49894	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:13 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:13 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123913Z-1657d5bbd48tnj6wmberkg2xy800000003eg00000000p3ve x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:13 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49895	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:13 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:13 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: d710be77-701e-000d-0aa0-186de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123913Z-1657d5bbd48hzllksrq1r6zsvs00000000n000000000gn0g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:13 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	49896	216.58.206.46	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:14 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1246 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cM587zGQXjyil_XaCFl6M6YUcC1uqQ20qyAVa1uZHGscS50B5sfvr1Qfl0FJrAdGmgi7FDME3sZOs5pchYioHLf8vbIRuYCjcd85BVYrIiSWo74GQFIPmCgsg8jBSYMt12ErsshldfUSpz65VlT9MRTUGKSceIaT1PqI2H1KrrZWPnR4RRToLmEsJg
2024-10-07 12:39:14 UTC	1246	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 30 34 37 35 32 37 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728304752787",null,null,null
2024-10-07 12:39:14 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:39:14 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 12:39:14 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 12:39:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	49897	216.58.206.46	443	1880	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:14 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1254 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=cM587zGQXjyil_XaCFl6M6YUcC1uqQ20qyAVa1uZHGscS50B5sfvr1Qfl0FJrAdGmgi7FDME3sZOs5pchYioHLf8vbIRuYCjcd85BVYrIiSWo74GQFIPmCgsg8jBSYMt12ErsshldfUSpz65VlT9MRTUGKSceIaT1PqI2H1KrrZWPnR4RRToLmEsJg
2024-10-07 12:39:14 UTC	1254	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 33 30 34 37 35 32 37 39 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728304752798",null,null,null
2024-10-07 12:39:14 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 12:39:14 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 12:39:14 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 12:39:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49900	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:14 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:14 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 6d2b2f65-e01e-0099-735a-17da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123914Z-1657d5bbd48sqtlf1huhzuwq70000000033000000000r9vv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:14 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49898	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:14 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:14 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123914Z-1657d5bbd48xdq5dkwwugdpzr000000003x0000000000vym x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:14 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49901	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:14 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:14 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123914Z-1657d5bbd48lknvp09v995n790000000030000000000nu13 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:14 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49899	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:14 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:14 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123914Z-1657d5bbd48dfrdj7px744zp8s000000035g00000000gm8y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:14 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49882	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:14 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:15 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 6f1c5b1d-901e-0048-485a-17b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123915Z-1657d5bbd487nf59mzf5b3gk8n0000000360000000006nn1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:15 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49902	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:15 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:15 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123915Z-1657d5bbd48t66tjar5xuq22r800000003b000000000nsth x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:15 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49904	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:15 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:15 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123915Z-1657d5bbd48vlsxxpe15ac3q7n00000003eg00000000cq21 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:15 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49905	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:15 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:15 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123915Z-1657d5bbd48gqrfwecymhhbfm8000000027000000000km5z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:15 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49903	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:15 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:15 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 635e2ff4-801e-0035-1973-17752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123915Z-1657d5bbd48762wn1qw4s5sd30000000039g00000000gunn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:15 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49906	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:15 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:15 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123915Z-1657d5bbd48vhs7r2p1ky7cs5w00000003w00000000057vb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:15 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49907	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:15 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:15 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123915Z-1657d5bbd48xlwdx82gahegw4000000003qg00000000av83 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:16 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49909	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:15 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123916Z-1657d5bbd48f7nlxc7n5fnfzh0000000035g000000008dvm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49910	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:16 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123916Z-1657d5bbd482krtfgrg72dfbtn000000037g00000000bhwu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49908	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:16 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:16 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:15 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123915Z-1657d5bbd48sqtlf1huhzuwq7000000003ag000000000xfu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:16 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49911	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:16 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123917Z-1657d5bbd48t66tjar5xuq22r800000003e000000000e804 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49912	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:17 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123917Z-1657d5bbd48t66tjar5xuq22r800000003h0000000006a35 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49913	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:17 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:17 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123917Z-1657d5bbd482krtfgrg72dfbtn000000036000000000ek8z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:17 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49915	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:17 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:17 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123917Z-1657d5bbd48lknvp09v995n790000000030g00000000nyzq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:17 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49914	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:17 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:17 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:17 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123917Z-1657d5bbd48762wn1qw4s5sd3000000003bg00000000c1ca x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:17 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49916	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:17 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123918Z-1657d5bbd48sdh4cyzadbb374800000003bg00000000agtk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49920	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:18 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123918Z-1657d5bbd48sqtlf1huhzuwq70000000039g000000004pn4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49918	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:18 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:18 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123918Z-1657d5bbd48762wn1qw4s5sd3000000003e0000000003mhy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:18 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49919	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:18 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:18 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123918Z-1657d5bbd48xlwdx82gahegw4000000003kg00000000pm8z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:18 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49917	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:18 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:18 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123918Z-1657d5bbd48tqvfc1ysmtbdrg000000003e0000000003mdb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:18 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49921	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:18 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:18 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123918Z-1657d5bbd482krtfgrg72dfbtn000000034000000000m66y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:18 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49922	13.107.246.44	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 12:39:18 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 12:39:18 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 12:39:18 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 8b4ba21e-301e-001f-45ad-18aa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T123918Z-1657d5bbd48hzllksrq1r6zsvs00000000pg00000000ey8p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 12:39:18 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Target ID:	0
Start time:	08:37:55
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7b0000
File size:	919'040 bytes
MD5 hash:	545D9448A199121F0C35B6250DD8FC5D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	08:37:55
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xd80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	08:37:55
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	08:37:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xd80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:37:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	08:37:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xd80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	08:37:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	08:37:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xd80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	08:37:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	08:37:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x7ff7699e0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	08:37:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	08:37:58
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	08:37:58
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	08:38:09
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5380 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	08:38:09
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1972,i,16211485116465670001,8553827770695224586,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.8%
Total number of Nodes:	1646
Total number of Limit Nodes:	63

Executed Functions

Function 007B42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 007B430D

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

GetCurrentProcess.KERNEL32(?,0084CB64,00000000,?,?), ref: 007B4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 007B4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 007B4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007B4466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 007B4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 007B447B
GetSystemInfo.KERNEL32(?,?,?), ref: 007B44A0

Strings

|O, xrefs: 007F36F8
kernel32.dll, xrefs: 007B444F
GetNativeSystemInfo, xrefs: 007B4460

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 31c10f58583c204bf89f278d7d2773f985706a9e11b57451ca549c14679100e9
Instruction ID: 61ec2583f1aaf40ba2d2d5b8f74cc5127ade140d97c6b80256baa2f274d974ae
Opcode Fuzzy Hash: 31c10f58583c204bf89f278d7d2773f985706a9e11b57451ca549c14679100e9
Instruction Fuzzy Hash: A7A1737690A2C4DFCF12D76D7C8D6E67FAC7B26740B184899D18193B23DE6C460ACB21

Function 007B42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,007B50AA,?,?,00000000,00000000), ref: 007B42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007B50AA,?,?,00000000,00000000), ref: 007B42C9
LoadResource.KERNEL32(?,00000000,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20), ref: 007F35BE
SizeofResource.KERNEL32(?,00000000,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20), ref: 007F35D3
LockResource.KERNEL32(007B50AA,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20,?), ref: 007F35E6

Strings

SCRIPT, xrefs: 007B42BF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: cf4bbba20324b258387833fd08b62981aea744ae5bb7e1d5baaf0f0c933de58b
Instruction ID: 9dc274f03fe5e6c1ad48d25770722103672931bd6b9fee83b357adfcf5360853
Opcode Fuzzy Hash: cf4bbba20324b258387833fd08b62981aea744ae5bb7e1d5baaf0f0c933de58b
Instruction Fuzzy Hash: 41117C75201700BFEB218FA5DC49FA77BBDFBC6B51F104169B412D6260DBB1D800D620

Function 007F2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 007B2B6B

Part of subcall function 007B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00881418,?,007B2E7F,?,?,?,00000000), ref: 007B3A78

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00872224), ref: 007F2C10
ShellExecuteW.SHELL32(00000000,?,?,00872224), ref: 007F2C17

Strings

runas, xrefs: 007F2C0B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 2694e82f5ba4045dbc9d9f64798f5717c707d6bab01aa909cc4224f7c2f580bd
Instruction ID: 7ac80b73e449079be8b94949505e84ee727149f2b9ca01b8cbae699e9eb4802c
Opcode Fuzzy Hash: 2694e82f5ba4045dbc9d9f64798f5717c707d6bab01aa909cc4224f7c2f580bd
Instruction Fuzzy Hash: 1611D571209305EAC704FF60D859BEEBBA9AB91700F44042DF256431A3DF2C898AC712

Function 0083A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0083A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 0083A6BA

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Process32NextW.KERNEL32(00000000,?), ref: 0083A79C
CloseHandle.KERNELBASE(00000000), ref: 0083A7AB

Part of subcall function 007CCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,007F3303,?), ref: 007CCE8A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: b836cd6ace204ea59cfb14b6be409f65f59ec5a4f58a017f2e7934811dbb0a88
Instruction ID: f8582203b07980ea2a3d63e398105691cbf7a9e247aae5b9f8a1441f5ff7c530
Opcode Fuzzy Hash: b836cd6ace204ea59cfb14b6be409f65f59ec5a4f58a017f2e7934811dbb0a88
Instruction Fuzzy Hash: 2E51F975508300AFD714EF24C88AAABBBE8FF89754F40892DF695D7251EB34D904CB92

Function 0081DBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,007F5222), ref: 0081DBCE
GetFileAttributesW.KERNELBASE(?), ref: 0081DBDD
FindFirstFileW.KERNEL32(?,?), ref: 0081DBEE
FindClose.KERNEL32(00000000), ref: 0081DBFA

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 3d48c97496f11d05d3582c45ee4bc749237b0d9ad5c021e5b7f5f790f585a59f
Instruction ID: 36c2b104dfb7976c156c182724837bb5210a72e3bfd13ab95c398a7b0f847fa2
Opcode Fuzzy Hash: 3d48c97496f11d05d3582c45ee4bc749237b0d9ad5c021e5b7f5f790f585a59f
Instruction Fuzzy Hash: BAF0A038811A245782206B78AC0D9EA376CFF02334B104B02F936C22E0FBF05994C6D5

Function 007D4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000,?,007E28E9), ref: 007D4D09
TerminateProcess.KERNEL32(00000000,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000,?,007E28E9), ref: 007D4D10
ExitProcess.KERNEL32 ref: 007D4D22

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: dce429a0df2e16f58f25ba3119464e8b76d42070d0f0f1a3e67919aedbaa87bb
Instruction ID: a2c2ab1ec915e69465f933999e2f24e945c0cb0d0ed57f2f6f8fe7142d9bc3c6
Opcode Fuzzy Hash: dce429a0df2e16f58f25ba3119464e8b76d42070d0f0f1a3e67919aedbaa87bb
Instruction Fuzzy Hash: 8CE0B635101588ABCF61AF64DD0DA583B7EFB46785B144015FD058B222CB39DD42CA90

Function 0083AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 0083B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083B1D4
_wcslen.LIBCMT ref: 0083B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083B236
_wcslen.LIBCMT ref: 0083B332

Part of subcall function 008205A7: GetStdHandle.KERNEL32(000000F6), ref: 008205C6

_wcslen.LIBCMT ref: 0083B34B
_wcslen.LIBCMT ref: 0083B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0083B3B6
GetLastError.KERNEL32(00000000), ref: 0083B407
CloseHandle.KERNEL32(?), ref: 0083B439
CloseHandle.KERNEL32(00000000), ref: 0083B44A
CloseHandle.KERNEL32(00000000), ref: 0083B45C
CloseHandle.KERNEL32(00000000), ref: 0083B46E
CloseHandle.KERNEL32(?), ref: 0083B4E3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 230adcc91a068a44d8dc80fca3fc6cab5d8e81137f9015f1bb7613c248007a66
Instruction ID: bfba125c42c2d90b8d22faba33be38814aadcdcf8a012eabf3d6b031a481c1b6
Opcode Fuzzy Hash: 230adcc91a068a44d8dc80fca3fc6cab5d8e81137f9015f1bb7613c248007a66
Instruction Fuzzy Hash: A9F17871608200DFC724EF24C895B6ABBE5FF85314F14855DF99A8B2A2DB35EC40CB92

Function 007BD730 Relevance: 21.6, APIs: 14, Instructions: 625sleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 007BD807
timeGetTime.WINMM ref: 007BDA07
Sleep.KERNELBASE(0000000A), ref: 007BDBB1
Sleep.KERNEL32(0000000A), ref: 00802B76

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Sleep$InputStateTimetime
String ID:
API String ID: 2764417729-0
Opcode ID: bca6950407a01a4529a3a603c2322ec31c301eef10c0668b6367b1fd33ca1abe
Instruction ID: 4125d85a3dc46137871eff63ddfb2b394bf8149a8ea515fa9fc83bf85e5de62c
Opcode Fuzzy Hash: bca6950407a01a4529a3a603c2322ec31c301eef10c0668b6367b1fd33ca1abe
Instruction Fuzzy Hash: 6342F170608241DFDB78CF28C898BAABBA5FF45314F14855DE456C7291EBB8EC44CB92

Function 007B2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 007B2D07
RegisterClassExW.USER32(00000030), ref: 007B2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007B2D42
InitCommonControlsEx.COMCTL32(?), ref: 007B2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007B2D6F
LoadIconW.USER32(000000A9), ref: 007B2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007B2D94

Strings

TaskbarCreated, xrefs: 007B2D37
AutoIt v3 GUI, xrefs: 007B2D23
+, xrefs: 007B2CF0
0, xrefs: 007B2CE9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 5c9c7066c3ee1da42398b0de6f60ee8415a81a220b1ad89d780fe10640f7be95
Instruction ID: 8879d03ee50ffe2237a71d7ec4411db2416d1c514cb5eaa59a6f2174bf05b97b
Opcode Fuzzy Hash: 5c9c7066c3ee1da42398b0de6f60ee8415a81a220b1ad89d780fe10640f7be95
Instruction Fuzzy Hash: F421BFB5912318AFDF40DFA8EC89BDDBFB8FB09700F00811AE611A62A0DBB55545CF91

Function 007F065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007F039A: CreateFileW.KERNELBASE(00000000,00000000,?,007F0704,?,?,00000000,?,007F0704,00000000,0000000C), ref: 007F03B7

GetLastError.KERNEL32 ref: 007F076F
__dosmaperr.LIBCMT ref: 007F0776
GetFileType.KERNELBASE(00000000), ref: 007F0782
GetLastError.KERNEL32 ref: 007F078C
__dosmaperr.LIBCMT ref: 007F0795
CloseHandle.KERNEL32(00000000), ref: 007F07B5
CloseHandle.KERNEL32(?), ref: 007F08FF
GetLastError.KERNEL32 ref: 007F0931
__dosmaperr.LIBCMT ref: 007F0938

Strings

H, xrefs: 007F08BD

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: d4680d2a229a141b0ed13f6f578cfc159a766640b16e3c78f19a6708fe1e7274
Instruction ID: 8a588d23177dece8688b7e48c3c2da8e2802d26e9bc10e0f19c3715b25a87639
Opcode Fuzzy Hash: d4680d2a229a141b0ed13f6f578cfc159a766640b16e3c78f19a6708fe1e7274
Instruction Fuzzy Hash: 00A12136A001088FDF19EF68D855BBE7BA0AB06320F14419EF9159F3D2DB399912CB91

Function 007B344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00881418,?,007B2E7F,?,?,?,00000000), ref: 007B3A78

Part of subcall function 007B3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007B3379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007B356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007F318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007F31CE
RegCloseKey.ADVAPI32(?), ref: 007F3210
_wcslen.LIBCMT ref: 007F3277
_wcslen.LIBCMT ref: 007F3286

Strings

Include, xrefs: 007F3184, 007F31C5
Software\AutoIt v3\AutoIt, xrefs: 007B3560
\Include\, xrefs: 007B3527
\, xrefs: 007F328C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 9a636b756947fba5c2e75dd64258a8ce1ba7e49f0183d785d84f2727e2b5991d
Instruction ID: 1236ad3a734e0ee10517d16f7ea4996bb8f5b3dd570e88656f6d5a9256f23afd
Opcode Fuzzy Hash: 9a636b756947fba5c2e75dd64258a8ce1ba7e49f0183d785d84f2727e2b5991d
Instruction Fuzzy Hash: FD716A71405305EEC314EF69EC95AABBBE8FF85740B40042EF655C3271EB389A48CB62

Function 007B2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 007B2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 007B2B9D
LoadIconW.USER32(00000063), ref: 007B2BB3
LoadIconW.USER32(000000A4), ref: 007B2BC5
LoadIconW.USER32(000000A2), ref: 007B2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007B2BEF
RegisterClassExW.USER32(?), ref: 007B2C40

Part of subcall function 007B2CD4: GetSysColorBrush.USER32(0000000F), ref: 007B2D07
Part of subcall function 007B2CD4: RegisterClassExW.USER32(00000030), ref: 007B2D31
Part of subcall function 007B2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007B2D42
Part of subcall function 007B2CD4: InitCommonControlsEx.COMCTL32(?), ref: 007B2D5F
Part of subcall function 007B2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007B2D6F
Part of subcall function 007B2CD4: LoadIconW.USER32(000000A9), ref: 007B2D85
Part of subcall function 007B2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007B2D94

Strings

AutoIt v3, xrefs: 007B2C2F
#, xrefs: 007B2C16
0, xrefs: 007B2C0F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: d36d145775cf70a54cd6a93cdd3c0554e2b37fddffb127c3d916665bce99116b
Instruction ID: e1a53c659e09ba698b868a48229e5b1025f05cc04d19d0575434c9adc7912632
Opcode Fuzzy Hash: d36d145775cf70a54cd6a93cdd3c0554e2b37fddffb127c3d916665bce99116b
Instruction Fuzzy Hash: 03211874E01318ABDF109FA9EC59BA97FB8FB48B50F00402AE600A67A0DBB90541CF90

Function 007B3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,007B316A,?,?), ref: 007B31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,007B316A,?,?), ref: 007B3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007B3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,007B316A,?,?), ref: 007B3232
CreatePopupMenu.USER32 ref: 007B3246
PostQuitMessage.USER32(00000000), ref: 007B3267

Strings

TaskbarCreated, xrefs: 007B322D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 1259b21afa4a67701613f79caa8e3dd8923d90c87be23ebc42326a5417029e3a
Instruction ID: 5be5e475e4282f107cdbd0c368ab8e9007d225c3a477824adee4ca5d5b6b3240
Opcode Fuzzy Hash: 1259b21afa4a67701613f79caa8e3dd8923d90c87be23ebc42326a5417029e3a
Instruction Fuzzy Hash: C541DF3524060CABDF146BACDC1EBF93A5DFB06340F040125FA02C62A2DF7D9E8297A1

Function 007B1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007B1459
CoUninitialize.COMBASE ref: 007B14F8
UnregisterHotKey.USER32(?), ref: 007B16DD
DestroyWindow.USER32(?), ref: 007F24B9
FreeLibrary.KERNEL32(?), ref: 007F251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 007F254B

Strings

close all, xrefs: 007B1454

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 127190c25ec09b04c43add0718a6203979f3e6f4831d690662f3734253f1fce6
Instruction ID: cc7d8b2197844ac0e58605ec304b2ea3c3872b41510639b8d0aa08ce5ba6b43c
Opcode Fuzzy Hash: 127190c25ec09b04c43add0718a6203979f3e6f4831d690662f3734253f1fce6
Instruction Fuzzy Hash: C8D15E31702212DFCB29DF14C4A9B69F7A5BF05700F9441ADE54AAB352DB38AD22CF51

Function 007B2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007B2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007B2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,007B1CAD,?), ref: 007B2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,007B1CAD,?), ref: 007B2CCF

Strings

AutoIt v3, xrefs: 007B2C89, 007B2C8E, 007B2C8F
edit, xrefs: 007B2CAC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: f8a239ab4a8b37928b49ee257c92cae3bc18d85d01d30a449f6b0c38a79a9260
Instruction ID: 60fda538a2e8d333e4d7b47389421d17f7ca04c3680a8707d71cbaa5833db533
Opcode Fuzzy Hash: f8a239ab4a8b37928b49ee257c92cae3bc18d85d01d30a449f6b0c38a79a9260
Instruction Fuzzy Hash: 43F0DA755413947AEB71171BAC0CEB72EBDF7C7F50B00005AF900A26A0CA791852DBB0

Function 007B3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B83

Strings

Control Panel\Mouse, xrefs: 007B3B3E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: aaec3f81ff09898a84b9ad4fe0d4ea5fcafb8922b79fe6c25e47f39e2e0a5db9
Instruction ID: 9d38b0f5344b554f51f5e0ab528a7cd7a5a17e3e46a56bf46c7cab4f0add6402
Opcode Fuzzy Hash: aaec3f81ff09898a84b9ad4fe0d4ea5fcafb8922b79fe6c25e47f39e2e0a5db9
Instruction Fuzzy Hash: 63112AB5511208FFDB208FA5DC44AEFB7BCEF05744B104559A805D7114E6359E809760

Function 007B3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007F33A2

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 007B3A04

Strings

Line: , xrefs: 007F33EB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: b219c1129509365c63f19b04f35ea8d8f7d2bb6dbb4f070d5462fa94264963ec
Instruction ID: c2d9a5d3c2a3724d77f4dce91b8d5b7178161273fced04ebf02d287a016a00d4
Opcode Fuzzy Hash: b219c1129509365c63f19b04f35ea8d8f7d2bb6dbb4f070d5462fa94264963ec
Instruction Fuzzy Hash: 8831A571408304AAD725EB14DC49BEBB7ECBF40714F10451AF59993291EF7CAA89C7C2

Function 007CFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 007D0668

Part of subcall function 007D32A4: RaiseException.KERNEL32(?,?,?,007D068A,?,00881444,?,?,?,?,?,?,007D068A,007B1129,00878738,007B1129), ref: 007D3304

__CxxThrowException@8.LIBVCRUNTIME ref: 007D0685

Strings

Unknown exception, xrefs: 007D0692

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 1b916e7b150b9fe86b26d457ef1e31c6348c94ded555e2787d1db855c06a2be8
Instruction ID: 2ba0eed18da7c6e991da94069f5c0a75968269e1c7b7ba0a096af79c6d66e1cc
Opcode Fuzzy Hash: 1b916e7b150b9fe86b26d457ef1e31c6348c94ded555e2787d1db855c06a2be8
Instruction Fuzzy Hash: 27F0F42490020DF38B04B664E84EE5D777CAE00350B60803AB929D6795EF38EA2585C0

Function 007B10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007B1BF4
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 007B1BFC
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007B1C07
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007B1C12
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 007B1C1A
Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 007B1C22

Part of subcall function 007B1B4A: RegisterWindowMessageW.USER32(00000004,?,007B12C4), ref: 007B1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007B136A
OleInitialize.OLE32 ref: 007B1388
CloseHandle.KERNEL32(00000000,00000000), ref: 007F24AB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: c0dae7988f3bfd3e9336ec9da35489214642f4a51d118ac9ff2bba423e50abd2
Instruction ID: 2a8378fe63216dd94af72982eb9a9d8d69743d40b6effe0dad25e46b102256fe
Opcode Fuzzy Hash: c0dae7988f3bfd3e9336ec9da35489214642f4a51d118ac9ff2bba423e50abd2
Instruction Fuzzy Hash: 1871A7B49122009ECB84EFBDE95EA953AEDFB88344794823AD10AC7262EF344447CF45

Function 0081C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 007B3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0081C259
KillTimer.USER32(?,00000001,?,?), ref: 0081C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0081C270

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 964d78b3f0c26f7d178fcfe11abdc4de4b65d45201251040ef2b621ed2325d75
Instruction ID: 90a0d2653d503d4944459ea0177ef50b17e8cbcacc58fcd4569eec99e69304b6
Opcode Fuzzy Hash: 964d78b3f0c26f7d178fcfe11abdc4de4b65d45201251040ef2b621ed2325d75
Instruction Fuzzy Hash: D1318170944344AFEB629F648859BEABBECFF16308F00049AD59AD7241C7746AC5CB51

Function 007E86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,007E85CC,?,00878CC8,0000000C), ref: 007E8704
GetLastError.KERNEL32(?,007E85CC,?,00878CC8,0000000C), ref: 007E870E
__dosmaperr.LIBCMT ref: 007E8739

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: f5644c105a932bab965377306b92cbbe992053e6d738618300ba1049150bd1f2
Instruction ID: 35639846571ea60e7556ceb2e599b3bc1fa38c7882d36c369d90a3c6c1a8ddcb
Opcode Fuzzy Hash: f5644c105a932bab965377306b92cbbe992053e6d738618300ba1049150bd1f2
Instruction Fuzzy Hash: 61018E326072E056C2E06376694977E67494B8E77CF390119F81C8B1D3DEACCC81C252

Function 007BDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 007BDB7B
DispatchMessageW.USER32(?), ref: 007BDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007BDB9F
Sleep.KERNELBASE(0000000A), ref: 007BDBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00801CC9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 813e0a7861990b16c54a5dac34dcf60ee2ce7a60d1a0886368226fcc9a72a924
Instruction ID: e4f47c47336a62e1463a136132c0c43af8a71ea40d637dfeaaf6e5361819339e
Opcode Fuzzy Hash: 813e0a7861990b16c54a5dac34dcf60ee2ce7a60d1a0886368226fcc9a72a924
Instruction Fuzzy Hash: 2CF05E306453409BEB70CBA48C4DFEA73ACFB45310F104628E61AC30C0EB349848CB25

Function 007C1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 007C17F6

Strings

CALL, xrefs: 007C17C6

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 95b5cfb3c321b925622788916e1e918f0556e4f1756cde5ebda6e75a6550a79f
Instruction ID: cafe3a304a03d0293577203725c671af39c01d09fbb21efc5572f62f5c856d8b
Opcode Fuzzy Hash: 95b5cfb3c321b925622788916e1e918f0556e4f1756cde5ebda6e75a6550a79f
Instruction Fuzzy Hash: 22226870608241DFC714DF14C894F2ABBE1FF86314F64896DE4968B3A2D739E961CB92

Function 007B2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 007F2C8C

Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2

Part of subcall function 007B2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007B2DC4

Strings

X, xrefs: 007F2C5A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: dd658ede7d605a0d6f10dc25efd02c48eacab03035d2efcaf562261b1b1f4ee4
Instruction ID: 10f3d2c0e7e985bb5eb1991a23a38f256f952c6aee1e8d1ada9d2b0d514219f7
Opcode Fuzzy Hash: dd658ede7d605a0d6f10dc25efd02c48eacab03035d2efcaf562261b1b1f4ee4
Instruction Fuzzy Hash: 68218471A002589ACB419F94C8497EE7BF8AF49704F108059E505A7345EBB89A8A8F61

Function 007B3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B3908

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: e3db5b9feb45201bc3323ffaae4b3365c3d8f94a2cd7344bbd0d8adb601a5007
Instruction ID: df33565e570c24ec0ab75f2d69afd495e636fc64f8d39664cf9192ee67be9680
Opcode Fuzzy Hash: e3db5b9feb45201bc3323ffaae4b3365c3d8f94a2cd7344bbd0d8adb601a5007
Instruction Fuzzy Hash: 4E314B705047019FD761DF28D8897D7BBE8FB49708F00092EF59987250E779AA85CB52

Function 007CF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 007CF661

Part of subcall function 007BD730: GetInputState.USER32 ref: 007BD807

Sleep.KERNEL32(00000000), ref: 0080F2DE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: 4970ad3803d86da19200ac83d54c2a3d649c6730887acee500e343d1fe9a05a0
Instruction ID: dcbc74672a9ec7867914542cb0cd79649f38e54f84843ab70401282a19d0b591
Opcode Fuzzy Hash: 4970ad3803d86da19200ac83d54c2a3d649c6730887acee500e343d1fe9a05a0
Instruction Fuzzy Hash: 5EF08C352402059FD360EF69D849BAAB7E8FF4A760F004029E85AC72A1DBB0A800CB91

Function 007BB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 007BBB4E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 4e5b91e8dcbe0bf839e167d67805089ac1d639b59a0447535a095a5e766b14a9
Instruction ID: b61a0e4967b36d6e5eed055d0dabfac11e5c01df28b6a3ad162aba888f144e4a
Opcode Fuzzy Hash: 4e5b91e8dcbe0bf839e167d67805089ac1d639b59a0447535a095a5e766b14a9
Instruction Fuzzy Hash: 19327974A00209DFDB24CF58C898BBAB7B9FF44314F158059ED05AB3A1D7B8AD81CB91

Function 007B4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 007B4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E9C
Part of subcall function 007B4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4EAE
Part of subcall function 007B4E90: FreeLibrary.KERNEL32(00000000,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EFD

Part of subcall function 007B4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E62
Part of subcall function 007B4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4E74
Part of subcall function 007B4E59: FreeLibrary.KERNEL32(00000000,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E87

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 635c82eb9184576e9e06d0f7ea5f5b9d0bdf1cb7005edcea2c48a96de9a469ef
Instruction ID: f39bb18074390a2396b92a63e87437c692f9dd7d5700f41b38081963b2b192de
Opcode Fuzzy Hash: 635c82eb9184576e9e06d0f7ea5f5b9d0bdf1cb7005edcea2c48a96de9a469ef
Instruction Fuzzy Hash: 23119132610219EADB14BB64DC0ABFD77A5AF40B10F148429F542AB2D2EEB8DA459B50

Function 007E8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 007E8440

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 48cd4ce9dd3c3a9c8f2d37773703f26335cc45b27659d5aeb0d35d79e37b44f7
Instruction ID: 19c8dad1ae945c52cf00985d9f9c5ca92f61fca66a11f58615c14e53e089d38f
Opcode Fuzzy Hash: 48cd4ce9dd3c3a9c8f2d37773703f26335cc45b27659d5aeb0d35d79e37b44f7
Instruction Fuzzy Hash: B711487190414AEFCB05DF59E94099A7BF4FF49310F104059F808AB352DA30EA11CBA5

Function 007E5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 007E4C7D: RtlAllocateHeap.NTDLL(00000008,007B1129,00000000,?,007E2E29,00000001,00000364,?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?), ref: 007E4CBE

_free.LIBCMT ref: 007E506C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: 1b047f7810a48538705bd989243e77eb370b89b13573f9134d7fb08d3f518431
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: 29012B722057489BE3218E66984595AFBECFB8D374F25061DF184932C0E674A805C674

Function 008429BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,008414B5,?), ref: 00842A01

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 197c6ac877f379f4469aad7fbb9f9998bcca2c92f44cbaf9d17cc01aa4356c15
Instruction ID: 4baf832ab76b574415e9c4253fb31989b335eda15a79f9c739858e3fdf2947e3
Opcode Fuzzy Hash: 197c6ac877f379f4469aad7fbb9f9998bcca2c92f44cbaf9d17cc01aa4356c15
Instruction Fuzzy Hash: 0301B136308A669FD324CA2CC454F223B92FF85318FA98469E447CB251DB32EC42C7A0

Function 007DE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: ea18de7b83e1c395e7701adc6edcabc862f7046c42db6bf5be5b3a23b2ee40f7
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 35F02D32511A14D6C7323A668C0DB5A33BC9F52334F10071BF525973D2DB7CE80285A6

Function 007E4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,007B1129,00000000,?,007E2E29,00000001,00000364,?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?), ref: 007E4CBE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c6f8d53a5a609c4af1f35b772a75a4987f4809cc9ef738a78c3cf4a4d8180228
Instruction ID: dbac7ee847919760a726093c3af6e86d14240725c9dfb424580813b2a28b93de
Opcode Fuzzy Hash: c6f8d53a5a609c4af1f35b772a75a4987f4809cc9ef738a78c3cf4a4d8180228
Instruction Fuzzy Hash: 6AF0E9326032A4A7DB315F679D09B5A3798BF457A0B385512F81AA76B1CA3CD80186F0

Function 007E3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9cdb24ab57ee2d66a88d578fc3cb559b09a81f302ffec679f242f051037c038a
Instruction ID: 9fac118bfbabbf2e9f875c06f57fba4abcd4b713562dcc3be7837c1025fb3c69
Opcode Fuzzy Hash: 9cdb24ab57ee2d66a88d578fc3cb559b09a81f302ffec679f242f051037c038a
Instruction Fuzzy Hash: 26E065321032A4ABE63126A79D0DB9A3759AB867B0F190123BC1597691DB2DDD0182F1

Function 007B4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4F6D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 39da7279b185725aab6ba2d80a57a8d5b1770773a7b243db8621b95d806bdb3d
Instruction ID: db4ad80747efecfdadd3329c095c3d8defde3b3c0a65fe3ae13450e5a87b7cef
Opcode Fuzzy Hash: 39da7279b185725aab6ba2d80a57a8d5b1770773a7b243db8621b95d806bdb3d
Instruction Fuzzy Hash: D4F03971505752CFDB349F64D494AA2BBF4FF14329328897EE1EA83622C7399844DF10

Function 00842A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00842A66

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: bc16820ddcb84ba01555ec3130c46b2af1c2690d292e770a64fcdfacf2741547
Instruction ID: c4f0fd63e50531927838350c05c88da9c8d21f7c9227c472f61e0e0ade09186d
Opcode Fuzzy Hash: bc16820ddcb84ba01555ec3130c46b2af1c2690d292e770a64fcdfacf2741547
Instruction Fuzzy Hash: BCE04F7635412EAAC754EA34EC849FAB75CFF61399750453ABC16C3140DB309A9686A0

Function 007B30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 007B314E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 62e9eec14f0dde55a2f273c9b18f82b81c6839c8a2e3b72a52ec1084ff2faaa9
Instruction ID: d3a3a4d931ad5432b3029dbc190efe177d839bb227aeda24295183e75ee7da3d
Opcode Fuzzy Hash: 62e9eec14f0dde55a2f273c9b18f82b81c6839c8a2e3b72a52ec1084ff2faaa9
Instruction Fuzzy Hash: 99F037709143189FEB529B28DC4A7D57BBCB701708F0000E5A54896292DB785789CF51

Function 007B2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007B2DC4

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 6cf9934e50a66d46a1edf6523045a476b49e83081b569989b97c762570c74d9f
Instruction ID: b3f7c9bbff3f365484ad9ca56525ff18cf532009276b01c8933a953149444733
Opcode Fuzzy Hash: 6cf9934e50a66d46a1edf6523045a476b49e83081b569989b97c762570c74d9f
Instruction Fuzzy Hash: 29E0CD766011249BC71092589C09FEA77EDDFC8790F040071FE09D7248DAA4AD80C550

Function 007B2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007B3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B3908

Part of subcall function 007BD730: GetInputState.USER32 ref: 007BD807

SetCurrentDirectoryW.KERNEL32(?), ref: 007B2B6B

Part of subcall function 007B30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 007B314E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 239cf67fbfeae930ab4691ac15a90aec66e9909731f19716ef892bece4d87d15
Instruction ID: b560895cf7c5647bce0ec895f962b894b6cb2d3b75af866a4e33fb29ee46d7d2
Opcode Fuzzy Hash: 239cf67fbfeae930ab4691ac15a90aec66e9909731f19716ef892bece4d87d15
Instruction Fuzzy Hash: 27E0863130424486CA04BBB4985E7EDA75EABD1751F40153EF24283163DE2D498A8352

Function 007F039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,007F0704,?,?,00000000,?,007F0704,00000000,0000000C), ref: 007F03B7

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 863bca47567c81481c8770c676942e9efd103e18faa43f2b984bc456a4368d84
Instruction ID: 754634fb71f6034882e362a0cc5cb08bfc37607b2adb99d32f34c98cb0075d29
Opcode Fuzzy Hash: 863bca47567c81481c8770c676942e9efd103e18faa43f2b984bc456a4368d84
Instruction Fuzzy Hash: FDD06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000BE1856020C732E821EB90

Function 007B1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 007B1CBC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: be112453b1a50494ff87e7b10596b1d32751c5e35702e2d38d76967e7903fee9
Instruction ID: 0d648e9656b78ef6b0d63044c8c3925663222103df78edc5e0dfa631605da1d8
Opcode Fuzzy Hash: be112453b1a50494ff87e7b10596b1d32751c5e35702e2d38d76967e7903fee9
Instruction Fuzzy Hash: 02C0923A2C0304AFF6548B88FC4EF547768B348B00F048001F709A96E3C7A22820EB50

Non-executed Functions

Function 00849576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0084961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0084965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0084969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008496C9
SendMessageW.USER32 ref: 008496F2
GetKeyState.USER32(00000011), ref: 0084978B
GetKeyState.USER32(00000009), ref: 00849798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008497AE
GetKeyState.USER32(00000010), ref: 008497B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008497E9
SendMessageW.USER32 ref: 00849810
SendMessageW.USER32(?,00001030,?,00847E95), ref: 00849918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0084992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00849941
SetCapture.USER32(?), ref: 0084994A
ClientToScreen.USER32(?,?), ref: 008499AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008499BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008499D6
ReleaseCapture.USER32 ref: 008499E1
GetCursorPos.USER32(?), ref: 00849A19
ScreenToClient.USER32(?,?), ref: 00849A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00849A80
SendMessageW.USER32 ref: 00849AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00849AEB
SendMessageW.USER32 ref: 00849B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00849B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00849B4A
GetCursorPos.USER32(?), ref: 00849B68
ScreenToClient.USER32(?,?), ref: 00849B75
GetParent.USER32(?), ref: 00849B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00849BFA
SendMessageW.USER32 ref: 00849C2B
ClientToScreen.USER32(?,?), ref: 00849C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00849CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00849CDE
SendMessageW.USER32 ref: 00849D01
ClientToScreen.USER32(?,?), ref: 00849D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00849D82

Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952

GetWindowLongW.USER32(?,000000F0), ref: 00849E05

Strings

F, xrefs: 00849D07
@GUI_DRAGID, xrefs: 0084997D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 1e8a45da8b3bab601a96c25d6e683745d0a36805c0cca96be036a90e457de754
Instruction ID: a2b2a6dc32ec33dfe7574b9e76dc95a8f42d96c71219bd29a2cc688098abe6ca
Opcode Fuzzy Hash: 1e8a45da8b3bab601a96c25d6e683745d0a36805c0cca96be036a90e457de754
Instruction Fuzzy Hash: 0E427834204209AFDB60CF68CC88EABBBE9FF59314F114619F699C72A1E731A850CF51

Function 00844873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008448F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00844908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00844927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0084494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0084495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0084497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008449AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008449D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00844A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00844A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00844A7E
IsMenu.USER32(?), ref: 00844A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00844AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00844B20
GetWindowLongW.USER32(?,000000F0), ref: 00844B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00844BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00844C82
wsprintfW.USER32 ref: 00844CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00844CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00844CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00844D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00844D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00844D5A

Strings

%d/%02d/%02d, xrefs: 00844CA8

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: c7001fa924dbed8776ac438ab7a34a32543d59433d6359c4e68698e4f511d6c6
Instruction ID: 2d76dbcbfb1c467eaede8a8a6eebf3288cd8e3f7bdd12fba6de3ce3e65db71d8
Opcode Fuzzy Hash: c7001fa924dbed8776ac438ab7a34a32543d59433d6359c4e68698e4f511d6c6
Instruction Fuzzy Hash: 4B12ED71A00618ABEB249F28CC49FAE7BF8FF45714F105129F916EB2E1DB789941CB50

Function 007CF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 007CF998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0080F474
IsIconic.USER32(00000000), ref: 0080F47D
ShowWindow.USER32(00000000,00000009), ref: 0080F48A
SetForegroundWindow.USER32(00000000), ref: 0080F494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0080F4AA
GetCurrentThreadId.KERNEL32 ref: 0080F4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0080F4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 0080F4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 0080F4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0080F4DE
SetForegroundWindow.USER32(00000000), ref: 0080F4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F4F6
keybd_event.USER32(00000012,00000000), ref: 0080F501
MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F50B
keybd_event.USER32(00000012,00000000), ref: 0080F510
MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F519
keybd_event.USER32(00000012,00000000), ref: 0080F51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F528
keybd_event.USER32(00000012,00000000), ref: 0080F52D
SetForegroundWindow.USER32(00000000), ref: 0080F530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 0080F557

Strings

Shell_TrayWnd, xrefs: 0080F46F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 41aaca6f352644f508968b125e64c89777d2f0a14f8677a0544ec519bbcc793c
Instruction ID: 8f1286e31ad4cc59d2319fa426ea0de351e031c5736c12bdc7ecc7a262a87d08
Opcode Fuzzy Hash: 41aaca6f352644f508968b125e64c89777d2f0a14f8677a0544ec519bbcc793c
Instruction Fuzzy Hash: BC315E75A41218BBEB706BB55C4AFBF7E6CFB45B50F114029FA05E61D2C6B06D00EAA0

Function 00811201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 008116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
Part of subcall function 008116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
Part of subcall function 008116C3: GetLastError.KERNEL32 ref: 0081174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00811286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008112A8
CloseHandle.KERNEL32(?), ref: 008112B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008112D1
GetProcessWindowStation.USER32 ref: 008112EA
SetProcessWindowStation.USER32(00000000), ref: 008112F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00811310

Part of subcall function 008110BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008111FC), ref: 008110D4
Part of subcall function 008110BF: CloseHandle.KERNEL32(?,?,008111FC), ref: 008110E9

Strings

winsta0, xrefs: 008112CC
, xrefs: 0081125A
default, xrefs: 0081130B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: c801a8b4b328a57a589f3a9a78510020c1a86f2eff867fc82439f94e02073dca
Instruction ID: c7241843eba24ea5ca14d90ddefd302ada9300f71624874dfec6e8beff8b884e
Opcode Fuzzy Hash: c801a8b4b328a57a589f3a9a78510020c1a86f2eff867fc82439f94e02073dca
Instruction Fuzzy Hash: 9F818D71900209ABDF109FA8DC4DBEE7BBEFF05B04F144129FA10E62A0D7758984CB25

Function 00810B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
Part of subcall function 008110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
Part of subcall function 008110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
Part of subcall function 008110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00810BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00810C00
GetLengthSid.ADVAPI32(?), ref: 00810C17
GetAce.ADVAPI32(?,00000000,?), ref: 00810C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00810C6D
GetLengthSid.ADVAPI32(?), ref: 00810C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00810C8C
HeapAlloc.KERNEL32(00000000), ref: 00810C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00810CB4
CopySid.ADVAPI32(00000000), ref: 00810CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00810CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00810D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00810D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D45
HeapFree.KERNEL32(00000000), ref: 00810D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D55
HeapFree.KERNEL32(00000000), ref: 00810D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D65
HeapFree.KERNEL32(00000000), ref: 00810D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00810D78
HeapFree.KERNEL32(00000000), ref: 00810D7F

Part of subcall function 00811193: GetProcessHeap.KERNEL32(00000008,00810BB1,?,00000000,?,00810BB1,?), ref: 008111A1
Part of subcall function 00811193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00810BB1,?), ref: 008111A8
Part of subcall function 00811193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00810BB1,?), ref: 008111B7

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: d1799a26887fade3429e3cdb037bee204b548328eb4c2cd62acf4434b849098c
Instruction ID: 8b09cbb75c6769ae384a2d5dc96db1eb726c9f5735e92be48380aaf8011057e9
Opcode Fuzzy Hash: d1799a26887fade3429e3cdb037bee204b548328eb4c2cd62acf4434b849098c
Instruction Fuzzy Hash: A4715CB690120AABDF10DFA4EC48BEEBBBCFF05300F144615E915E6191D7B5A985CFA0

Function 0082EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(0084CC08), ref: 0082EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 0082EB37
GetClipboardData.USER32(0000000D), ref: 0082EB43
CloseClipboard.USER32 ref: 0082EB4F
GlobalLock.KERNEL32(00000000), ref: 0082EB87
CloseClipboard.USER32 ref: 0082EB91
GlobalUnlock.KERNEL32(00000000), ref: 0082EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 0082EBC9
GetClipboardData.USER32(00000001), ref: 0082EBD1
GlobalLock.KERNEL32(00000000), ref: 0082EBE2
GlobalUnlock.KERNEL32(00000000), ref: 0082EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 0082EC38
GetClipboardData.USER32(0000000F), ref: 0082EC44
GlobalLock.KERNEL32(00000000), ref: 0082EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0082EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0082EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0082ECD2
GlobalUnlock.KERNEL32(00000000), ref: 0082ECF3
CountClipboardFormats.USER32 ref: 0082ED14
CloseClipboard.USER32 ref: 0082ED59

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 1d98e9f0f2eff1943ea2fc5d60627db7539f5ec9868f9768dbc750fd3e35d347
Instruction ID: 70d26ad48a605bd91c8d96eeaf04639676e02377722b521ce965b4de1a8722eb
Opcode Fuzzy Hash: 1d98e9f0f2eff1943ea2fc5d60627db7539f5ec9868f9768dbc750fd3e35d347
Instruction Fuzzy Hash: 3C61EE38204301AFD300EF24E888F6ABBA8FF85714F14441DF956D72A2CB75E985CB66

Function 0082698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 008269BE
FindClose.KERNEL32(00000000), ref: 00826A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00826A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00826A75

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00826AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00826ADF

Strings

%4d, xrefs: 00826BB1
%03d, xrefs: 00826DA2
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00826B32
%02d, xrefs: 00826C00, 00826C0A, 00826C5A, 00826CAA, 00826CFA, 00826D4A
%4d%02d%02d%02d%02d%02d, xrefs: 00826B6A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: daa5dd59ef565ac3564eae9c7c897fad44d51b0add3f2f8fc8d83dd560099b59
Instruction ID: ed90acc4aeb2a21a10b72b3fc399f026b19da73d77c2113dcdb23d7b4317ce26
Opcode Fuzzy Hash: daa5dd59ef565ac3564eae9c7c897fad44d51b0add3f2f8fc8d83dd560099b59
Instruction Fuzzy Hash: FCD15172508350EFC314EBA4D885EABB7ECBF88704F04491DF699D6191EB78DA44CB62

Function 00829642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00829663
GetFileAttributesW.KERNEL32(?), ref: 008296A1
SetFileAttributesW.KERNEL32(?,?), ref: 008296BB
FindNextFileW.KERNEL32(00000000,?), ref: 008296D3
FindClose.KERNEL32(00000000), ref: 008296DE
FindFirstFileW.KERNEL32(*.*,?), ref: 008296FA
SetCurrentDirectoryW.KERNEL32(?), ref: 0082974A
SetCurrentDirectoryW.KERNEL32(00876B7C), ref: 00829768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00829772
FindClose.KERNEL32(00000000), ref: 0082977F
FindClose.KERNEL32(00000000), ref: 0082978F

Strings

*.*, xrefs: 008296F5

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: dd0f80fcafb6b06a82d5abcade86095e01ae9253bfbadce2d238f0f4904a830e
Instruction ID: a4eabb6f3b957525a1e0d0f1fca76b82c4190295822f59410e6870ee7d641fc0
Opcode Fuzzy Hash: dd0f80fcafb6b06a82d5abcade86095e01ae9253bfbadce2d238f0f4904a830e
Instruction Fuzzy Hash: 4A31D3365016296FDB10AFB4EC48ADE77BCFF0A320F144156F955E2190EB74DD84CA14

Function 0082979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 008297BE
FindNextFileW.KERNEL32(00000000,?), ref: 00829819
FindClose.KERNEL32(00000000), ref: 00829824
FindFirstFileW.KERNEL32(*.*,?), ref: 00829840
SetCurrentDirectoryW.KERNEL32(?), ref: 00829890
SetCurrentDirectoryW.KERNEL32(00876B7C), ref: 008298AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 008298B8
FindClose.KERNEL32(00000000), ref: 008298C5
FindClose.KERNEL32(00000000), ref: 008298D5

Part of subcall function 0081DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0081DB00

Strings

*.*, xrefs: 0082983B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: a748d0f29ed6b0314ecff41715ab36c61ab2c75d1eaf524cbb939a85339f79de
Instruction ID: 7e0e3106991e1674fe1058e4c1251df1acec521ed94aa7b3b2f577fc8bdef7eb
Opcode Fuzzy Hash: a748d0f29ed6b0314ecff41715ab36c61ab2c75d1eaf524cbb939a85339f79de
Instruction Fuzzy Hash: B531C3315016296FDB14EFB4EC48ADE77BCFF06330F184166E994E2290EB75D984CA24

Function 0083BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0083BFA9
RegCloseKey.ADVAPI32(00000000), ref: 0083BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0083C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0083C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0083C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0083C382
RegCloseKey.ADVAPI32(00000000), ref: 0083C38F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: 7d057924f4e77c972c78a88643201eb1dc8f7aa9f8623130f98910d5efd8cfad
Instruction ID: 5e2dfdf008dbd6dfe70dcdf02a6c6d47944671222260474cea57d0a48a30e435
Opcode Fuzzy Hash: 7d057924f4e77c972c78a88643201eb1dc8f7aa9f8623130f98910d5efd8cfad
Instruction Fuzzy Hash: A8020B716042009FD714DF28C895E2ABBE5FF89318F18849DF84ADB2A2DB35ED45CB91

Function 00828195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00828257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00828267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00828273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00828310
SetCurrentDirectoryW.KERNEL32(?), ref: 00828324
SetCurrentDirectoryW.KERNEL32(?), ref: 00828356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0082838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00828395

Strings

*.*, xrefs: 0082839B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: f367a6cad3911eea264db868a3cc08a5596261d8784aac0b1990c7e6ae2c03b7
Instruction ID: dea6c7f11a398fcb72b7037e5e2bc77df8fc9faa8ef28f06cf2e392f1f438c6f
Opcode Fuzzy Hash: f367a6cad3911eea264db868a3cc08a5596261d8784aac0b1990c7e6ae2c03b7
Instruction Fuzzy Hash: 99614972504315DFCB10EF64D848AAEB3E8FF89314F04891AF999C7251EB35E985CB92

Function 0081D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2

Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A

FindFirstFileW.KERNEL32(?,?), ref: 0081D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0081D1DD
MoveFileW.KERNEL32(?,?), ref: 0081D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 0081D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 0081D237

Part of subcall function 0081D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0081D21C,?,?), ref: 0081D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 0081D253
FindClose.KERNEL32(00000000), ref: 0081D264

Strings

\*.*, xrefs: 0081D0CD, 0081D0D6, 0081D0EB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 161cfc07d4372b4f91d790e984c96cab9b67171a26ec4324f677fbaa3a429048
Instruction ID: e49f302a25271c7ac3816de4f1782a724c02ec216c230a78ba32f49f66f75e14
Opcode Fuzzy Hash: 161cfc07d4372b4f91d790e984c96cab9b67171a26ec4324f677fbaa3a429048
Instruction Fuzzy Hash: 4A617B3180120DABCF05EBE4D996AEDB7B9FF15300F204165E512B7191EB34AF89CB61

Function 0082ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0082ED91
EmptyClipboard.USER32 ref: 0082ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 0082EDAC
CloseClipboard.USER32 ref: 0082EEA3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 3bcd0783a50432ccf3d0753468cd39f40426e13fffae51f504e4fffc7c0f9ee6
Instruction ID: 3ff1f48c32f14d47a0e6de395c9607a1fd91ef17d9bb7008202ec32c13f61d73
Opcode Fuzzy Hash: 3bcd0783a50432ccf3d0753468cd39f40426e13fffae51f504e4fffc7c0f9ee6
Instruction Fuzzy Hash: FC419D39205621AFD720DF19E888B29BBE5FF45318F15C099E419CB762C779EC81CB94

Function 0081E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 008116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
Part of subcall function 008116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
Part of subcall function 008116C3: GetLastError.KERNEL32 ref: 0081174A

ExitWindowsEx.USER32(?,00000000), ref: 0081E932

Strings

@, xrefs: 0081E925
SeShutdownPrivilege, xrefs: 0081E902
, xrefs: 0081E920
, xrefs: 0081E95C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: cb0c26ebf1a2fffccbd555dfa1ff09c2477707705d2a957453906c707ef07568
Instruction ID: f05e902cbe1d76b5fab7efaa79a9f1252d2d62bb1f6d34d90c7d2a4b6a704466
Opcode Fuzzy Hash: cb0c26ebf1a2fffccbd555dfa1ff09c2477707705d2a957453906c707ef07568
Instruction Fuzzy Hash: 2A014932A10315ABEB5426B8AC8AFFF765CFF18744F150422FD13E21D1D6A55CC085A0

Function 00831204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00831276
WSAGetLastError.WSOCK32 ref: 00831283
bind.WSOCK32(00000000,?,00000010), ref: 008312BA
WSAGetLastError.WSOCK32 ref: 008312C5
closesocket.WSOCK32(00000000), ref: 008312F4
listen.WSOCK32(00000000,00000005), ref: 00831303
WSAGetLastError.WSOCK32 ref: 0083130D
closesocket.WSOCK32(00000000), ref: 0083133C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: 29a7206ac2e6b3cc96c30922d75d707f2dd61475ed1625ae6a819706081f3637
Instruction ID: 1d610b6c898d3fec574b7a19f6f0ba50f2cf742c680a281f7d56ebe111381221
Opcode Fuzzy Hash: 29a7206ac2e6b3cc96c30922d75d707f2dd61475ed1625ae6a819706081f3637
Instruction Fuzzy Hash: 02417F356001009FDB10DF64C488B6ABBE5FF86718F188198E856DF296C775ED81CBE1

Function 0081D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2

Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A

FindFirstFileW.KERNEL32(?,?), ref: 0081D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 0081D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 0081D481
FindClose.KERNEL32(00000000), ref: 0081D498
FindClose.KERNEL32(00000000), ref: 0081D4A1

Strings

\*.*, xrefs: 0081D3F2

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 668c281f38bdd11c30c64302713d9bd508da6a8178a1e134c198521e0c9b8287
Instruction ID: 46a68ffa8539213f2c77d5263a435ddde62a08f5216d3627c91567542c066943
Opcode Fuzzy Hash: 668c281f38bdd11c30c64302713d9bd508da6a8178a1e134c198521e0c9b8287
Instruction Fuzzy Hash: 3A319C71009355ABC300EF64C899AEFB7ECBE92304F444A1DF5E593191EB34AA49CB67

Function 007EE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 007EE645

Strings

1#SNAN, xrefs: 007EF844
1#IND, xrefs: 007EF83D
1#INF, xrefs: 007EF852
1#QNAN, xrefs: 007EF84B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: bc57be55b44c0240b66c3747f25bed99f292ed244f8c71cab34a3e7298901e05
Instruction ID: ff0a9df85205f84eb1eb104872bac5011a686f8a6c19bdb6e1503f1d18d1af3d
Opcode Fuzzy Hash: bc57be55b44c0240b66c3747f25bed99f292ed244f8c71cab34a3e7298901e05
Instruction Fuzzy Hash: B0C27B72E066688FDB25CF29CD407EAB7B5EB48305F1445EAD84DE7241E778AE818F40

Function 0082648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 008264DC
CoInitialize.OLE32(00000000), ref: 00826639
CoCreateInstance.OLE32(0084FCF8,00000000,00000001,0084FB68,?), ref: 00826650
CoUninitialize.OLE32 ref: 008268D4

Strings

.lnk, xrefs: 008264BA, 00826524, 008265E0

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: f893096d4e7322b891f1f0eef19796161fb3015edb03fc595b929e2a869b9737
Instruction ID: 4677cc5c1f57fbde6181ca4938c1c62aecb4db10334f93fadb96429c1f53431a
Opcode Fuzzy Hash: f893096d4e7322b891f1f0eef19796161fb3015edb03fc595b929e2a869b9737
Instruction Fuzzy Hash: C8D15871508211AFC304EF24C885AABB7E8FF98704F14496DF595CB2A1EB34ED45CBA2

Function 008322DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 008322E8

Part of subcall function 0082E4EC: GetWindowRect.USER32(?,?), ref: 0082E504

GetDesktopWindow.USER32 ref: 00832312
GetWindowRect.USER32(00000000), ref: 00832319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00832355
GetCursorPos.USER32(?), ref: 00832381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008323DF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: f06ed5bdcac63c6205850c3c8191deb3677bd4343c5f01638555030887f8093e
Instruction ID: 946e2557c38b3416bf38cb2bbc364231dc1a472b907eadae8f6ae49a9e72cdea
Opcode Fuzzy Hash: f06ed5bdcac63c6205850c3c8191deb3677bd4343c5f01638555030887f8093e
Instruction Fuzzy Hash: 6C31EB72505315ABD720DF18C848A9BBBADFFC9314F000A19F985D7291DB34EA08CBD2

Function 00829B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00829B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00829C8B

Part of subcall function 00823874: GetInputState.USER32 ref: 008238CB
Part of subcall function 00823874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00823966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00829BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00829C75

Strings

*.*, xrefs: 00829B5D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 8d6dd3521b0e469653de16e939843667445395c3c7d063fb045469a66e6013e0
Instruction ID: 4a4664865148f167111ad4607857d5179e4b70d8b033192ae8a2877702140989
Opcode Fuzzy Hash: 8d6dd3521b0e469653de16e939843667445395c3c7d063fb045469a66e6013e0
Instruction Fuzzy Hash: 3F418E7190021AAFDF55DF64D889AEEBBB8FF05310F24405AE855E2291EB349E84CF60

Function 007C997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 007C9A4E
GetSysColor.USER32(0000000F), ref: 007C9B23
SetBkColor.GDI32(?,00000000), ref: 007C9B36

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 25d334b42d0d155e1977b6d2f3a241c4b62233b5837774586cd6a0791387cd1b
Instruction ID: 250f5027b649dc180fd2d61af20620e28a309c606707483054bb19aef8032d35
Opcode Fuzzy Hash: 25d334b42d0d155e1977b6d2f3a241c4b62233b5837774586cd6a0791387cd1b
Instruction Fuzzy Hash: 27A127B1609444BEE7B5AA2C8C4DF7F2B9DFB42340B15811DF212D66D1CA29AD01D376

Function 00831806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0083304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
Part of subcall function 0083304E: _wcslen.LIBCMT ref: 0083309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0083185D
WSAGetLastError.WSOCK32 ref: 00831884
bind.WSOCK32(00000000,?,00000010), ref: 008318DB
WSAGetLastError.WSOCK32 ref: 008318E6
closesocket.WSOCK32(00000000), ref: 00831915

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: d643066a3f3dfbbcfcfef5ab8d7823a607e92763bd3d5455d51584a6bad5b97c
Instruction ID: 908772a10ccc822ab6519cbdc44b03cba4dc68ec11ef0de54987b4f9a4fd0b4f
Opcode Fuzzy Hash: d643066a3f3dfbbcfcfef5ab8d7823a607e92763bd3d5455d51584a6bad5b97c
Instruction Fuzzy Hash: BC519175A00200AFDB10AF24C88AF6A77E5EB85718F08849CF9069F393C775AD41CBE1

Function 00841C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00841CC0
IsWindowEnabled.USER32 ref: 00841CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00841CDB
IsIconic.USER32 ref: 00841CE9
IsZoomed.USER32 ref: 00841CF7

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: ecd43e7d4e7dbb4b37fb103c6017dc3d56f94fbd475ec9ee2296612c1daf15b4
Instruction ID: b6cf2a1207dfd86d62ba0327f0e5ecbda89ab54a4ea887ae4226030dd16777e2
Opcode Fuzzy Hash: ecd43e7d4e7dbb4b37fb103c6017dc3d56f94fbd475ec9ee2296612c1daf15b4
Instruction Fuzzy Hash: 5C21D3317412159FDB208F1ADC88B6A7BE9FF95315B198058E84ACB351C775DC82CB90

Function 007B8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 007F5DF0
VUUU, xrefs: 007B83E8
VUUU, xrefs: 007B83FA
ERCP, xrefs: 007B813C
VUUU, xrefs: 007B843C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 4e26d3e98fa97253bf5ee3e623b83e6f72ca883769504f5c79c6217fe26746d2
Instruction ID: a935b0329c206711c9a0025703c797e44efb9536168389ab3c51ab5513a98be9
Opcode Fuzzy Hash: 4e26d3e98fa97253bf5ee3e623b83e6f72ca883769504f5c79c6217fe26746d2
Instruction Fuzzy Hash: 8CA24A70A0021ECBDF64CF58C8407FDB7B5BB54314F2481AAEA15AB385EB789D81DB91

Function 0081AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0081AAAC
SetKeyboardState.USER32(00000080), ref: 0081AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0081AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0081AB88

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 595f3f1a9d7b8a444da205aa039bcf3af491694b3e74a3d8ac1a3cd6b893f401
Instruction ID: c888791674a9e236ec8f1967d991f9ed7eb46355b3642917957b297c6a71b242
Opcode Fuzzy Hash: 595f3f1a9d7b8a444da205aa039bcf3af491694b3e74a3d8ac1a3cd6b893f401
Instruction Fuzzy Hash: 66312570A46288AEEB38CA68CC05BFA7BAEFF55330F04421AF081D21D1D37589C1C762

Function 007EBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007EBB7F

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

GetTimeZoneInformation.KERNEL32 ref: 007EBB91
WideCharToMultiByte.KERNEL32(00000000,?,0088121C,000000FF,?,0000003F,?,?), ref: 007EBC09
WideCharToMultiByte.KERNEL32(00000000,?,00881270,000000FF,?,0000003F,?,?,?,0088121C,000000FF,?,0000003F,?,?), ref: 007EBC36

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: c6865c5d94ada38534294776684d01a3b469161e2e2a9aff7a3b85d23a3539b8
Instruction ID: 5fe1aabd7d025a8043cc766793f5e1ddcd020e1f17c44333d3771d6bf617c662
Opcode Fuzzy Hash: c6865c5d94ada38534294776684d01a3b469161e2e2a9aff7a3b85d23a3539b8
Instruction Fuzzy Hash: 2031B270909285DFCB11DF6ADC8586ABFBCFF49750B24426AE060D72B1DB349D02CB60

Function 0082CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 0082CE89
GetLastError.KERNEL32(?,00000000), ref: 0082CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 0082CEFE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 178b6b28b62f1882852aed5dcf1e4e69b92e8834a4f05b4c9d982a0236625ccb
Instruction ID: 6f6587535dbbc486be53583dfd6afe318078846b70efbf08eff17e4576e6b68f
Opcode Fuzzy Hash: 178b6b28b62f1882852aed5dcf1e4e69b92e8834a4f05b4c9d982a0236625ccb
Instruction Fuzzy Hash: 9221BDB5500715EBDB20DFA5E948BAABBFCFB10358F10441EE546D2251EBB4EE84CB60

Function 00818298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 008182AA

Strings

(, xrefs: 008182F0
|, xrefs: 008182DA

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: d6ae90395ee45484e27afbd9b5a1d75dd5731fabd0038ce3bcbf77aa9f396867
Instruction ID: 5eaab2fcd789cc79e39935a399d08f09eba5375629fe6b5693ed5cfe750dcbfb
Opcode Fuzzy Hash: d6ae90395ee45484e27afbd9b5a1d75dd5731fabd0038ce3bcbf77aa9f396867
Instruction Fuzzy Hash: F2323674A00605DFC728CF59C481AAAB7F4FF48710B15C56EE59ADB3A1EB70E981CB40

Function 00825C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00825CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00825D17
FindClose.KERNEL32(?), ref: 00825D5F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 5feb721cd0d2887cc0e539f5560e984ec56bd50ed11870745d78fa531f533505
Instruction ID: 6df17040c9e66a1c8680cb9c55f272c90e0555d0cbd79a566c0745b7dcbe5cce
Opcode Fuzzy Hash: 5feb721cd0d2887cc0e539f5560e984ec56bd50ed11870745d78fa531f533505
Instruction Fuzzy Hash: B751A835600A019FC314CF28D498A9AB7E4FF09324F14856EE95ACB3A2DB30ED44CB91

Function 007E2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 007E271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 007E2724
UnhandledExceptionFilter.KERNEL32(?), ref: 007E2731

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: f68e90561578566727a515d9ac1b0daa53820a25b9be3f7011eae8c659cc66e2
Instruction ID: 5d86e878b77766ebb493418cda938315fa509f17597ee868deb348b428ef05e6
Opcode Fuzzy Hash: f68e90561578566727a515d9ac1b0daa53820a25b9be3f7011eae8c659cc66e2
Instruction Fuzzy Hash: E731B5749112189BCB21DF65DC8979DB7B8BF08310F5051EAE41CA7261E7749F818F45

Function 008251CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 008251DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00825238
SetErrorMode.KERNEL32(00000000), ref: 008252A1

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 2b0692dae3f1f9ce0686b25e9d852877d35d938df9b19c9199f5fa9b128b322b
Instruction ID: c4de5d7ea6e1350daeb794baad217fa1f8004e41ff578703a452271caeb71127
Opcode Fuzzy Hash: 2b0692dae3f1f9ce0686b25e9d852877d35d938df9b19c9199f5fa9b128b322b
Instruction Fuzzy Hash: 59314C75A00618DFDB00DF54D888FADBBB4FF49314F188099E805AB3A2DB35E855CBA0

Function 008116C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 007CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007D0668
Part of subcall function 007CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007D0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
GetLastError.KERNEL32 ref: 0081174A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 0bfc823786314b777ad8f0ea81c1ae94f34fa848e9eab74611b62b67b861bd68
Instruction ID: f7cd3a7242af2bcf2d2a55666ae5422cc402c3e67f6dbe3de8abae2f4addbac2
Opcode Fuzzy Hash: 0bfc823786314b777ad8f0ea81c1ae94f34fa848e9eab74611b62b67b861bd68
Instruction Fuzzy Hash: 551191B2514309AFD7189F54DC8AEAAB7FDFF44714B20852EE05697291EB70BC81CA60

Function 0081D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0081D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0081D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0081D650

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 319d748bb5250c71a25b3e58894f324e38fe24736270b03d370dfbf4277e347b
Instruction ID: f3f2bb63242efa200f1e517f08d0b503c876247f0c0a7397c7dc75484ce963fd
Opcode Fuzzy Hash: 319d748bb5250c71a25b3e58894f324e38fe24736270b03d370dfbf4277e347b
Instruction Fuzzy Hash: 6D113C75E05228BBDB208F95AC45FAFBBBCFB45B50F108115F904E7290D6B05A058BA1

Function 00811663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0081168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008116A1
FreeSid.ADVAPI32(?), ref: 008116B1

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 94dff07213445ce5295e3b454c0b67d7a673cc707522e444821643eb7e9a5e2f
Instruction ID: 08d28467e565838e88e6f329e6d717e97354cf708979bf115c6e85bb70eed289
Opcode Fuzzy Hash: 94dff07213445ce5295e3b454c0b67d7a673cc707522e444821643eb7e9a5e2f
Instruction Fuzzy Hash: 03F0F475A51309FBDF00DFE49C89AAEBBBCFB08605F504965E501E2181E774AA448A54

Function 0080D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 0080D28C

Strings

X64, xrefs: 0080D2A8

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 8998da5bf2991af5f2767e73466c3d83431398e75e884cddccf48fd72909cc2b
Instruction ID: cc6a150767ee1976015c787b84510d26dad30c984967cd4fba8fc478e37ba1a9
Opcode Fuzzy Hash: 8998da5bf2991af5f2767e73466c3d83431398e75e884cddccf48fd72909cc2b
Instruction Fuzzy Hash: 6DD0C9B480211DEBCB90CB90DC88DD9B37CBB14305F100155F106E2040D77495488F10

Function 007DCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 887e2f7fe43384356b54a913814697f260e245b0739f1c841e5ba9d30cee4775
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: 01022E72E0011A9FDF15CFA9C9806ADFBF1EF48314F25826AD919E7384D735A941CB90

Function 008268EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00826918
FindClose.KERNEL32(00000000), ref: 00826961

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: d4008379dc71207df22c81a74ea5ca8931991878c9caed257a498b8bf5e93bb0
Instruction ID: 8d9f7b6728609dea5a29e02c43d6058468cee4ae1b73bef59749d778be6a30b3
Opcode Fuzzy Hash: d4008379dc71207df22c81a74ea5ca8931991878c9caed257a498b8bf5e93bb0
Instruction Fuzzy Hash: 6E11D0356042109FC710CF29D488A26BBE4FF85328F04C699F4698F2A2DB74EC85CB90

Function 008237B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00834891,?,?,00000035,?), ref: 008237E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00834891,?,?,00000035,?), ref: 008237F4

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: bf92905cec17bc47c5f5f396646061b3c8abd7085f8e20571bffa2964c115564
Instruction ID: 0240b8c5be96d6e16e1d173495479ba12d2fcb4ac3bf872b37bc19bf9cff9491
Opcode Fuzzy Hash: bf92905cec17bc47c5f5f396646061b3c8abd7085f8e20571bffa2964c115564
Instruction Fuzzy Hash: 8CF0E5B46052286BEB6017B69C4DFEB3AAEFFC5761F000275F609D2291D9A09944C6B0

Function 0081B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0081B25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0081B270

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 5db047f0597291159f2de79dea8ca5d0c18c9bf2f3ff2f60f4c04fb9cef8336a
Instruction ID: 7c6ee300b6d925419e4cad1608e8953ad65c99901dd41ff6ae06468f9a391c97
Opcode Fuzzy Hash: 5db047f0597291159f2de79dea8ca5d0c18c9bf2f3ff2f60f4c04fb9cef8336a
Instruction Fuzzy Hash: 44F01D7590424DABDB159FA4C805BEE7BB4FF05309F008009F955E6191C3798655DF94

Function 008110BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008111FC), ref: 008110D4
CloseHandle.KERNEL32(?,?,008111FC), ref: 008110E9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 8acd8b9fe8228e3fbe09e7bb375cd6c6e21ee067118e2a098458220658e6f66a
Instruction ID: da4ea6254f5ed1069c50aabcededfb4646f32e9f73926cff854c1498d39e5e1c
Opcode Fuzzy Hash: 8acd8b9fe8228e3fbe09e7bb375cd6c6e21ee067118e2a098458220658e6f66a
Instruction Fuzzy Hash: E1E0BF76115A10EEE7652F51FC09F7777ADFF05310B14882EF5A6804B1DB626C90DB50

Function 007BCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00800C40

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: 0737545edb8471297625bae86863010f95fe8268c84d6ab0aac056d78fd80f44
Instruction ID: 24e2820227c6b8a1d3c4fdf88ff481ce9e6762616b0c1629da2b38e240bfb3cc
Opcode Fuzzy Hash: 0737545edb8471297625bae86863010f95fe8268c84d6ab0aac056d78fd80f44
Instruction Fuzzy Hash: 3C329C74A00218DFDF15DF94C895BEDBBB5FF05304F248069E806AB292DB79AE45CB60

Function 007E676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007E6766,?,?,00000008,?,?,007EFEFE,00000000), ref: 007E6998

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 5ca036b4220c24f7424240c83599b118ca6fc22fbe4620ebff5dfae822c63a24
Instruction ID: 3afdcb59fc3100b23658443fa656ca690f740d629dd42764941fd857d91f3ac1
Opcode Fuzzy Hash: 5ca036b4220c24f7424240c83599b118ca6fc22fbe4620ebff5dfae822c63a24
Instruction Fuzzy Hash: B5B169716116488FD719CF29C48AB647BE0FF193A4F25C65CE899CF2A2C339E981CB40

Function 007CB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 0080851F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a78dbb6819c49db2e9e7052a271377b9271305f6dbbce470e46382db87fa63f1
Instruction ID: 66cdfa7cca44f0f9bc7b66500fdac595c8993bcf01a90416ba66c63356266075
Opcode Fuzzy Hash: a78dbb6819c49db2e9e7052a271377b9271305f6dbbce470e46382db87fa63f1
Instruction Fuzzy Hash: F9123E71900229DFDB54CF58C881BEEB7B5FF48710F15819AE849EB295EB349A81CF90

Function 0082EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 0082EABD

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: aa56408e5682c4cb4dbeaf8db820746673cd235f66a32d49cedb923d0559c82f
Instruction ID: 1dda23cd55a898d8b9141e4f57ee34f6e77e6bc6c0041d0528a3ea8aa1b0bc32
Opcode Fuzzy Hash: aa56408e5682c4cb4dbeaf8db820746673cd235f66a32d49cedb923d0559c82f
Instruction Fuzzy Hash: 2EE012752002149FC710DF59D404E9AB7EDFF69760F00841AFC4AC7251D674A8408B91

Function 007D09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007D03EE), ref: 007D09DA

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: eddd58dab075fd5e131effaa5bc80b888fcc747710d51c99b6f562efa945445e
Instruction ID: 0ed1eb06eb66f68bd871d8577a5c3774b430488172c0f00202e36d148d87abaf
Opcode Fuzzy Hash: eddd58dab075fd5e131effaa5bc80b888fcc747710d51c99b6f562efa945445e
Instruction Fuzzy Hash:

Function 007D781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 007D798B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 524fc1e03a5d6f68f95409f4f15ad6012ac6d82fca642812d005cce6c09e7a18
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: E451677260C7459BDB3C856888AE7BE67B99B52300F18050BD886DB382F61DEE41E356

Function 007E6DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf789f8af10a6d13a9d3ec2a9702d2ad4439d26ada26f9f74d990df3287c30cc
Instruction ID: ba2920f483475723c66805b7642280a74f2461043f9b3179ad6762511c073cda
Opcode Fuzzy Hash: cf789f8af10a6d13a9d3ec2a9702d2ad4439d26ada26f9f74d990df3287c30cc
Instruction Fuzzy Hash: 05322322D2AF814DD7279635D8223356259BFBB3C6F14D737E81AB59A6EF2DC4838100

Function 007CCC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fb6ebf565cb25174ace8702e73a4b02b6677d437b689461c7150179e2648bd8
Instruction ID: fd448adea62279b9153319ff48474851b6d5eaa88ec86510d29cbf7b4d251a43
Opcode Fuzzy Hash: 3fb6ebf565cb25174ace8702e73a4b02b6677d437b689461c7150179e2648bd8
Instruction Fuzzy Hash: 51320232A041198BDF79CF29C894B7D7BA1FB45314F28826ED89ACB2D1D234DD81DB51

Function 007B7920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 521293262bbeafdb4d815ac79e479a4abd26691d79e3c04132e44ab9c30885a2
Instruction ID: da360f733b950ba6777d4032e7b28461b65de1e4ef6be1d49fea559222a024f3
Opcode Fuzzy Hash: 521293262bbeafdb4d815ac79e479a4abd26691d79e3c04132e44ab9c30885a2
Instruction Fuzzy Hash: 8A228EB0A04609DFDF14DF68D885BEEB7B6FF44300F204529E916AB391EB39A951CB50

Function 007B91C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33de26385668d8461dce66500748765c2dd9077ae83f088181d613008c4f1d72
Instruction ID: 477fbd10c624b78aaea92dedf39f93e414dec230005efe4a9c4e0056ba7d6ba4
Opcode Fuzzy Hash: 33de26385668d8461dce66500748765c2dd9077ae83f088181d613008c4f1d72
Instruction Fuzzy Hash: 1E02A7B1E00209EBDB14DF64D885BBDB7B5FF44300F108169EA169B3A1EB39DA50DB91

Function 007E9EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf81f42ef7b0397818b8064c40af0fdcf99f19b227230f2396317225a808119
Instruction ID: 9369cbbd8c18c3eef5974c26225465263018a679ea9a2286a9b3b2376b0af720
Opcode Fuzzy Hash: fcf81f42ef7b0397818b8064c40af0fdcf99f19b227230f2396317225a808119
Instruction Fuzzy Hash: 31B1F020D2AF414DC62396399831336B75CBFBB6D6F91D31BFC2674E22EB2686834140

Function 007D1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: ad58c1e606bf26f58a887eac6606d20549147af21a86469759dc06de5e240761
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: B79176722090E35ADB29463E857403EFFF15A923A235A079FD4F2CA3C5FE28D954D620

Function 007D1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 8f2028f9bc27fce677bd02f5cf124f41e5b8e23481cceb1df10d1fc05fd0e4d0
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: 0E9169722090E349DB6D4339857403DFFF15AA23A131A479FE4F2CB2C6EE29D556D620

Function 007D19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: ab9bc2a21a5880f6d25682787912b68eecbb869972b73ae910fe2b26a87cdbd3
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: B89154722090E35ADB2D427A857403EFFF15A923A239A479FD4F2CA2C5FE28D554D620

Function 007D7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7254075197c6e3f3e73751c42fe2aa758b471049a743cdbfcae28d361e71a25
Instruction ID: 62142cea7ef744e1fbfd2ac3c34bec2f5e6f6d0a64d72cc962736b87afec309a
Opcode Fuzzy Hash: f7254075197c6e3f3e73751c42fe2aa758b471049a743cdbfcae28d361e71a25
Instruction Fuzzy Hash: 44614BB120874996DA3C5A2C8D96BBE23B8DF81700F14491FE846DB381F61DDE42C366

Function 007D7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dce13b0d871eef399c94097beece11b31ebd49e1a40d3b04c283d1cab66b3997
Instruction ID: 7b32e13d9d46272207342d8e12e924cb833b0b7b50492969595cfd25d5115b8d
Opcode Fuzzy Hash: dce13b0d871eef399c94097beece11b31ebd49e1a40d3b04c283d1cab66b3997
Instruction Fuzzy Hash: 39616A7170870996DE3C4A288896BBF63B6DF42704F14095BE983DB381FA1EED42C256

Function 007D1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 893de2ce9f4573d324b55c64d80b79c86ea1fd9f15ab7398311d744167746b4a
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: F78163726090E319EB6D827A853443EFFF15A923B135A079FD4F2CA2D1EE289554E620

Function 00822046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06113e9d275bb668a73157ddaa1f1c24ed544c7273796778d8a9c7839bba3a06
Instruction ID: 3f57fcf30c17d3eedcbaa1ce4a44b30b1f8cd67a3bdae20d0beae84e3e6f6985
Opcode Fuzzy Hash: 06113e9d275bb668a73157ddaa1f1c24ed544c7273796778d8a9c7839bba3a06
Instruction Fuzzy Hash: D621A8326206218BD728CE79C81267A73E5FB64310F15862EE4A7C77D0DE35A944CB40

Function 00832ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00832B30
DeleteObject.GDI32(00000000), ref: 00832B43
DestroyWindow.USER32 ref: 00832B52
GetDesktopWindow.USER32 ref: 00832B6D
GetWindowRect.USER32(00000000), ref: 00832B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00832CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00832CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832CF8
GetClientRect.USER32(00000000,?), ref: 00832D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00832D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D80
GlobalLock.KERNEL32(00000000), ref: 00832D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D98
GlobalUnlock.KERNEL32(00000000), ref: 00832DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DA8
GlobalFree.KERNEL32(00000000), ref: 00832DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,0084FC38,00000000), ref: 00832DDB
GlobalFree.KERNEL32(00000000), ref: 00832DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00832E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00832E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0083303F

Strings

AutoIt v3, xrefs: 00832CF2
, xrefs: 00832FC5
DISPLAY, xrefs: 00832EA2
static, xrefs: 00832D3A, 00832E91

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 2a1f81974851d170d5cb5ae9df6e1c74a47469bf538cd2e2d4c790d7e437515e
Instruction ID: de225b8e1bb19c54a2fe0a37a6454395ce4765346d593baaa9a1e32bbebf032e
Opcode Fuzzy Hash: 2a1f81974851d170d5cb5ae9df6e1c74a47469bf538cd2e2d4c790d7e437515e
Instruction Fuzzy Hash: 64024975500218EFDB24DF68CC89EAE7BB9FF49710F048558F915EB2A1DB74A901CBA0

Function 008470D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 0084712F
GetSysColorBrush.USER32(0000000F), ref: 00847160
GetSysColor.USER32(0000000F), ref: 0084716C
SetBkColor.GDI32(?,000000FF), ref: 00847186
SelectObject.GDI32(?,?), ref: 00847195
InflateRect.USER32(?,000000FF,000000FF), ref: 008471C0
GetSysColor.USER32(00000010), ref: 008471C8
CreateSolidBrush.GDI32(00000000), ref: 008471CF
FrameRect.USER32(?,?,00000000), ref: 008471DE
DeleteObject.GDI32(00000000), ref: 008471E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00847230
FillRect.USER32(?,?,?), ref: 00847262
GetWindowLongW.USER32(?,000000F0), ref: 00847284

Part of subcall function 008473E8: GetSysColor.USER32(00000012), ref: 00847421
Part of subcall function 008473E8: SetTextColor.GDI32(?,?), ref: 00847425
Part of subcall function 008473E8: GetSysColorBrush.USER32(0000000F), ref: 0084743B
Part of subcall function 008473E8: GetSysColor.USER32(0000000F), ref: 00847446
Part of subcall function 008473E8: GetSysColor.USER32(00000011), ref: 00847463
Part of subcall function 008473E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00847471
Part of subcall function 008473E8: SelectObject.GDI32(?,00000000), ref: 00847482
Part of subcall function 008473E8: SetBkColor.GDI32(?,00000000), ref: 0084748B
Part of subcall function 008473E8: SelectObject.GDI32(?,?), ref: 00847498
Part of subcall function 008473E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008474B7
Part of subcall function 008473E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008474CE
Part of subcall function 008473E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008474DB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 10ee9c17faaabc063ab7e1356e31aab080272d9ebd1674a953e482da728a5e3d
Instruction ID: 765c7c820242e0881352ec17fa747d780afdc7684f34830b6d3cf1ea659bc5ac
Opcode Fuzzy Hash: 10ee9c17faaabc063ab7e1356e31aab080272d9ebd1674a953e482da728a5e3d
Instruction Fuzzy Hash: 23A1AF76009315AFDB509F64DC48E6BBBA9FF8A320F100A19F962E61E1D770E944CB91

Function 007C8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 007C8E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00806AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00806AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00806F43

Part of subcall function 007C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C8BE8,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8FC5

SendMessageW.USER32(?,00001053), ref: 00806F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00806F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00806FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00806FB7

Strings

0, xrefs: 00806DCF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: d719e92253906da0e560665713dace305ba87b8fcdd02875513b461ea5d46841
Instruction ID: 7f3433964298a26378854a6256eb689d9390172b6443fa529c02fe2b8930344c
Opcode Fuzzy Hash: d719e92253906da0e560665713dace305ba87b8fcdd02875513b461ea5d46841
Instruction Fuzzy Hash: 9912AC34201211DFDBA5CF28CC58BA9BBE5FF45310F54446DE495CB2A2DB35E862CB92

Function 00832711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 0083273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0083286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008328A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008328B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00832900
GetClientRect.USER32(00000000,?), ref: 0083290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00832955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00832964
GetStockObject.GDI32(00000011), ref: 00832974
SelectObject.GDI32(00000000,00000000), ref: 00832978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00832988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00832991
DeleteDC.GDI32(00000000), ref: 0083299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008329C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 008329DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00832A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00832A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00832A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00832A77
GetStockObject.GDI32(00000011), ref: 00832A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00832A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00832A97

Strings

AutoIt v3, xrefs: 008328F8
DISPLAY, xrefs: 0083295A
msctls_progress32, xrefs: 00832A13
static, xrefs: 0083294F, 00832A71

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 42f6ab8db8f57951d15bfa8142149586d7703f832eb4af3d780732a282b74bc1
Instruction ID: e3b379803e14e7dd318039e1bb2d1dc92b6d133347857f5bce554b731aef1237
Opcode Fuzzy Hash: 42f6ab8db8f57951d15bfa8142149586d7703f832eb4af3d780732a282b74bc1
Instruction Fuzzy Hash: F3B16C75A00219AFEB14DFA8CC4AFAE7BA9FB48714F008514F915E7290DB74ED40CBA0

Function 00824ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00824AED
GetDriveTypeW.KERNEL32(?,0084CB68,?,\\.\,0084CC08), ref: 00824BCA
SetErrorMode.KERNEL32(00000000,0084CB68,?,\\.\,0084CC08), ref: 00824D36

Strings

Network, xrefs: 00824C02
SSD, xrefs: 00824C4A
USB, xrefs: 00824CB4
RAID, xrefs: 00824CBB
CDROM, xrefs: 00824BFB
SCSI, xrefs: 00824C8A
RAMDisk, xrefs: 00824BF4
Virtual, xrefs: 00824CE5
Unknown, xrefs: 00824BED, 00824C83
SATA, xrefs: 00824CD0
Fibre, xrefs: 00824CAD
Fixed, xrefs: 00824C09
1394, xrefs: 00824C9F
SAS, xrefs: 00824CC9
PhysicalDrive, xrefs: 00824B76
SSA, xrefs: 00824CA6
ATA, xrefs: 00824C98
iSCSI, xrefs: 00824CC2
ATAPI, xrefs: 00824C91
\\.\, xrefs: 00824B3F
Removable, xrefs: 00824C10, 00824C15
FileBackedVirtual, xrefs: 00824CEC
MMC, xrefs: 00824CDE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 57628564f60d5b832ac0b273d8f380e5ed4549c85789049cedcb031ef6817ec2
Instruction ID: 71ac7bcd1eace9da5b23383f833b7ba123e9ec81be9bf7a821a97e2da5ada5ee
Opcode Fuzzy Hash: 57628564f60d5b832ac0b273d8f380e5ed4549c85789049cedcb031ef6817ec2
Instruction Fuzzy Hash: CE610630601619DBCB14DF68DA85DAC7BA0FF44304B249016F81AEB396EB3ADDD1DB61

Function 008473E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00847421
SetTextColor.GDI32(?,?), ref: 00847425
GetSysColorBrush.USER32(0000000F), ref: 0084743B
GetSysColor.USER32(0000000F), ref: 00847446
CreateSolidBrush.GDI32(?), ref: 0084744B
GetSysColor.USER32(00000011), ref: 00847463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00847471
SelectObject.GDI32(?,00000000), ref: 00847482
SetBkColor.GDI32(?,00000000), ref: 0084748B
SelectObject.GDI32(?,?), ref: 00847498
InflateRect.USER32(?,000000FF,000000FF), ref: 008474B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008474CE
GetWindowLongW.USER32(00000000,000000F0), ref: 008474DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0084752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00847554
InflateRect.USER32(?,000000FD,000000FD), ref: 00847572
DrawFocusRect.USER32(?,?), ref: 0084757D
GetSysColor.USER32(00000011), ref: 0084758E
SetTextColor.GDI32(?,00000000), ref: 00847596
DrawTextW.USER32(?,008470F5,000000FF,?,00000000), ref: 008475A8
SelectObject.GDI32(?,?), ref: 008475BF
DeleteObject.GDI32(?), ref: 008475CA
SelectObject.GDI32(?,?), ref: 008475D0
DeleteObject.GDI32(?), ref: 008475D5
SetTextColor.GDI32(?,?), ref: 008475DB
SetBkColor.GDI32(?,?), ref: 008475E5

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: d3cf065a283503f6623c3425484309ed5ff45f5d45476a826bfaa7abf5e2b2d0
Instruction ID: d6224014a002ad7f0ff79dc7d5a2697c23b377326337c4872d921a66a2239604
Opcode Fuzzy Hash: d3cf065a283503f6623c3425484309ed5ff45f5d45476a826bfaa7abf5e2b2d0
Instruction Fuzzy Hash: 35616A76901218AFDF119FA4DC49EAEBFB9FB09320F118115F915BB2A1D7749940CF90

Function 00840FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00841128
GetDesktopWindow.USER32 ref: 0084113D
GetWindowRect.USER32(00000000), ref: 00841144
GetWindowLongW.USER32(?,000000F0), ref: 00841199
DestroyWindow.USER32(?), ref: 008411B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008411ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0084120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0084121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00841232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00841245
IsWindowVisible.USER32(00000000), ref: 008412A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008412BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008412D0
GetWindowRect.USER32(00000000,?), ref: 008412E8
MonitorFromPoint.USER32(?,?,00000002), ref: 0084130E
GetMonitorInfoW.USER32(00000000,?), ref: 00841328
CopyRect.USER32(?,?), ref: 0084133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 008413AA

Strings

0, xrefs: 008410D3
(, xrefs: 0084131B
tooltips_class32, xrefs: 008411E6

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: e8857675b455bb798727b58c8232ad6253c871286ebdd2fc2f01579275611c4e
Instruction ID: e02ff8c16b9035c6c8926b66873e34a28ab9ef6b6d0ff0dfadcbe4f19a749648
Opcode Fuzzy Hash: e8857675b455bb798727b58c8232ad6253c871286ebdd2fc2f01579275611c4e
Instruction Fuzzy Hash: 2AB17D71604345AFDB54DF64C888BAABBE4FF89354F00891CF999DB261C771E844CB92

Function 007C8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C8968
GetSystemMetrics.USER32(00000007), ref: 007C8970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C899B
GetSystemMetrics.USER32(00000008), ref: 007C89A3
GetSystemMetrics.USER32(00000004), ref: 007C89C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007C89E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007C89F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007C8A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007C8A3C
GetClientRect.USER32(00000000,000000FF), ref: 007C8A5A
GetStockObject.GDI32(00000011), ref: 007C8A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 007C8A81

Part of subcall function 007C912D: GetCursorPos.USER32(?), ref: 007C9141
Part of subcall function 007C912D: ScreenToClient.USER32(00000000,?), ref: 007C915E
Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000001), ref: 007C9183
Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000002), ref: 007C919D

SetTimer.USER32(00000000,00000000,00000028,007C90FC), ref: 007C8AA8

Strings

AutoIt v3 GUI, xrefs: 007C8A20

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 21bad5887a6951e8a429dd5ee04059b893e63cdd167a6a8df35df2c513903126
Instruction ID: 8293708309932ccce6a3c8c1b09fbdbb734a17a459b3c0ef6f2d911d929b5645
Opcode Fuzzy Hash: 21bad5887a6951e8a429dd5ee04059b893e63cdd167a6a8df35df2c513903126
Instruction Fuzzy Hash: 8FB18A75A0020AAFDF54DFA8CC49BAE7BB9FB48314F11422DFA15E7290DB34A851CB51

Function 00810D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
Part of subcall function 008110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
Part of subcall function 008110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
Part of subcall function 008110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00810DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00810E29
GetLengthSid.ADVAPI32(?), ref: 00810E40
GetAce.ADVAPI32(?,00000000,?), ref: 00810E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00810E96
GetLengthSid.ADVAPI32(?), ref: 00810EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00810EB5
HeapAlloc.KERNEL32(00000000), ref: 00810EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00810EDD
CopySid.ADVAPI32(00000000), ref: 00810EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00810F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00810F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00810F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F6E
HeapFree.KERNEL32(00000000), ref: 00810F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F7E
HeapFree.KERNEL32(00000000), ref: 00810F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F8E
HeapFree.KERNEL32(00000000), ref: 00810F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00810FA1
HeapFree.KERNEL32(00000000), ref: 00810FA8

Part of subcall function 00811193: GetProcessHeap.KERNEL32(00000008,00810BB1,?,00000000,?,00810BB1,?), ref: 008111A1
Part of subcall function 00811193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00810BB1,?), ref: 008111A8
Part of subcall function 00811193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00810BB1,?), ref: 008111B7

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 337e1eb813370e709417c086be5436925f92dabeff2125b56a97aef522fb7571
Instruction ID: 30cb46ac7d96d2665850688efda8f31fb9d5c29f5f0e013e73940b53b491ce77
Opcode Fuzzy Hash: 337e1eb813370e709417c086be5436925f92dabeff2125b56a97aef522fb7571
Instruction Fuzzy Hash: 9171487690120AABDB209FA5DC49BEEBBBCFF05300F044115E959E6191DB719A86CF60

Function 0083C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,0084CC08,00000000,?,00000000,?,?), ref: 0083C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0083C5A4
_wcslen.LIBCMT ref: 0083C5F4
_wcslen.LIBCMT ref: 0083C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0083C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0083C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0083C84D
RegCloseKey.ADVAPI32(?), ref: 0083C881
RegCloseKey.ADVAPI32(00000000), ref: 0083C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0083C960

Strings

REG_MULTI_SZ, xrefs: 0083C6F5
REG_EXPAND_SZ, xrefs: 0083C5CD
REG_DWORD, xrefs: 0083C804
REG_QWORD, xrefs: 0083C8C3
REG_SZ, xrefs: 0083C644
REG_BINARY, xrefs: 0083C913

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 9189e7f91001ef01aaaef177b6a18dd99e9e437b94bc11346e59622040e2aaaf
Instruction ID: 19cc5cd4c630f8493a62c4cc936dd02d9bf427eabe57c65402344910b4ec52a5
Opcode Fuzzy Hash: 9189e7f91001ef01aaaef177b6a18dd99e9e437b94bc11346e59622040e2aaaf
Instruction Fuzzy Hash: 5B123435604201DFCB14DF14C885B6AB7E5FF88714F14889DF89AAB2A2DB35ED41CB91

Function 0084091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 008409C6
_wcslen.LIBCMT ref: 00840A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00840A54
_wcslen.LIBCMT ref: 00840A8A
_wcslen.LIBCMT ref: 00840B06
_wcslen.LIBCMT ref: 00840B81

Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD

Part of subcall function 00812BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00812BFA

Strings

GETSELECTED, xrefs: 00840C4E
GETTEXT, xrefs: 00840C97
UNCHECK, xrefs: 00840D3E
GETTOTALCOUNT, xrefs: 008409F2, 00840A17
CHECK, xrefs: 00840A85, 00840AA0
EXPAND, xrefs: 00840BF8
ISCHECKED, xrefs: 00840CE1
EXISTS, xrefs: 00840B7C, 00840B97
GETITEMCOUNT, xrefs: 00840C1E
SELECT, xrefs: 00840D11
COLLAPSE, xrefs: 00840B01, 00840B1C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 11f5358184063a390b88f9988477ef12a53897d931eaff3219dbe8da420ec9e1
Instruction ID: 55e4d8eb6a3f4d9bfca4a3d644c7bafdb43ed57f86d5de9b5f2341458b66eb6f
Opcode Fuzzy Hash: 11f5358184063a390b88f9988477ef12a53897d931eaff3219dbe8da420ec9e1
Instruction Fuzzy Hash: 10E17831608305DFC714DF24C491A6AB7E2FF98318B14895DF99A9B3A2D734ED49CB82

Function 0083C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
_wcslen.LIBCMT ref: 0083C9F1
_wcslen.LIBCMT ref: 0083CA68
_wcslen.LIBCMT ref: 0083CA9E
_wcslen.LIBCMT ref: 0083CAF9
_wcslen.LIBCMT ref: 0083CB2F
_wcslen.LIBCMT ref: 0083CB7F

Strings

HKEY_USERS, xrefs: 0083CBDF
HKU, xrefs: 0083CBF0
HKLM, xrefs: 0083CA98, 0083CA9D
HKEY_CURRENT_USER, xrefs: 0083CBBD
HKEY_CLASSES_ROOT, xrefs: 0083CAF3, 0083CAF8
HKCR, xrefs: 0083CB29, 0083CB2E
HKEY_CURRENT_CONFIG, xrefs: 0083CB79, 0083CB7E
HKCC, xrefs: 0083CBAC
HKCU, xrefs: 0083CBCE
HKEY_LOCAL_MACHINE, xrefs: 0083CA62, 0083CA67

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 92ce81ddef22ef537d01200543781dbcbe4baa0aa70c0791b8ac7876f10f9fe2
Instruction ID: 9ca86d202b339990f141ed305aa969b5fbfacdef98adffa7c22e863867014045
Opcode Fuzzy Hash: 92ce81ddef22ef537d01200543781dbcbe4baa0aa70c0791b8ac7876f10f9fe2
Instruction Fuzzy Hash: 7271D37260012A8BCB20DE7CCD516BA73A5FBE0764F254529F866F7284EA35DD45C3E0

Function 0084833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0084835A
_wcslen.LIBCMT ref: 0084836E
_wcslen.LIBCMT ref: 00848391
_wcslen.LIBCMT ref: 008483B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008483F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0084361A,?), ref: 0084844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00848487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008484CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00848501
FreeLibrary.KERNEL32(?), ref: 0084850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0084851D
DestroyIcon.USER32(?), ref: 0084852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00848549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00848555

Strings

.exe, xrefs: 00848388
.dll, xrefs: 008483AB
.icl, xrefs: 00848368

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 15f317537bd7df392fba25ab743e63f6cfd9526fcd82a442900d44ee0b921287
Instruction ID: 0755e91b7ab20ab911b55309e3dc2967c8d10a9aec67aeb3ad187cb982899be9
Opcode Fuzzy Hash: 15f317537bd7df392fba25ab743e63f6cfd9526fcd82a442900d44ee0b921287
Instruction Fuzzy Hash: B961AF71900219FBEB14DF64CC85BBE77ACFB04B11F10454AF915E61D1DB74AA90CBA0

Function 007B7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#include-once, xrefs: 007B782F
#notrayicon, xrefs: 007B77E7
Cannot parse #include, xrefs: 007F5279
#include, xrefs: 007B7847
', xrefs: 007F5169
", xrefs: 007F5153
#comments-start, xrefs: 007B785F, 007B78B1
#pragma compile, xrefs: 007B77D3
#comments-end, xrefs: 007B78D9
Unterminated group of comments, xrefs: 007F528C
#ce, xrefs: 007B78ED
#OnAutoItStartRegister, xrefs: 007B7817
#requireadmin, xrefs: 007B77FF
#cs, xrefs: 007B7873, 007B78C5
Bad directive syntax error, xrefs: 007F519A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 64599cebc13cd0d12b7f1bf469ecb68ccc8f82fb96059e56254695749a34808e
Instruction ID: e9ae8844307ff727b0ea56be9e59a88c66f851b101d7ba9b43d039a3d3b105c7
Opcode Fuzzy Hash: 64599cebc13cd0d12b7f1bf469ecb68ccc8f82fb96059e56254695749a34808e
Instruction Fuzzy Hash: BB81C371A04609FBDB24AF60CC46FFE37A9FF55300F044025FA15AA296EB7CD911D6A1

Function 00823E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00823EF8
_wcslen.LIBCMT ref: 00823F03
_wcslen.LIBCMT ref: 00823F5A
_wcslen.LIBCMT ref: 00823F98
GetDriveTypeW.KERNEL32(?), ref: 00823FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0082401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00824059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00824087

Strings

open , xrefs: 00823FE5
open, xrefs: 00823F54, 00823F59
close, xrefs: 00823EFE, 00823F18
type cdaudio alias cd wait, xrefs: 00824001
wait, xrefs: 00824044
closed, xrefs: 00823F08, 00823F2D, 00823F46, 00823F7E, 00823F97
set cd door , xrefs: 00824028
close cd wait, xrefs: 00824072

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 7a8d00cfb8414bf816bfec0c31da590350dd89975edab9292cd904dbeb019244
Instruction ID: e5fc2d533d9e1a16cf615f241f11eb5dadedea36d0b3f5ddcfd437aafe71a33b
Opcode Fuzzy Hash: 7a8d00cfb8414bf816bfec0c31da590350dd89975edab9292cd904dbeb019244
Instruction Fuzzy Hash: 267101326046119FC310EF24D8909AAB7F4FF94758F10892DF9A5D7251EB38ED89CB51

Function 00815A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00815A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00815A40
SetWindowTextW.USER32(?,?), ref: 00815A57
GetDlgItem.USER32(?,000003EA), ref: 00815A6C
SetWindowTextW.USER32(00000000,?), ref: 00815A72
GetDlgItem.USER32(?,000003E9), ref: 00815A82
SetWindowTextW.USER32(00000000,?), ref: 00815A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00815AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00815AC3
GetWindowRect.USER32(?,?), ref: 00815ACC
_wcslen.LIBCMT ref: 00815B33
SetWindowTextW.USER32(?,?), ref: 00815B6F
GetDesktopWindow.USER32 ref: 00815B75
GetWindowRect.USER32(00000000), ref: 00815B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00815BD3
GetClientRect.USER32(?,?), ref: 00815BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00815C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00815C2F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 1a4674c344b2de4132d1e20a0fb70f2298fdfeca4356c1a6e65832bbdb7ad9df
Instruction ID: 18d71799e6ad14f13930a64823c0960bdc378615cc513ea4a99d52609d6a2055
Opcode Fuzzy Hash: 1a4674c344b2de4132d1e20a0fb70f2298fdfeca4356c1a6e65832bbdb7ad9df
Instruction Fuzzy Hash: F2716F31900B09EFDB20DFA9CE85AAEBBF9FF88714F104519E542E25A0D775E984CB50

Function 0082FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 0082FE27
LoadCursorW.USER32(00000000,00007F8A), ref: 0082FE32
LoadCursorW.USER32(00000000,00007F00), ref: 0082FE3D
LoadCursorW.USER32(00000000,00007F03), ref: 0082FE48
LoadCursorW.USER32(00000000,00007F8B), ref: 0082FE53
LoadCursorW.USER32(00000000,00007F01), ref: 0082FE5E
LoadCursorW.USER32(00000000,00007F81), ref: 0082FE69
LoadCursorW.USER32(00000000,00007F88), ref: 0082FE74
LoadCursorW.USER32(00000000,00007F80), ref: 0082FE7F
LoadCursorW.USER32(00000000,00007F86), ref: 0082FE8A
LoadCursorW.USER32(00000000,00007F83), ref: 0082FE95
LoadCursorW.USER32(00000000,00007F85), ref: 0082FEA0
LoadCursorW.USER32(00000000,00007F82), ref: 0082FEAB
LoadCursorW.USER32(00000000,00007F84), ref: 0082FEB6
LoadCursorW.USER32(00000000,00007F04), ref: 0082FEC1
LoadCursorW.USER32(00000000,00007F02), ref: 0082FECC
GetCursorInfo.USER32(?), ref: 0082FEDC
GetLastError.KERNEL32 ref: 0082FF1E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 2b9e669b75deb0085c38591913aa42ca1d423837d60f74dd56c4adf797f351cc
Instruction ID: 043c68343e12d85225fac4952fd7b9c99572e6c9bdcfe6e916b6ec6e18499a0f
Opcode Fuzzy Hash: 2b9e669b75deb0085c38591913aa42ca1d423837d60f74dd56c4adf797f351cc
Instruction Fuzzy Hash: 314160B0D04319AADB109FBA9C8985EBFF8FF04354B50853AF119E7281DB78A941CE90

Function 007D00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007D00C6

Part of subcall function 007D00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0088070C,00000FA0,CE987895,?,?,?,?,007F23B3,000000FF), ref: 007D011C
Part of subcall function 007D00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007F23B3,000000FF), ref: 007D0127
Part of subcall function 007D00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007F23B3,000000FF), ref: 007D0138
Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007D014E
Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007D015C
Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007D016A
Part of subcall function 007D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007D0195
Part of subcall function 007D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007D01A0

___scrt_fastfail.LIBCMT ref: 007D00E7

Part of subcall function 007D00A3: __onexit.LIBCMT ref: 007D00A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 007D0122
InitializeConditionVariable, xrefs: 007D0148
SleepConditionVariableCS, xrefs: 007D0154
kernel32.dll, xrefs: 007D0133
WakeAllConditionVariable, xrefs: 007D0162

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: fb5fc22f96e3cff6248dc2f0653c1cb4342d459d20ec6aaee3f4f9b64ae1e7d8
Instruction ID: 5c245c9f306993479fbfc1a9d13b205c66e4fc8408f9863c02985868cfb002ab
Opcode Fuzzy Hash: fb5fc22f96e3cff6248dc2f0653c1cb4342d459d20ec6aaee3f4f9b64ae1e7d8
Instruction Fuzzy Hash: 0D21C636A45719ABE7506BA4AC09B6E77E8FB05B51F10013FF911E3392DB7E98008AD0

Function 008130F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0081318D
_wcslen.LIBCMT ref: 008131F8

Strings

CLASS, xrefs: 00813188, 008131A5
TEXT, xrefs: 0081347C
REGEXPCLASS, xrefs: 00813255, 00813266
CLASSNN, xrefs: 008131F3, 00813204
INSTANCE, xrefs: 00813453
NAME, xrefs: 00813335, 00813346

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: a8137b3f5c9445f4494a8947a0c393c5cd25e3b5b73f82fe5e319595d5c56ef2
Instruction ID: 0fedceb0302cbd488bfd94d1c42bd4f4bd7e2ba3d28bf9bbc2925dd844819846
Opcode Fuzzy Hash: a8137b3f5c9445f4494a8947a0c393c5cd25e3b5b73f82fe5e319595d5c56ef2
Instruction Fuzzy Hash: 63E1E432A00516EBCB189FA8C455BEDFBB9FF54710F54812AE566F7240DB30AEC98790

Function 008244C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,0084CC08), ref: 00824527
_wcslen.LIBCMT ref: 0082453B
_wcslen.LIBCMT ref: 00824599
_wcslen.LIBCMT ref: 008245F4
_wcslen.LIBCMT ref: 0082463F
_wcslen.LIBCMT ref: 008246A7

Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD

GetDriveTypeW.KERNEL32(?,00876BF0,00000061), ref: 00824743

Strings

removable, xrefs: 008245EA, 008245EF
fixed, xrefs: 00824635, 0082463A
cdrom, xrefs: 0082458F, 00824594
all, xrefs: 00824531, 00824536
network, xrefs: 0082469D, 008246A2
ramdisk, xrefs: 008246F1
unknown, xrefs: 00824708

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 0ce5cbb06bdf287ad6008cb94fe77b48c7af531ac44dd64504502d91b3904ddb
Instruction ID: a922b0521a8c074d8b507d955d448b3b9ffd4edd28cf4bebd4f6f4dab113efae
Opcode Fuzzy Hash: 0ce5cbb06bdf287ad6008cb94fe77b48c7af531ac44dd64504502d91b3904ddb
Instruction Fuzzy Hash: A1B112316083229FC710DF28E890A6EB7E5FFA5724F50591DF5AAC7291E734D884CB62

Function 00833FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,0084CC08), ref: 008340BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 008340CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0084CC08), ref: 008340F2
FreeLibrary.KERNEL32(00000000,?,0084CC08), ref: 0083413E
StringFromGUID2.OLE32(?,?,00000028,?,0084CC08), ref: 008341A8
SysFreeString.OLEAUT32(00000009), ref: 00834262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 008342C8
SysFreeString.OLEAUT32(?), ref: 008342F2

Strings

GetModuleHandleExW, xrefs: 008340C7
kernel32.dll, xrefs: 008340B6

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 4ed91841bbe92b514f4a2b006addf9b61e4f5ddff4ae81c5fd90b4b6d43f5d87
Instruction ID: 2e4ae6a385866f397824fe749e10ef71288891ceeec14c517b0fd55e8b81d250
Opcode Fuzzy Hash: 4ed91841bbe92b514f4a2b006addf9b61e4f5ddff4ae81c5fd90b4b6d43f5d87
Instruction Fuzzy Hash: 99122D75A00119EFDB14CF94C884EAEBBB9FF85318F248098E905EB251D731ED46CBA0

Function 007B326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00881990), ref: 007F2F8D
GetMenuItemCount.USER32(00881990), ref: 007F303D
GetCursorPos.USER32(?), ref: 007F3081
SetForegroundWindow.USER32(00000000), ref: 007F308A
TrackPopupMenuEx.USER32(00881990,00000000,?,00000000,00000000,00000000), ref: 007F309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007F30A9

Strings

0, xrefs: 007B327D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: a1d8b536b3ab54fa66dde813e5c94c6697b7b97fd18966722f5b4b625007b585
Instruction ID: ce8344698765f5ab8dfbc8e13e75fc09c1031beeb5a925525f7bfb7b9b137017
Opcode Fuzzy Hash: a1d8b536b3ab54fa66dde813e5c94c6697b7b97fd18966722f5b4b625007b585
Instruction Fuzzy Hash: B5712D70644209BEEB218F64CC49FEABF69FF05324F204216F615A62D1C7B9AD50DB51

Function 00846CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00846DEB

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00846E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00846E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00846E94
DestroyWindow.USER32(?), ref: 00846EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007B0000,00000000), ref: 00846EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00846EFD
GetDesktopWindow.USER32 ref: 00846F16
GetWindowRect.USER32(00000000), ref: 00846F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00846F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00846F4D

Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952

Strings

0, xrefs: 00846D98
tooltips_class32, xrefs: 00846E58, 00846EDD

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 7324067461c5b0abb4bd5c1edd98fc0aea3392cecda6757137138d198a0764fa
Instruction ID: 59fbb75dd60c66bc5a3a352b1f24904d8d8c8462b208c094b4b13a2d77133f45
Opcode Fuzzy Hash: 7324067461c5b0abb4bd5c1edd98fc0aea3392cecda6757137138d198a0764fa
Instruction Fuzzy Hash: 9A714674104348AFDB61CF18DC48BAABBE9FB8A304F54441DF999C7261DB74A91ACB12

Function 0084911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

DragQueryPoint.SHELL32(?,?), ref: 00849147

Part of subcall function 00847674: ClientToScreen.USER32(?,?), ref: 0084769A
Part of subcall function 00847674: GetWindowRect.USER32(?,?), ref: 00847710
Part of subcall function 00847674: PtInRect.USER32(?,?,00848B89), ref: 00847720

SendMessageW.USER32(?,000000B0,?,?), ref: 008491B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008491BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008491DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00849225
SendMessageW.USER32(?,000000B0,?,?), ref: 0084923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00849255
SendMessageW.USER32(?,000000B1,?,?), ref: 00849277
DragFinish.SHELL32(?), ref: 0084927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00849371

Strings

@GUI_DROPID, xrefs: 0084929E
@GUI_DRAGFILE, xrefs: 00849320
@GUI_DRAGID, xrefs: 008492E9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 73234da629cbd78eb70dcfc152f34a4d3252928702f820598f720f00c8b5ca71
Instruction ID: bdbbfa59c9f06e861bfc0e85633b40ae4c7a2a46a3a1954221d2fa731e0e9048
Opcode Fuzzy Hash: 73234da629cbd78eb70dcfc152f34a4d3252928702f820598f720f00c8b5ca71
Instruction Fuzzy Hash: 07617C71108305AFD701EF64DC89EAFBBE8FF89350F40491DF6A5922A1DB709A49CB52

Function 0082C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0082C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0082C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0082C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0082C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0082C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0082C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0082C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0082C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0082C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0082C5F0
InternetCloseHandle.WININET(00000000), ref: 0082C5FB

Strings

, xrefs: 0082C575

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: f298dea88832a5e65c1a29458ebb40c6e3ff002fd90ea0b71bd33c0f4f6d804e
Instruction ID: c652945e43e4d41af07cab9cdc426af269a9cc61754e98b66f1b20f1297b3179
Opcode Fuzzy Hash: f298dea88832a5e65c1a29458ebb40c6e3ff002fd90ea0b71bd33c0f4f6d804e
Instruction Fuzzy Hash: 4D5158B4500618AFEB219F64DA88ABB7BFCFF09344F00441AF945D6250DB74E984DB60

Function 0084856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00848592
GetFileSize.KERNEL32(00000000,00000000), ref: 008485A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 008485AD
CloseHandle.KERNEL32(00000000), ref: 008485BA
GlobalLock.KERNEL32(00000000), ref: 008485C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 008485D7
GlobalUnlock.KERNEL32(00000000), ref: 008485E0
CloseHandle.KERNEL32(00000000), ref: 008485E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 008485F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,0084FC38,?), ref: 00848611
GlobalFree.KERNEL32(00000000), ref: 00848621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00848641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00848671
DeleteObject.GDI32(00000000), ref: 00848699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008486AF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 6e08ea6f6a589543d07bbed1e3c1eb075cffe3d2ea23c9687765bea4b09db686
Instruction ID: 7da7ef7db1ef7a90081bfab9c8421dccd1309b2c1413ec2e677ef774535f6a14
Opcode Fuzzy Hash: 6e08ea6f6a589543d07bbed1e3c1eb075cffe3d2ea23c9687765bea4b09db686
Instruction Fuzzy Hash: D8412979601208EFDB519FA5CC48EAE7BBCFF9A715F118058F909E7260DB749901DB20

Function 008214BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00821502
VariantCopy.OLEAUT32(?,?), ref: 0082150B
VariantClear.OLEAUT32(?), ref: 00821517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008215FB
VarR8FromDec.OLEAUT32(?,?), ref: 00821657
VariantInit.OLEAUT32(?), ref: 00821708
SysFreeString.OLEAUT32(?), ref: 0082178C
VariantClear.OLEAUT32(?), ref: 008217D8
VariantClear.OLEAUT32(?), ref: 008217E7
VariantInit.OLEAUT32(00000000), ref: 00821823

Strings

Default, xrefs: 008216AF
%4d%02d%02d%02d%02d%02d, xrefs: 00821625

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: d27d66d1397570efa1b24bb300897270d60de9aee44f815f873a66d03a141748
Instruction ID: 15a55445df01e1e8f38bac0e7d42cfb47e89e0e35077e7c34c292fe008193826
Opcode Fuzzy Hash: d27d66d1397570efa1b24bb300897270d60de9aee44f815f873a66d03a141748
Instruction Fuzzy Hash: 4CD1CF71A00229EBDF109F65E98DBB9B7B5FF55704F24809AE406EB180DB34EC81DB61

Function 0083B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083B772
RegDeleteValueW.ADVAPI32(?,?), ref: 0083B80A
RegCloseKey.ADVAPI32(?), ref: 0083B87E
RegCloseKey.ADVAPI32(?), ref: 0083B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 0083B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0083B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 0083B922
FreeLibrary.KERNEL32(00000000), ref: 0083B983
RegCloseKey.ADVAPI32(00000000), ref: 0083B994

Strings

advapi32.dll, xrefs: 0083B8ED
RegDeleteKeyExW, xrefs: 0083B8FE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: a54c3aa904fc45b99503c02276fc718fba4217feda7901b5a0ce10c95142ad81
Instruction ID: 30513ba37bd3a0391948f638cf2344f51ef3e724e4cb0e6172822ab24584d91f
Opcode Fuzzy Hash: a54c3aa904fc45b99503c02276fc718fba4217feda7901b5a0ce10c95142ad81
Instruction Fuzzy Hash: 03C17A75208201EFD710DF14C499B6ABBE5FF84318F18849CF69A8B2A2DB35ED45CB91

Function 0083255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 008325D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008325E8
CreateCompatibleDC.GDI32(?), ref: 008325F4
SelectObject.GDI32(00000000,?), ref: 00832601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0083266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008326AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008326D0
SelectObject.GDI32(?,?), ref: 008326D8
DeleteObject.GDI32(?), ref: 008326E1
DeleteDC.GDI32(?), ref: 008326E8
ReleaseDC.USER32(00000000,?), ref: 008326F3

Strings

(, xrefs: 0083268D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: aad4aa2bc5f34126b20d361abbf775c0e74afc29abdbbb3e232eb1320852a9a9
Instruction ID: e8186a6d8b64aa710d723f887d49b43914c7514245dced594197877913144902
Opcode Fuzzy Hash: aad4aa2bc5f34126b20d361abbf775c0e74afc29abdbbb3e232eb1320852a9a9
Instruction Fuzzy Hash: CB61E275D01219EFCF14CFA8D885AAEBBBAFF48310F208529E955E7250E770A951CF90

Function 007EDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 007EDAA1

Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED659
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED66B
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED67D
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED68F
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6A1
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6B3
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6C5
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6D7
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6E9
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6FB
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED70D
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED71F
Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED731

_free.LIBCMT ref: 007EDA96

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007EDAB8
_free.LIBCMT ref: 007EDACD
_free.LIBCMT ref: 007EDAD8
_free.LIBCMT ref: 007EDAFA
_free.LIBCMT ref: 007EDB0D
_free.LIBCMT ref: 007EDB1B
_free.LIBCMT ref: 007EDB26
_free.LIBCMT ref: 007EDB5E
_free.LIBCMT ref: 007EDB65
_free.LIBCMT ref: 007EDB82
_free.LIBCMT ref: 007EDB9A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: b4d5840bfc30ca9022307aa1ecd3015d85341cc2b50ad69d6863f88f0ff58c12
Instruction ID: cadab9b782c309b43f8f849fc2163c742b30370a4ad6403aaf63d0bd409cb1ad
Opcode Fuzzy Hash: b4d5840bfc30ca9022307aa1ecd3015d85341cc2b50ad69d6863f88f0ff58c12
Instruction Fuzzy Hash: 62315F71506288DFDB31AA76D84AB5677E8FF08310F115429E458E71A2EA3DFD418B20

Function 0081365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 0081369C
_wcslen.LIBCMT ref: 008136A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00813797
GetClassNameW.USER32(?,?,00000400), ref: 0081380C
GetDlgCtrlID.USER32(?), ref: 0081385D
GetWindowRect.USER32(?,?), ref: 00813882
GetParent.USER32(?), ref: 008138A0
ScreenToClient.USER32(00000000), ref: 008138A7
GetClassNameW.USER32(?,?,00000100), ref: 00813921
GetWindowTextW.USER32(?,?,00000400), ref: 0081395D

Strings

%s%u, xrefs: 00813734

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: a84072a21a3d19320f277c12d6fda2d5eee65f28471c589ccf53badaa9a65334
Instruction ID: b8174ff7018e758bc9656e04ec2446cebe36a206382cb83e366266fa773738bf
Opcode Fuzzy Hash: a84072a21a3d19320f277c12d6fda2d5eee65f28471c589ccf53badaa9a65334
Instruction Fuzzy Hash: C291AF71204606AFD719DF24C885FEAFBACFF45350F008629F999D2190DB34EA95CBA1

Function 00814954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00814994
GetWindowTextW.USER32(?,?,00000400), ref: 008149DA
_wcslen.LIBCMT ref: 008149EB
CharUpperBuffW.USER32(?,00000000), ref: 008149F7
_wcsstr.LIBVCRUNTIME ref: 00814A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00814A64
GetWindowTextW.USER32(?,?,00000400), ref: 00814A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00814AE6
GetClassNameW.USER32(?,?,00000400), ref: 00814B20
GetWindowRect.USER32(?,?), ref: 00814B8B

Strings

ThumbnailClass, xrefs: 00814A6F, 00814AF1

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 4c35fe6e6f5a247bdd25830eca6ca770d27be02f05abf4b5ef2031bc679643ed
Instruction ID: d39455dc301cfbb0c8bd6abfc5b9519509f65586d4c80559f349caab81242975
Opcode Fuzzy Hash: 4c35fe6e6f5a247bdd25830eca6ca770d27be02f05abf4b5ef2031bc679643ed
Instruction Fuzzy Hash: D4919C710082059BDB04CF54C985BEA7BECFF84354F04946AFD8ADA196EB34ED85CBA1

Function 0081BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00881990,000000FF,00000000,00000030), ref: 0081BFAC
SetMenuItemInfoW.USER32(00881990,00000004,00000000,00000030), ref: 0081BFE1
Sleep.KERNEL32(000001F4), ref: 0081BFF3
GetMenuItemCount.USER32(?), ref: 0081C039
GetMenuItemID.USER32(?,00000000), ref: 0081C056
GetMenuItemID.USER32(?,-00000001), ref: 0081C082
GetMenuItemID.USER32(?,?), ref: 0081C0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0081C10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081C124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081C145

Strings

0, xrefs: 0081BF3D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: 262cde61f2206fdcb93278877392d95e5379a2b20d64e962c00b82d99f00ca33
Instruction ID: 367f7f1afec4795ccb081c6da047aa1aa522907223a79dbc9b0dd2b170bc19de
Opcode Fuzzy Hash: 262cde61f2206fdcb93278877392d95e5379a2b20d64e962c00b82d99f00ca33
Instruction Fuzzy Hash: 51615AB498024AABDF11CF68DC88AEEBBADFF06344F104155E811E3291CB35AD85CB61

Function 0083CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0083CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0083CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0083CD48

Part of subcall function 0083CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0083CCAA
Part of subcall function 0083CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0083CCBD
Part of subcall function 0083CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0083CCCF
Part of subcall function 0083CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0083CD05
Part of subcall function 0083CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0083CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 0083CCF3

Strings

advapi32.dll, xrefs: 0083CCB8
RegDeleteKeyExW, xrefs: 0083CCC9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 236d771883ecb8f5718df8a4d68d6aeb2cc41e63fef33f405f5dd9dfdb5d0d5c
Instruction ID: 22b0f1c9fc82eb60db71aec6aa43807974f58b74acdc6b38951f65299314fbbe
Opcode Fuzzy Hash: 236d771883ecb8f5718df8a4d68d6aeb2cc41e63fef33f405f5dd9dfdb5d0d5c
Instruction Fuzzy Hash: E9316C75902129BBDB609B65DC88EFFBB7CFF86754F000165B906E2240DA349A45DBE0

Function 00823D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00823D40
_wcslen.LIBCMT ref: 00823D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00823D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00823DBE
RemoveDirectoryW.KERNEL32(?), ref: 00823DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00823E55
CloseHandle.KERNEL32(00000000), ref: 00823E60
CloseHandle.KERNEL32(00000000), ref: 00823E6B

Strings

\, xrefs: 00823D77
:, xrefs: 00823D82
\??\%s, xrefs: 00823D5B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: 5f0a3dcb3bbc06d1f1b19e66dc39d7fcc556453781af9770c3d5d753772d8af2
Instruction ID: d7ec37b13efa586e67184ed12d2c18261143e34b1aa1e80b6813f2a05535bd97
Opcode Fuzzy Hash: 5f0a3dcb3bbc06d1f1b19e66dc39d7fcc556453781af9770c3d5d753772d8af2
Instruction Fuzzy Hash: 1F31A176A00219ABDB209FA0DC49FEB37BCFF89700F1041A6F509D6160E7789784CB24

Function 0081E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0081E6B4

Part of subcall function 007CE551: timeGetTime.WINMM(?,?,0081E6D4), ref: 007CE555

Sleep.KERNEL32(0000000A), ref: 0081E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0081E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0081E727
SetActiveWindow.USER32 ref: 0081E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0081E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 0081E773
Sleep.KERNEL32(000000FA), ref: 0081E77E
IsWindow.USER32 ref: 0081E78A
EndDialog.USER32(00000000), ref: 0081E79B

Strings

BUTTON, xrefs: 0081E719

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 22c13e52455321b8ca7607fcb0225ed33e9f6ebc23cc8a47bcbf6cc2d1258a7e
Instruction ID: 3ea98f274d18cb4169a702da365f9b00772bda9d6865b8e2c172d0039125f18f
Opcode Fuzzy Hash: 22c13e52455321b8ca7607fcb0225ed33e9f6ebc23cc8a47bcbf6cc2d1258a7e
Instruction Fuzzy Hash: 96218174201204AFFB50DF68EC89E653BADFF76748F144424F915C22A1EB75AC80CB25

Function 0081E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0081EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0081EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0081EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0081EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0081EAA7

Strings

status PlayMe mode, xrefs: 0081EA58
alias PlayMe, xrefs: 0081EA36
open , xrefs: 0081EA0C
play PlayMe wait, xrefs: 0081EA91
play PlayMe, xrefs: 0081EAA2
close PlayMe, xrefs: 0081EA6E, 0081EA9B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: e6bf2cb8509cf0db647adb5d170499a85c357bb953b725aa0141290a9e7839cb
Instruction ID: 466c79ea8bfe02a29b2e9699877d591223304839b2db0a0920f8bc2a81929720
Opcode Fuzzy Hash: e6bf2cb8509cf0db647adb5d170499a85c357bb953b725aa0141290a9e7839cb
Instruction Fuzzy Hash: 1511BF20A50229B9D720A3A1DC4AEFB6F7CFFD1B40F000429B925E20D5EA744984C5B0

Function 00819F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 0081A012
SetKeyboardState.USER32(?), ref: 0081A07D
GetAsyncKeyState.USER32(000000A0), ref: 0081A09D
GetKeyState.USER32(000000A0), ref: 0081A0B4
GetAsyncKeyState.USER32(000000A1), ref: 0081A0E3
GetKeyState.USER32(000000A1), ref: 0081A0F4
GetAsyncKeyState.USER32(00000011), ref: 0081A120
GetKeyState.USER32(00000011), ref: 0081A12E
GetAsyncKeyState.USER32(00000012), ref: 0081A157
GetKeyState.USER32(00000012), ref: 0081A165
GetAsyncKeyState.USER32(0000005B), ref: 0081A18E
GetKeyState.USER32(0000005B), ref: 0081A19C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 497a251811f0993f0798f257375429fc50bc91dec2e6000eb5f95f13b0f4b153
Instruction ID: 7bb4f49127d558ea732d146b7d421f176b9fce52cb93254030d5f38b1a29d488
Opcode Fuzzy Hash: 497a251811f0993f0798f257375429fc50bc91dec2e6000eb5f95f13b0f4b153
Instruction Fuzzy Hash: 4E51B96490578469FB39DB64C4117EABFBCEF12340F084599D5C2D61C2DA649ACCC763

Function 00815CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00815CE2
GetWindowRect.USER32(00000000,?), ref: 00815CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00815D59
GetDlgItem.USER32(?,00000002), ref: 00815D69
GetWindowRect.USER32(00000000,?), ref: 00815D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00815DCF
GetDlgItem.USER32(?,000003E9), ref: 00815DDD
GetWindowRect.USER32(00000000,?), ref: 00815DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00815E31
GetDlgItem.USER32(?,000003EA), ref: 00815E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00815E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00815E67

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: df0719639641416704eabca035255ab84f0f749b18f3771593a4b201515f0403
Instruction ID: 0eb812a29dc43a0ca2b843a20ade7daea5dcc3de54e3bfe8f0eacaf70f353b37
Opcode Fuzzy Hash: df0719639641416704eabca035255ab84f0f749b18f3771593a4b201515f0403
Instruction Fuzzy Hash: BE510E75B01609AFDF18CF68DD89AAEBBB9FF89300F148129F915E6290D7709E40CB50

Function 007C8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 007C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C8BE8,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8FC5

DestroyWindow.USER32(?), ref: 007C8C81
KillTimer.USER32(00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00806973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 008069A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 008069B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000), ref: 008069D4
DeleteObject.GDI32(00000000), ref: 008069E6

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 59f78126dd5f9fda10547256c65b812d82d84c57e13774994908d9309df60b37
Instruction ID: bcb263434e6f0378092e68be610bd50ffb88919ec2be2df314bcc872dc5a5daf
Opcode Fuzzy Hash: 59f78126dd5f9fda10547256c65b812d82d84c57e13774994908d9309df60b37
Instruction Fuzzy Hash: 3561BD31102A10DFCBB59F18DD48B25BBF5FB41312F14456CE0429BAA0CB39ACA1DFA6

Function 007C9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952

GetSysColor.USER32(0000000F), ref: 007C9862

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: e0d57f440088004a5f9b58c821e61bbba51619d6b014fa08e57b2500c340d0d0
Instruction ID: 5b267e0ef934107272f051fbd7921e2ba9c0aa5ba0533bccb465315cd8ecbcb9
Opcode Fuzzy Hash: e0d57f440088004a5f9b58c821e61bbba51619d6b014fa08e57b2500c340d0d0
Instruction Fuzzy Hash: 79417D35505640AFDBA05F389C88FB93BA9FB47330F14465DFAA2871E2D735A942DB10

Function 007E8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Strings

.}, xrefs: 007E903A, 007E8FD0, 007E8FF2

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: .}
API String ID: 0-2266125135
Opcode ID: f9e43d3984fe416a90cab7291451a35ea3c5704c9c9fbed47d7df97e1be1d1ea
Instruction ID: 2be937ed8ee9abca35004e715190fcad8cb3275e3a1b5ce37c4b2fe708a5de9b
Opcode Fuzzy Hash: f9e43d3984fe416a90cab7291451a35ea3c5704c9c9fbed47d7df97e1be1d1ea
Instruction Fuzzy Hash: 2AC13675905289EFCF51DFAAC844BADBBB0BF0D310F044199E619AB392C7389941CF61

Function 008196E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,007FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00819717
LoadStringW.USER32(00000000,?,007FF7F8,00000001), ref: 00819720

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,007FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00819742
LoadStringW.USER32(00000000,?,007FF7F8,00000001), ref: 00819745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00819866

Strings

^ ERROR, xrefs: 008197FB
Line %d (File "%s"):, xrefs: 0081978F
Line %d:, xrefs: 008197A0
%s (%d) : ==> %s: %s %s, xrefs: 0081984A
Error: , xrefs: 0081981D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 3cfda51a4965d2061224a6e9395e96e044ee31c20fcd36766a41474d2b0354b4
Instruction ID: 3da26277cd922559b3b0e6bc49e58a195898d5cb668853ce9604f15d9db22a2e
Opcode Fuzzy Hash: 3cfda51a4965d2061224a6e9395e96e044ee31c20fcd36766a41474d2b0354b4
Instruction Fuzzy Hash: AF411371800219AACB04EBE4DD9AEEEB77CFF55340F504465F605B2192EB396F88CB61

Function 008106DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008107A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008107BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008107DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00810804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0081082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00810837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0081083C

Strings

\CLSID, xrefs: 00810724
\IPC$, xrefs: 00810784
SOFTWARE\Classes\, xrefs: 0081070E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 18910849108dce7a890fcdc0a30a1b75a0a00d841621e82f73c55500dd898c4d
Instruction ID: c41c86ff60da3f0400585c3dd958b69d18e7d4d9c590baab1d0996459de86142
Opcode Fuzzy Hash: 18910849108dce7a890fcdc0a30a1b75a0a00d841621e82f73c55500dd898c4d
Instruction Fuzzy Hash: 0B413872C00229EBDF11EBA4DC89DEEB778FF04340B144129E915A31A1EB74AE84CF90

Function 00843F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0084403B
CreateCompatibleDC.GDI32(00000000), ref: 00844042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00844055
SelectObject.GDI32(00000000,00000000), ref: 0084405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00844068
DeleteDC.GDI32(00000000), ref: 00844072
GetWindowLongW.USER32(?,000000EC), ref: 0084407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00844092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0084409E

Strings

static, xrefs: 00843FD3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 52249f73ed6b33390965c6ef48fac6664ba563ea6c1944eb5cdd2e746fec01af
Instruction ID: 4b38fab7eda6b3b3ef4c4f8c1fe1da5bb9d282187d89e48847d2a202fdd98c2e
Opcode Fuzzy Hash: 52249f73ed6b33390965c6ef48fac6664ba563ea6c1944eb5cdd2e746fec01af
Instruction Fuzzy Hash: 43315A36502219ABDF619FA8DC09FDA3B6CFF0E324F110215FA59E61A0D775D820DB54

Function 00833C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00833C5C
CoInitialize.OLE32(00000000), ref: 00833C8A
CoUninitialize.OLE32 ref: 00833C94
_wcslen.LIBCMT ref: 00833D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00833DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00833ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00833F0E
CoGetObject.OLE32(?,00000000,0084FB98,?), ref: 00833F2D
SetErrorMode.KERNEL32(00000000), ref: 00833F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00833FC4
VariantClear.OLEAUT32(?), ref: 00833FD8

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 310b64ab8eba9e7c3be35206d2d3682098833e9b83f6811a07eb76747ff0ddf8
Instruction ID: b0c05532ad7d56a888cb74c4010604013c8d576b1888322cbecfbabd622cf773
Opcode Fuzzy Hash: 310b64ab8eba9e7c3be35206d2d3682098833e9b83f6811a07eb76747ff0ddf8
Instruction Fuzzy Hash: FDC11271608205AFD700DF68C88496BBBE9FF89748F10491DF98ADB211DB71EE45CB92

Function 00827A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00827AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00827B8F
SHGetDesktopFolder.SHELL32(?), ref: 00827BA3
CoCreateInstance.OLE32(0084FD08,00000000,00000001,00876E6C,?), ref: 00827BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00827C74
CoTaskMemFree.OLE32(?,?), ref: 00827CCC
SHBrowseForFolderW.SHELL32(?), ref: 00827D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00827D7A
CoTaskMemFree.OLE32(00000000), ref: 00827D81
CoTaskMemFree.OLE32(00000000), ref: 00827DD6
CoUninitialize.OLE32 ref: 00827DDC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 5ed7ae773a31b71ac91a7124bae52729996454adf448d54e7855004a417f8db4
Instruction ID: 3e07028b8b9a9bdecc91e7ec1a2ce444fd55c8370204e76c459b60ea7b55d35e
Opcode Fuzzy Hash: 5ed7ae773a31b71ac91a7124bae52729996454adf448d54e7855004a417f8db4
Instruction Fuzzy Hash: 2DC14B75A00119EFCB14DFA4D888DAEBBF9FF48304B1484A9E916DB261D730ED81CB90

Function 0084541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00845504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00845515
CharNextW.USER32(00000158), ref: 00845544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00845585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0084559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008455AC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 4cfbe50355e38dd0333251ad56e587f816efc3953ca398ac610f21f2b0026575
Instruction ID: 8dfd5ab271c0b9f81d60831491258d3683578e9a2e4c0435a98da25e36755efd
Opcode Fuzzy Hash: 4cfbe50355e38dd0333251ad56e587f816efc3953ca398ac610f21f2b0026575
Instruction Fuzzy Hash: 21619F7490560CEFDF509F64CC849FE7BB9FB06728F108149F925EA292D7748A81DB60

Function 0080FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0080FAAF
SafeArrayAllocData.OLEAUT32(?), ref: 0080FB08
VariantInit.OLEAUT32(?), ref: 0080FB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 0080FB3A
VariantCopy.OLEAUT32(?,?), ref: 0080FB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 0080FBA1
VariantClear.OLEAUT32(?), ref: 0080FBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 0080FBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080FBCC
VariantClear.OLEAUT32(?), ref: 0080FBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080FBE9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 73454fe1ff715a895f3dcde965c7f42dbf9aa5f6f8979d3327ca3674efa20e18
Instruction ID: e1a3dc52d10de2c2d2ec2c207d72e608bbb37b7187ac62d38be907bfa884417d
Opcode Fuzzy Hash: 73454fe1ff715a895f3dcde965c7f42dbf9aa5f6f8979d3327ca3674efa20e18
Instruction Fuzzy Hash: 63415F35A01219DFCB50DF68CC689AEBBB9FF49354F00C069E945E7262CB34A945CFA4

Function 00819C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00819CA1
GetAsyncKeyState.USER32(000000A0), ref: 00819D22
GetKeyState.USER32(000000A0), ref: 00819D3D
GetAsyncKeyState.USER32(000000A1), ref: 00819D57
GetKeyState.USER32(000000A1), ref: 00819D6C
GetAsyncKeyState.USER32(00000011), ref: 00819D84
GetKeyState.USER32(00000011), ref: 00819D96
GetAsyncKeyState.USER32(00000012), ref: 00819DAE
GetKeyState.USER32(00000012), ref: 00819DC0
GetAsyncKeyState.USER32(0000005B), ref: 00819DD8
GetKeyState.USER32(0000005B), ref: 00819DEA

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: d386c8a2160d8b4e9696b6cff84dd06ffe703883b29f3161f89eec673f896949
Instruction ID: 4ac756ada051ed6f5c97e8d2a3ef22eafb4b79da475fa8f9ee0feff2d421e4d1
Opcode Fuzzy Hash: d386c8a2160d8b4e9696b6cff84dd06ffe703883b29f3161f89eec673f896949
Instruction Fuzzy Hash: E241D5346047C96DFF708664D8243F5BEE8FF12344F08805ADAC6965C2EBA499C8C7A2

Function 0083055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 008305BC
inet_addr.WSOCK32(?), ref: 0083061C
gethostbyname.WSOCK32(?), ref: 00830628
IcmpCreateFile.IPHLPAPI ref: 00830636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008306C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008306E5
IcmpCloseHandle.IPHLPAPI(?), ref: 008307B9
WSACleanup.WSOCK32 ref: 008307BF

Strings

Ping, xrefs: 00830676

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 9f1c6d2bd0c054155880706f675eafd4543a66b097340ad0e4c8344b4ee3406b
Instruction ID: 890a9b139598f197213da5b6c45959010b813cdda79e84996e8a0abf4f09147b
Opcode Fuzzy Hash: 9f1c6d2bd0c054155880706f675eafd4543a66b097340ad0e4c8344b4ee3406b
Instruction Fuzzy Hash: 4A9167356082019FD320DF19C899B1ABBE4FF88318F1485A9E46ADB6A2C735EC41CFD1

Function 00838CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00838CF3

Part of subcall function 00818E54: _wcslen.LIBCMT ref: 00818E77

_wcslen.LIBCMT ref: 00838D4E
_wcslen.LIBCMT ref: 00838D9C
_wcslen.LIBCMT ref: 00838DDC
_wcslen.LIBCMT ref: 00838E6E

Strings

winapi, xrefs: 00838D96, 00838D9B
none, xrefs: 00838E65, 00838E6A
stdcall, xrefs: 00838DD6, 00838DDB
cdecl, xrefs: 00838D48, 00838D4D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: 3e86d6065a0e9a89aea144e1dd64b6321b5c080b7a0bf494f6e246c3cd337bbe
Instruction ID: 90a78edcf8663f084168a90b63eb67ea37c53a765f1495acc384709c61ec4946
Opcode Fuzzy Hash: 3e86d6065a0e9a89aea144e1dd64b6321b5c080b7a0bf494f6e246c3cd337bbe
Instruction Fuzzy Hash: 5D518031A00616DBCF14DF68C9909BEB7A5FFA4724B214229F526E7284EB35DD44C7D0

Function 0083372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00833774
CoUninitialize.OLE32 ref: 0083377F
CoCreateInstance.OLE32(?,00000000,00000017,0084FB78,?), ref: 008337D9
IIDFromString.OLE32(?,?), ref: 0083384C
VariantInit.OLEAUT32(?), ref: 008338E4
VariantClear.OLEAUT32(?), ref: 00833936

Strings

Invalid parameter, xrefs: 00833865
NULL Pointer assignment, xrefs: 0083381E
Failed to create object, xrefs: 008337E4, 0083389A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 6b29be6bb1937d9edfe9d6fd0db38bbc51a82e99456c34b2f48f8574a17e85e7
Instruction ID: 6cddecab79ad8871549343a6c0d4c90db660dbfc4de05ef1879aa6d1fe3bd628
Opcode Fuzzy Hash: 6b29be6bb1937d9edfe9d6fd0db38bbc51a82e99456c34b2f48f8574a17e85e7
Instruction Fuzzy Hash: DD6159B4608301AFD310DF54C889B6ABBE8FF89714F104929F995DB291C774EE48CB92

Function 00823388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008233CF

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008233F0

Strings

Line %d (File "%s"):, xrefs: 00823443, 0082345C
^ ERROR , xrefs: 0082349E
"%s" (%d) : ==> %s:%s%s, xrefs: 00823504
Incorrect parameters to object property !, xrefs: 008234AB
Error: , xrefs: 008234D1
"%s" (%d) : ==> %s:, xrefs: 00823522

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 7142b1ed3cb79f5af9ccfd49f4bf376ca0e2db01c250d55f187c9cc3b900ca74
Instruction ID: 4306ef850d39e4e6f7aad73a72c4e0ff3be64cf4962e258a73550ceb2f8df60b
Opcode Fuzzy Hash: 7142b1ed3cb79f5af9ccfd49f4bf376ca0e2db01c250d55f187c9cc3b900ca74
Instruction Fuzzy Hash: FA51A371800219EADF14EBA0DD5AEEEB7B8FF14340F204065F119B2151EB396F98DB61

Function 0081B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 0081B5FC
_wcslen.LIBCMT ref: 0081B608
_wcslen.LIBCMT ref: 0081B64D
_wcslen.LIBCMT ref: 0081B68C
_wcslen.LIBCMT ref: 0081B6C7

Strings

KEYS, xrefs: 0081B647, 0081B64C
REMOVE, xrefs: 0081B602, 0081B607
APPEND, xrefs: 0081B6C1, 0081B6C6
EXISTS, xrefs: 0081B686, 0081B68B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 61c0155671e3f2669a1662d988e1b2342c69914ace5b6fea8ffac2fa343b47da
Instruction ID: cb380ac7da1442273fc2c591bf2d50ce2b3ccfaaaa10d0ee1fe13686e9b32751
Opcode Fuzzy Hash: 61c0155671e3f2669a1662d988e1b2342c69914ace5b6fea8ffac2fa343b47da
Instruction Fuzzy Hash: 4D41A032A001269BCB206F7988A05FEB7A9FFB17A4F244229E525D7284F735CDC1C690

Function 00825393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 008253A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00825416
GetLastError.KERNEL32 ref: 00825420
SetErrorMode.KERNEL32(00000000,READY), ref: 008254A7

Strings

UNKNOWN, xrefs: 00825444
READY, xrefs: 00825460, 00825468
INVALID, xrefs: 00825459
NOTREADY, xrefs: 0082544B
READONLY, xrefs: 00825452

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: c3472e5c528a082446a2894f8633d010d2591f534d079579d86b0b40f5de2b2b
Instruction ID: 50c0c3b545787483bf7cbd5eab23f08f67032dfe1d1d9d40023dd666d82a3c06
Opcode Fuzzy Hash: c3472e5c528a082446a2894f8633d010d2591f534d079579d86b0b40f5de2b2b
Instruction Fuzzy Hash: 6D31D2B5A40614DFD710EF68D488BAABBB4FF05305F148066E505CB292E771DDC6CBA0

Function 00843C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00843C79
SetMenu.USER32(?,00000000), ref: 00843C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00843D10
IsMenu.USER32(?), ref: 00843D24
CreatePopupMenu.USER32 ref: 00843D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00843D5B
DrawMenuBar.USER32 ref: 00843D63

Strings

0, xrefs: 00843C54
F, xrefs: 00843D4E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 71c8fd9c983dba33de3926d474a02cbfeb2434a30892d7ed57d4c19cce65d648
Instruction ID: fd888473996f90fdc6f8c2a8df4fb9a123c2a2671e5dc7477db360518a91c825
Opcode Fuzzy Hash: 71c8fd9c983dba33de3926d474a02cbfeb2434a30892d7ed57d4c19cce65d648
Instruction Fuzzy Hash: BA412779A02209EFDB14DF64D884BAEBBB9FF49350F140029E956A7360D770AA11CB94

Function 00811EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00811F64
GetDlgCtrlID.USER32 ref: 00811F6F
GetParent.USER32 ref: 00811F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00811F8E
GetDlgCtrlID.USER32(?), ref: 00811F97
GetParent.USER32(?), ref: 00811FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00811FAE

Strings

ListBox, xrefs: 00811F21
ComboBox, xrefs: 00811EEC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: baf27075a124c8aeae314851a3b7f90137e49caa0000450ad59482434fb60a6d
Instruction ID: 4d3bc2548a1a7201342eff14d7863019603d101ce725feafc6decb823a6afb35
Opcode Fuzzy Hash: baf27075a124c8aeae314851a3b7f90137e49caa0000450ad59482434fb60a6d
Instruction Fuzzy Hash: F321B374A00118BBCF44AFA0CC89AEEBBB8FF16314F104119BA65A7291DB785949DB60

Function 00811FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00812043
GetDlgCtrlID.USER32 ref: 0081204E
GetParent.USER32 ref: 0081206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 0081206D
GetDlgCtrlID.USER32(?), ref: 00812076
GetParent.USER32(?), ref: 0081208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 0081208D

Strings

ListBox, xrefs: 00812002
ComboBox, xrefs: 00811FCD

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: f1fd6916b25bbd3dfc6e1c15c44d4a978097a7e7ba87c753da7ef50d33173ae3
Instruction ID: 5d8af3269f41b278c269c2139d875599891a2ce7111731a0f9cbd4470951da0b
Opcode Fuzzy Hash: f1fd6916b25bbd3dfc6e1c15c44d4a978097a7e7ba87c753da7ef50d33173ae3
Instruction Fuzzy Hash: 9121D7B5900218BBCF14AFA0CC89EFEBBBCFF19344F104005BA65A7191D7794554DB60

Function 00843A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00843A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00843AA0
GetWindowLongW.USER32(?,000000F0), ref: 00843AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00843AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00843B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00843BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00843BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00843BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00843BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00843C13

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: b36c6fa13d8c906a34c9adcb2f31529d9fdf4a57c04368defd06e6e247e5a32e
Instruction ID: 06b1834d92bbfcd46ba937aa7ff566edff02a09fb7628493f902ccb89660bb0e
Opcode Fuzzy Hash: b36c6fa13d8c906a34c9adcb2f31529d9fdf4a57c04368defd06e6e247e5a32e
Instruction Fuzzy Hash: FB617775A00208AFDB11DFA8CC85EEEB7B8FB09714F104199FA15E72A1C774AA46DF50

Function 0081B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0081B151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B165
GetWindowThreadProcessId.USER32(00000000), ref: 0081B16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 0081B18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B21D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 2ce2ec533c8e28eec879781e5703d6e6d5a3ea3c9dbf2e818ce61bdc61ed408b
Instruction ID: d7dfd91ac48a9c2f86063d4c9b0975a32e418046316e917454caa7fa5a5ea460
Opcode Fuzzy Hash: 2ce2ec533c8e28eec879781e5703d6e6d5a3ea3c9dbf2e818ce61bdc61ed408b
Instruction Fuzzy Hash: 3D31A9B5601604BFDB10AF68DC58FAD7BADFF62711F218009FA01DA190D7B49A84CF64

Function 007E2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007E2C94

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007E2CA0
_free.LIBCMT ref: 007E2CAB
_free.LIBCMT ref: 007E2CB6
_free.LIBCMT ref: 007E2CC1
_free.LIBCMT ref: 007E2CCC
_free.LIBCMT ref: 007E2CD7
_free.LIBCMT ref: 007E2CE2
_free.LIBCMT ref: 007E2CED
_free.LIBCMT ref: 007E2CFB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6a5642ee0f4265d412e1b5124f56cbb85029b90440b2839ac6e66c2600181a35
Instruction ID: 652d438804ef9c724adc7d609681b5c562699d3d061682c5deed2efa36a3ee23
Opcode Fuzzy Hash: 6a5642ee0f4265d412e1b5124f56cbb85029b90440b2839ac6e66c2600181a35
Instruction Fuzzy Hash: 9D11B376101148EFCB02EF56D846C9D3BA9BF09350F5254A0FA48AB233D639EA519F90

Function 00827DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00827FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00827FC1
GetFileAttributesW.KERNEL32(?), ref: 00827FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00828005
SetCurrentDirectoryW.KERNEL32(?), ref: 00828017
SetCurrentDirectoryW.KERNEL32(?), ref: 00828060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008280B0

Strings

*.*, xrefs: 00828066

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 15159bcc5d01456358efb080b8c0ba9bf1e9d4648a77b2db2fdfa16cbe39be94
Instruction ID: 04672a6c4cc442ebd48c1820beb9078b5bb82227de0c67f45853a57616257c1e
Opcode Fuzzy Hash: 15159bcc5d01456358efb080b8c0ba9bf1e9d4648a77b2db2fdfa16cbe39be94
Instruction Fuzzy Hash: 0281C076508255DBCB20EF15D844AAAB3E8FF88714F55486EF885C7250EB34ED84CBA2

Function 007B5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 007B5C7A

Part of subcall function 007B5D0A: GetClientRect.USER32(?,?), ref: 007B5D30
Part of subcall function 007B5D0A: GetWindowRect.USER32(?,?), ref: 007B5D71
Part of subcall function 007B5D0A: ScreenToClient.USER32(?,?), ref: 007B5D99

GetDC.USER32 ref: 007F46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007F4708
SelectObject.GDI32(00000000,00000000), ref: 007F4716
SelectObject.GDI32(00000000,00000000), ref: 007F472B
ReleaseDC.USER32(?,00000000), ref: 007F4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007F47C4

Strings

U, xrefs: 007F4693

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 51bfc8d57aa8a0e34585e1a044a973e03e8b4678cecb6ab39cbe38197646279b
Instruction ID: 02f2abdcbaf424dbf86495f22651afc7e668d08a574b6fb4baaeab3f8151260d
Opcode Fuzzy Hash: 51bfc8d57aa8a0e34585e1a044a973e03e8b4678cecb6ab39cbe38197646279b
Instruction Fuzzy Hash: CF71E135500209DFCF219F68C984BFB7BB6FF4A360F144269EE559A266C7398841DF60

Function 0082359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008235E4

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

LoadStringW.USER32(00882390,?,00000FFF,?), ref: 0082360A

Strings

^ ERROR, xrefs: 008236C9
Line %d (File "%s"):, xrefs: 0082366B
"%s" (%d) : ==> %s:%s%s, xrefs: 00823724
Error: , xrefs: 008236EF
"%s" (%d) : ==> %s:, xrefs: 00823742

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 77649d3f5a9ae6c421c0708659f2871c0036acc6fc8808a0481f2c536b6c3605
Instruction ID: a48a8a34419c28ff3563222028f5279c371d02c04acc1052cbd9fadf4c8e0768
Opcode Fuzzy Hash: 77649d3f5a9ae6c421c0708659f2871c0036acc6fc8808a0481f2c536b6c3605
Instruction Fuzzy Hash: FE513B71800219FACF14EBA4DC9AEEEBB78FF14300F144125F215A21A1EB395AD9DF61

Function 0082C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0082C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0082C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0082C2CA
GetLastError.KERNEL32 ref: 0082C322
SetEvent.KERNEL32(?), ref: 0082C336
InternetCloseHandle.WININET(00000000), ref: 0082C341

Strings

, xrefs: 0082C2BB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 8034bf4c8262d34c9def46e377874ab1b2221defc5f4d5c38e9963dbdc3cabf2
Instruction ID: 3a89b5d80945110745e383bff48d8acbcafa968d149f7bdf3c7c825cde2d7352
Opcode Fuzzy Hash: 8034bf4c8262d34c9def46e377874ab1b2221defc5f4d5c38e9963dbdc3cabf2
Instruction Fuzzy Hash: 8F317CB5500618AFD721DFA8A888ABF7AFCFB49744B10891EA446D2200DB74DD848B61

Function 0081989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007F3AAF,?,?,Bad directive syntax error,0084CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008198BC
LoadStringW.USER32(00000000,?,007F3AAF,?), ref: 008198C3

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00819987

Strings

Error: , xrefs: 00819955
Line %d (File "%s"):, xrefs: 0081992D
., xrefs: 0081996D
%s (%d) : ==> %s.: %s %s, xrefs: 008198F1
Line %d:, xrefs: 00819912

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: fd1863f1c27539792cbbf70b8af028657b1bb30e9cc320a01425770b1479bf00
Instruction ID: e1bbf06c5e3e51803466a8de2ed01a127228210785854a541e8f189fb746ae31
Opcode Fuzzy Hash: fd1863f1c27539792cbbf70b8af028657b1bb30e9cc320a01425770b1479bf00
Instruction Fuzzy Hash: 8B21713180021DFBCF15AF90CC1AEEE7B79FF14304F044459F629A61A2EB3996A8CB10

Function 0081209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 008120AB
GetClassNameW.USER32(00000000,?,00000100), ref: 008120C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0081214D

Strings

SHELLDLL_DefView, xrefs: 008120CC
largeicons, xrefs: 008120E1
details, xrefs: 008120FB
smallicons, xrefs: 00812115
list, xrefs: 0081212F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 6892a3a97441899cfb81af8dcdf1fe6a99f3574a5f61602b55ff6310859656e3
Instruction ID: cab16a55a736dad167132639c66e664090987a771a4beaa6e93f9de000dcc777
Opcode Fuzzy Hash: 6892a3a97441899cfb81af8dcdf1fe6a99f3574a5f61602b55ff6310859656e3
Instruction Fuzzy Hash: A7113A7A684706FAF705A220DC0ACFA33ACFF15324B20801AFB08F41D1FBA9B8915614

Function 007ECE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 007ECEB7
_free.LIBCMT ref: 007ECF22
_free.LIBCMT ref: 007ECF48
_free.LIBCMT ref: 007ECF71
_free.LIBCMT ref: 007ECFA9
_free.LIBCMT ref: 007ECFDA
_free.LIBCMT ref: 007ED01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 007ED09C
_free.LIBCMT ref: 007ED0B5

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 8321e2c0fa5952564485060166c2f5765e33a2a55eacae668c18c89f0fd95f37
Instruction ID: fe8dd19ac04ea27b3e7256d47128b552c4b5116a2b9408b64761d3a90be52154
Opcode Fuzzy Hash: 8321e2c0fa5952564485060166c2f5765e33a2a55eacae668c18c89f0fd95f37
Instruction Fuzzy Hash: A4614C77906384EFDB32AFBA984966D7BA9AF0D310F04456DF940A7243D63D9D028B50

Function 008450D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00845186
ShowWindow.USER32(?,00000000), ref: 008451C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 008451CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 008451D1

Part of subcall function 00846FBA: DeleteObject.GDI32(00000000), ref: 00846FE6

GetWindowLongW.USER32(?,000000F0), ref: 0084520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 0084521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0084524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00845287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00845296

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 8f0a84837acae2106faca4cfe8207961aef71eed7c610e1a167031ebecd97dc6
Instruction ID: 75e6c107adff9cb8b1013354cbe0fab6900dfba01e3ccc17adeb4e9faf1527d8
Opcode Fuzzy Hash: 8f0a84837acae2106faca4cfe8207961aef71eed7c610e1a167031ebecd97dc6
Instruction Fuzzy Hash: 6A519C30A41A1CFFEF609F28CC4AB9D7B65FB05325F148016FA25D62E2C7B5A980DB41

Function 007C8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00806890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008068A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008068B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008068D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008068F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007C8874,00000000,00000000,00000000,000000FF,00000000), ref: 00806901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0080691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007C8874,00000000,00000000,00000000,000000FF,00000000), ref: 0080692D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 711e42a9a0a428c5c1f22cd27fe0e912172af0326fa9979c58ea1f0744ffc6d0
Instruction ID: 5e0b3aa9ee89f5fef339af56f5f62f411b8c91e415d8fa41549e1ec92fd17814
Opcode Fuzzy Hash: 711e42a9a0a428c5c1f22cd27fe0e912172af0326fa9979c58ea1f0744ffc6d0
Instruction Fuzzy Hash: DC5169B0600209EFDB608F28CC55FAA7BB9FB54750F10452CF906D62A0EB74ADA0DB50

Function 0082C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0082C182
GetLastError.KERNEL32 ref: 0082C195
SetEvent.KERNEL32(?), ref: 0082C1A9

Part of subcall function 0082C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0082C272
Part of subcall function 0082C253: GetLastError.KERNEL32 ref: 0082C322
Part of subcall function 0082C253: SetEvent.KERNEL32(?), ref: 0082C336
Part of subcall function 0082C253: InternetCloseHandle.WININET(00000000), ref: 0082C341

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: 1392931aa63f858ddfd21a0f10396e5e67c51c1ebaafeffc0c2336b9c4281c31
Instruction ID: 1fad6b94899d83c3edd4abb21bee5866492c9e844697abbb36857ef45cc2a9d1
Opcode Fuzzy Hash: 1392931aa63f858ddfd21a0f10396e5e67c51c1ebaafeffc0c2336b9c4281c31
Instruction Fuzzy Hash: 1E317A75201A15EFDB219FA9ED44A7ABBECFF19300B00441EF956C3610DB71E894DBA0

Function 008125A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 008125BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008125DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008125DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 008125E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00812601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00812605
MapVirtualKeyW.USER32(00000025,00000000), ref: 0081260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00812623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00812627

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 7b0984cd7907b28f8c79523810c55c46ad1e50261fb4f8d92e5bf4eee38d5269
Instruction ID: 493717cd3c3f6c731c72a4779ce87681a4376879d2b4514bf4dd99fd7cefdc96
Opcode Fuzzy Hash: 7b0984cd7907b28f8c79523810c55c46ad1e50261fb4f8d92e5bf4eee38d5269
Instruction Fuzzy Hash: F001D430391624BBFB5067689C8AF993F5DFF5EB12F100005F318EE0D1C9E22484CAAA

Function 00811803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00811449,?,?,00000000), ref: 0081180C
HeapAlloc.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 00811813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00811449,?,?,00000000), ref: 00811828
GetCurrentProcess.KERNEL32(?,00000000,?,00811449,?,?,00000000), ref: 00811830
DuplicateHandle.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 00811833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00811449,?,?,00000000), ref: 00811843
GetCurrentProcess.KERNEL32(00811449,00000000,?,00811449,?,?,00000000), ref: 0081184B
DuplicateHandle.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 0081184E
CreateThread.KERNEL32(00000000,00000000,00811874,00000000,00000000,00000000), ref: 00811868

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: fbffd52bbafdab8eaa33673d74369d63bcf9bc1551bdd7e9b8d689e1d5a860b4
Instruction ID: e1545f617d9ed093512c0ae81740e26d641096b2133053a529326da6fffc7ba4
Opcode Fuzzy Hash: fbffd52bbafdab8eaa33673d74369d63bcf9bc1551bdd7e9b8d689e1d5a860b4
Instruction Fuzzy Hash: 9C01BF75241304BFE750AFA5DC4DF577B6CFB8AB11F004411FA05DB291C6749800CB20

Function 007E3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 007E3F0B
__alldvrm.LIBCMT ref: 007E410C
__alldvrm.LIBCMT ref: 007E412E

Strings

}}}, xrefs: 007E40CD
}}}, xrefs: 007E3E8A
}}}, xrefs: 007E3E96, 007E3EF1, 007E3F0A, 007E4090

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID: }}}$}}}$}}}
API String ID: 1036877536-3712723652
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 2ef9044cc96cb930592fc49d528f646039efd0b3cf06b1c9450ee25cef0daeb1
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: 54A13672E023CA9FDB25CE1AC8957AEBBF4EF69350F1441ADE5859B282C23C9941C750

Function 0083A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 0081D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0081D501
Part of subcall function 0081D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0081D50F
Part of subcall function 0081D4DC: CloseHandle.KERNEL32(00000000), ref: 0081D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083A16D
GetLastError.KERNEL32 ref: 0083A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 0083A268
GetLastError.KERNEL32(00000000), ref: 0083A273
CloseHandle.KERNEL32(00000000), ref: 0083A2C4

Strings

SeDebugPrivilege, xrefs: 0083A18F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 7038e3876c954a1165d21933ded2b3adb27c224c5621ed6c7fdf5a6aeecb7a45
Instruction ID: 4d846aa3c4f8722dd4e7e7ae55cdf7a52d50d44e2fa4fc403450ff3e8d7537ae
Opcode Fuzzy Hash: 7038e3876c954a1165d21933ded2b3adb27c224c5621ed6c7fdf5a6aeecb7a45
Instruction Fuzzy Hash: CA617C352042419FD724DF18C498F6ABBE5FF94318F18848CE4A68B7A2C776EC45CB92

Function 00843886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00843925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0084393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00843954
_wcslen.LIBCMT ref: 00843999
SendMessageW.USER32(?,00001057,00000000,?), ref: 008439C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 008439F4

Strings

SysListView32, xrefs: 008438F7

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 516584b5e9d54be3f3f86b86adc7f4aa4f35022470e1b525bffc4f1d72398f33
Instruction ID: c4156df9ba1ecace648a7964666f7849b244d3472a945f105902a763cd32c8c1
Opcode Fuzzy Hash: 516584b5e9d54be3f3f86b86adc7f4aa4f35022470e1b525bffc4f1d72398f33
Instruction Fuzzy Hash: AB419071A0021DABEF219F64CC49FEA7BA9FF18354F10052AF958E7281D7759A84CB90

Function 0081BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081BCFD
IsMenu.USER32(00000000), ref: 0081BD1D
CreatePopupMenu.USER32 ref: 0081BD53
GetMenuItemCount.USER32(01075C40), ref: 0081BDA4
InsertMenuItemW.USER32(01075C40,?,00000001,00000030), ref: 0081BDCC

Strings

0, xrefs: 0081BCA8
2, xrefs: 0081BD37

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: d40a031f9b1c6e555172a7e0ff5f2f74f58140553fb3cbf8237a4a43a56fee47
Instruction ID: 8c04d156cbcd072e3a0200ddd7f069fc3ae875498a4e437ceabaad1bdcd5e795
Opcode Fuzzy Hash: d40a031f9b1c6e555172a7e0ff5f2f74f58140553fb3cbf8237a4a43a56fee47
Instruction Fuzzy Hash: 6B519D70A002099BDB18CFA8E884BEEBBFCFF59354F144159E411D7291D7709981CB62

Function 007D2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 007D2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 007D2D53
_ValidateLocalCookies.LIBCMT ref: 007D2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 007D2E0C
_ValidateLocalCookies.LIBCMT ref: 007D2E61

Strings

csm, xrefs: 007D2DF6
&H}, xrefs: 007D2DFE, 007D2E07, 007D2E18

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: &H}$csm
API String ID: 1170836740-1162412510
Opcode ID: 8608dd33a8c4024f99c47c004bc79eaaa6db64ddcb8d5e521ab2ea8eeb40b62f
Instruction ID: 118d084391ac4172cf6fee337a7ac770208e97e22df8aaa1233abafc2b610a67
Opcode Fuzzy Hash: 8608dd33a8c4024f99c47c004bc79eaaa6db64ddcb8d5e521ab2ea8eeb40b62f
Instruction Fuzzy Hash: 73418334A00209EBCF10DF68C849A9EBBB5BF55325F148156E814AB393D739EA07CBD1

Function 0081C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 0081C913

Strings

blank, xrefs: 0081C895
warning, xrefs: 0081C8FC
info, xrefs: 0081C8B4
question, xrefs: 0081C8CC
stop, xrefs: 0081C8E4

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 2ae56a1f4dc3212ac7c34fc668664f4e552b34b3bb489755a5fd78101758795b
Instruction ID: 9807f232328a5f0a175306db4e8cf3e36ccffc431eef0a70c28afb61f8944fc9
Opcode Fuzzy Hash: 2ae56a1f4dc3212ac7c34fc668664f4e552b34b3bb489755a5fd78101758795b
Instruction Fuzzy Hash: 3F11EB316C970ABBE7055B64DCC3DEE6BACFF153A8B10402BF504EA382E7749D805268

Function 0081DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 0081DE42
gethostname.WSOCK32(?,00000100), ref: 0081DE5C
gethostbyname.WSOCK32(?), ref: 0081DE69
inet_ntoa.WSOCK32(?), ref: 0081DEAB
_strcat.LIBCMT ref: 0081DEB9
WSACleanup.WSOCK32 ref: 0081DEDE

Strings

0.0.0.0, xrefs: 0081DE87

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 544cc2d6566cefca5901b3a7a38654140cded48795a79ac0ab11eb7e5ea58679
Instruction ID: ff9669d03a003c2c052ca9fd71111b7b7fce2ec781579f1f722ec9a6799b6424
Opcode Fuzzy Hash: 544cc2d6566cefca5901b3a7a38654140cded48795a79ac0ab11eb7e5ea58679
Instruction Fuzzy Hash: 82110671904208ABCB20AB74DC4AFEE77BCFF11712F00016AF445EA191EF789AC1CA60

Function 00849F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

GetSystemMetrics.USER32(0000000F), ref: 00849FC7
GetSystemMetrics.USER32(0000000F), ref: 00849FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0084A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0084A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0084A263
ShowWindow.USER32(00000003,00000000), ref: 0084A282
InvalidateRect.USER32(?,00000000,00000001), ref: 0084A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 0084A2CA

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: cfa2600791feda47e4410ac7a1c10ca1013f761378e6637d5e52cee1dbe0d7db
Instruction ID: 16be15c9631476998185123445340289ee5e948179f8a3665175c0a5948b9631
Opcode Fuzzy Hash: cfa2600791feda47e4410ac7a1c10ca1013f761378e6637d5e52cee1dbe0d7db
Instruction Fuzzy Hash: BEB1A831640229EFDF18CF68C9857AA7BB2FF48701F088169EC49DF295DB71AA40DB51

Function 0081ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0081ED2A
_wcslen.LIBCMT ref: 0081ED3B
_wcslen.LIBCMT ref: 0081ED79
_wcslen.LIBCMT ref: 0081EDAF
_wcslen.LIBCMT ref: 0081EDDF
_wcslen.LIBCMT ref: 0081EDEF
_wcslen.LIBCMT ref: 0081EE2B
_wcslen.LIBCMT ref: 0081EE5A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: 04c5372de8eb1873e21e32fb3d03d5a2fb39121935eb3c7a8b5c5d4eb1ae946c
Instruction ID: 389caaa2f7e6486d3cd412b7bc9ee63a3f130b795d9126dbcf6affb63562bb78
Opcode Fuzzy Hash: 04c5372de8eb1873e21e32fb3d03d5a2fb39121935eb3c7a8b5c5d4eb1ae946c
Instruction Fuzzy Hash: 38413066C10118B6CB11ABA4CC8A9CFB7BCBF45710F508567E914E3221EB38F655C7A5

Function 007CF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 007CF953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0080F3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0080F454

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: dcc60f7b1e1924092b7bd7857935c668a3cbd63d90f476103a4c1dca10821bc4
Instruction ID: a6453ec4c8fbcb9c122900d419848f6c3bd1d1ff11f5d25f6df2d3bbed559c43
Opcode Fuzzy Hash: dcc60f7b1e1924092b7bd7857935c668a3cbd63d90f476103a4c1dca10821bc4
Instruction Fuzzy Hash: 5D410B31604640BECFB99B2D8C88F6A7B97BB57314F15843DE547D6AA1C639B880CB11

Function 00842D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00842D1B
GetDC.USER32(00000000), ref: 00842D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00842D2E
ReleaseDC.USER32(00000000,00000000), ref: 00842D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00842D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00842D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00845A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00842DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00842DE1

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 2a8bf2ac24aa6f3025763c7968ff8f80a9c87bca0a46c706d2a769a39dc1b95d
Instruction ID: 8d1d835def44a4b617544cbfb1d019268fe8f89c87f6e9589d48514b21c2f79b
Opcode Fuzzy Hash: 2a8bf2ac24aa6f3025763c7968ff8f80a9c87bca0a46c706d2a769a39dc1b95d
Instruction Fuzzy Hash: C5318B76202618BBEB618F548C8AFEB3BADFB1A715F044055FE08DA291C6759C40CBA0

Function 00815622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00815637
_memcmp.LIBVCRUNTIME ref: 00815659
_memcmp.LIBVCRUNTIME ref: 00815671
_memcmp.LIBVCRUNTIME ref: 00815684
_memcmp.LIBVCRUNTIME ref: 0081569E
_memcmp.LIBVCRUNTIME ref: 008156B1
_memcmp.LIBVCRUNTIME ref: 008156C9
_memcmp.LIBVCRUNTIME ref: 008156E4

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 9b1c59b45cdc702fe540f14d4b847d40414fb1de738304dc1a0ade642da27afd
Instruction ID: 9933a1819148baa94e5a3b837b3675173f2c4f3209ea0b72ae873b3b79142542
Opcode Fuzzy Hash: 9b1c59b45cdc702fe540f14d4b847d40414fb1de738304dc1a0ade642da27afd
Instruction Fuzzy Hash: 0F21A461640A1DFBD21456219E82FFA336CFFB1398F840025FE05DA782F768ED5085E5

Function 00834FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00835007
NULL Pointer assignment, xrefs: 0083502E, 00835383

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: da6cc382f42540bc0aafdb1968fd08e0b0682d8ec6718eb771f79730019e961a
Instruction ID: d87ce0b7debc63f3d11874e6f96025d6e8097110919a3ee400aabcfa78b44c87
Opcode Fuzzy Hash: da6cc382f42540bc0aafdb1968fd08e0b0682d8ec6718eb771f79730019e961a
Instruction Fuzzy Hash: 4DD1B171A0060A9FDF14CFA8C891BAEB7B5FF88344F148469E915EB281E771DD45CB90

Function 007F1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 007F15CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007F1651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F16E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007F16FB

Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F1777
__freea.LIBCMT ref: 007F17A2
__freea.LIBCMT ref: 007F17AE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 13f48d208eae259ae6b90c8f67263c1a8beb31bb93aa49b45ec4708bf5d1ee54
Instruction ID: f960eb553dcd8e8399dd4a0c7bd2b636a07a0008b8c6d75e4a4fc859b04bd888
Opcode Fuzzy Hash: 13f48d208eae259ae6b90c8f67263c1a8beb31bb93aa49b45ec4708bf5d1ee54
Instruction Fuzzy Hash: 3B91D272E0020EDADB209E75C885AFE7BB5AF49310F980659EA05E7341DB3DCC40CBA0

Function 00834523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00834648
VariantInit.OLEAUT32(?), ref: 00834749
VariantClear.OLEAUT32(?), ref: 00834753
VariantClear.OLEAUT32(?), ref: 008347B0

Strings

Incorrect Object type in FOR..IN loop, xrefs: 0083472C
Null Object assignment in FOR..IN loop, xrefs: 008345D8, 00834706, 008347BE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: e5224c18ddf5e37a2c2a1b718ee313e18b32647f7af8597f0df160c610ae46c7
Instruction ID: b69d16cf29bdf4d5597274a6f0b3bd00897730b82014934abe181b4b8a4ff24a
Opcode Fuzzy Hash: e5224c18ddf5e37a2c2a1b718ee313e18b32647f7af8597f0df160c610ae46c7
Instruction Fuzzy Hash: 4C918071A00219ABDF20CFA4C849FAEBBB8FF86714F108559F515EB281D770A945CFA0

Function 00821187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0082125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00821284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008212A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008212D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0082135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008213C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00821430

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 6baedcfb2dcb52a449c19a6e8ea6c4920b25094feb3bda93baa6ec8c69242a24
Instruction ID: 69118c65de981e0fd4ed82761f028aa11aeaf672254865f0d3299f610373332c
Opcode Fuzzy Hash: 6baedcfb2dcb52a449c19a6e8ea6c4920b25094feb3bda93baa6ec8c69242a24
Instruction Fuzzy Hash: F391F875A00229DFDF10DF98E888BBEB7B6FF55314F204029E540E7291D778A981CB95

Function 007C948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: d1438ddd6a0d4058aef5065cda5dac30633742fd29149990b6214ed33295c35e
Instruction ID: c39692197ff473fc4b91154692a539489bfa86297fe9fe4bd10bf905995b3f3f
Opcode Fuzzy Hash: d1438ddd6a0d4058aef5065cda5dac30633742fd29149990b6214ed33295c35e
Instruction Fuzzy Hash: 90912871D00219EFCB54CFA9CC88AEEBBB8FF49320F148459E515B7291D778AA51CB60

Function 00833947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0083396B
CharUpperBuffW.USER32(?,?), ref: 00833A7A
_wcslen.LIBCMT ref: 00833A8A
VariantClear.OLEAUT32(?), ref: 00833C1F

Part of subcall function 00820CDF: VariantInit.OLEAUT32(00000000), ref: 00820D1F
Part of subcall function 00820CDF: VariantCopy.OLEAUT32(?,?), ref: 00820D28
Part of subcall function 00820CDF: VariantClear.OLEAUT32(?), ref: 00820D34

Strings

Incorrect Parameter format, xrefs: 008339A6, 00833BA1
AUTOIT.ERROR, xrefs: 00833A80, 00833A85

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: 6938be363450651657b940a4b5642adce8350f9ab51e42f3ba9d27e062ce3d29
Instruction ID: 6daf9bec3c81aaeed986939b92f2ebdfce75beaf5306c47a06590a572782942d
Opcode Fuzzy Hash: 6938be363450651657b940a4b5642adce8350f9ab51e42f3ba9d27e062ce3d29
Instruction Fuzzy Hash: B19122746083059FC704EF28C48596ABBE4FF89314F14882DF89ADB351DB35EA45CB92

Function 00834BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 0081000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?,?,0081035E), ref: 0081002B
Part of subcall function 0081000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810046
Part of subcall function 0081000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810054
Part of subcall function 0081000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?), ref: 00810064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00834C51
_wcslen.LIBCMT ref: 00834D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00834DCF
CoTaskMemFree.OLE32(?), ref: 00834DDA

Strings

NULL Pointer assignment, xrefs: 00834E23, 00834E52

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 8197c466b9303bf2e389d5a8b1627b59e7f71fae024a986f9e8e7a4a52c2cac5
Instruction ID: ea7331fc2bc5830537dbbc4625f427f2d856cb5394e85750d15b112607c18346
Opcode Fuzzy Hash: 8197c466b9303bf2e389d5a8b1627b59e7f71fae024a986f9e8e7a4a52c2cac5
Instruction Fuzzy Hash: B4910271D0021DEBDF10DFA4C895AEEB7B8FF48314F10816AE915A7251EB34AA45CFA0

Function 008420FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00842183
GetMenuItemCount.USER32(00000000), ref: 008421B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008421DD
_wcslen.LIBCMT ref: 00842213
GetMenuItemID.USER32(?,?), ref: 0084224D
GetSubMenu.USER32(?,?), ref: 0084225B

Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008422E3

Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 7f36c1bdbba4d988da66094ac2efb81a028b6562f2c494689bc4a50870b3f833
Instruction ID: e6cda4d440ac6c76116605662989f93abe92810b6398822c8ff8b9d760ee3586
Opcode Fuzzy Hash: 7f36c1bdbba4d988da66094ac2efb81a028b6562f2c494689bc4a50870b3f833
Instruction Fuzzy Hash: 1B718D35A04219EFCB10EF68C885AAEB7B5FF88314F548499F816EB341DB74A941CB90

Function 00847E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01075D58), ref: 00847F37
IsWindowEnabled.USER32(01075D58), ref: 00847F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0084801E
SendMessageW.USER32(01075D58,000000B0,?,?), ref: 00848051
IsDlgButtonChecked.USER32(?,?), ref: 00848089
GetWindowLongW.USER32(01075D58,000000EC), ref: 008480AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008480C3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 315589bd96fecb5f8b0bed77a461c0223da951321f09e8f23d330467babf746d
Instruction ID: 36cca413520b2b0f99ddd7e6c35bfe123b34de5d60a9fdc0c7cbeda76e369020
Opcode Fuzzy Hash: 315589bd96fecb5f8b0bed77a461c0223da951321f09e8f23d330467babf746d
Instruction Fuzzy Hash: 65717B34609648EFEF219F64CC84FAABBB9FF1A300F14445AE955D7261CB31AC49DB20

Function 0081AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0081AEF9
GetKeyboardState.USER32(?), ref: 0081AF0E
SetKeyboardState.USER32(?), ref: 0081AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 0081AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 0081AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 0081AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 0081B020

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 7c2ff83f1b8bb5f65496e3c68cdd68329b750ec523ddf89554eb63cc92962717
Instruction ID: daaef3bf9fbe884a05e94011962fe118d78b88c63b485cab95f6d9b616464a8f
Opcode Fuzzy Hash: 7c2ff83f1b8bb5f65496e3c68cdd68329b750ec523ddf89554eb63cc92962717
Instruction Fuzzy Hash: 0951D3A06056D53DFB364234C845BFA7EADBF06304F088489F1D9D54C2D798A8C9D761

Function 0081ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 0081AD19
GetKeyboardState.USER32(?), ref: 0081AD2E
SetKeyboardState.USER32(?), ref: 0081AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0081ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0081ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0081AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0081AE38

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 66876ec56975f88d7a196934986750a947e2f527e023f05b9cf515eba92e285a
Instruction ID: 64e42eea90bc66f171473a7e24b011b4b9dee5810eefa3c1de4163f44fdc658d
Opcode Fuzzy Hash: 66876ec56975f88d7a196934986750a947e2f527e023f05b9cf515eba92e285a
Instruction Fuzzy Hash: 2C51C5A15057D53DFB3A8264CC95BFA7E9CBF46304F088488E1D9C58C2D294ACD8D752

Function 007E542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(007F3CD6,?,?,?,?,?,?,?,?,007E5BA3,?,?,007F3CD6,?,?), ref: 007E5470
__fassign.LIBCMT ref: 007E54EB
__fassign.LIBCMT ref: 007E5506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,007F3CD6,00000005,00000000,00000000), ref: 007E552C
WriteFile.KERNEL32(?,007F3CD6,00000000,007E5BA3,00000000,?,?,?,?,?,?,?,?,?,007E5BA3,?), ref: 007E554B
WriteFile.KERNEL32(?,?,00000001,007E5BA3,00000000,?,?,?,?,?,?,?,?,?,007E5BA3,?), ref: 007E5584

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 68a802c488cecacd979064e183d00ecd0cc90d5eb5bf0403831b2718933f3c8c
Instruction ID: dacc7c6475ec322bf08e78eeec23da1f53e2c8c9574a45080d5e5ac792db6e95
Opcode Fuzzy Hash: 68a802c488cecacd979064e183d00ecd0cc90d5eb5bf0403831b2718933f3c8c
Instruction Fuzzy Hash: DD51F370A016889FDB10CFA9D845AEEBBFAFF0D304F14401AF555E7292E734AA50CB60

Function 008310B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0083304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
Part of subcall function 0083304E: _wcslen.LIBCMT ref: 0083309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00831112
WSAGetLastError.WSOCK32 ref: 00831121
WSAGetLastError.WSOCK32 ref: 008311C9
closesocket.WSOCK32(00000000), ref: 008311F9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: aa80fb04d662afc9f981e1a1107a232f5b826f3ea205324764ac09d89f51b4fd
Instruction ID: 8fc72b3eb03d402af1503b91e775391a531c19a66e874b557d7537fc45723185
Opcode Fuzzy Hash: aa80fb04d662afc9f981e1a1107a232f5b826f3ea205324764ac09d89f51b4fd
Instruction Fuzzy Hash: CF41C035600208AFDB109F18C889BEEBBA9FF85768F148059F915DB291C774AD41CBE1

Function 0081CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0081CF22,?), ref: 0081DDFD

Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0081CF22,?), ref: 0081DE16

lstrcmpiW.KERNEL32(?,?), ref: 0081CF45
MoveFileW.KERNEL32(?,?), ref: 0081CF7F
_wcslen.LIBCMT ref: 0081D005
_wcslen.LIBCMT ref: 0081D01B
SHFileOperationW.SHELL32(?), ref: 0081D061

Strings

\*.*, xrefs: 0081CFF3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 02ccf2360dced0eb2229c3ff1ece7d7324274acd33aa8fda42f86dc179f51871
Instruction ID: b6d8cd6df0018168083554ed81900cc52b34d5308be313d6f0a8a5e3fcfb86c9
Opcode Fuzzy Hash: 02ccf2360dced0eb2229c3ff1ece7d7324274acd33aa8fda42f86dc179f51871
Instruction Fuzzy Hash: 55415FB18452199FDF12EFA4D985ADEB7BDFF08380F1000A6E505EB141EE74A689CB50

Function 00842DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00842E1C
GetWindowLongW.USER32(?,000000F0), ref: 00842E4F
GetWindowLongW.USER32(?,000000F0), ref: 00842E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00842EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00842EE0
GetWindowLongW.USER32(?,000000F0), ref: 00842EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00842F0B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 05960b333e27ea0bedafb902aafc1eb931dd9eebbd26dd56047a1d36ada3867f
Instruction ID: db0c86f74fd0b533bcee217cc3ab0a5ff1fa3f74fdfeea95374af0de6c00b9bf
Opcode Fuzzy Hash: 05960b333e27ea0bedafb902aafc1eb931dd9eebbd26dd56047a1d36ada3867f
Instruction Fuzzy Hash: 47311234609248AFEB60CF58DC88F653BE8FB9A714F9501A4F915CB2B2CB71AC41DB01

Function 00817726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0081778F
SysAllocString.OLEAUT32(00000000), ref: 00817792
SysAllocString.OLEAUT32(?), ref: 008177B0
SysFreeString.OLEAUT32(?), ref: 008177B9
StringFromGUID2.OLE32(?,?,00000028), ref: 008177DE
SysAllocString.OLEAUT32(?), ref: 008177EC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 67f4a1ca6e1a5083ea61e65757e80f5f701ec7ba5e786367624034930cb98d8c
Instruction ID: c09d96912ef472a9659014b43281c070289188b6ff4d46ee32eca98d83a8cad1
Opcode Fuzzy Hash: 67f4a1ca6e1a5083ea61e65757e80f5f701ec7ba5e786367624034930cb98d8c
Instruction Fuzzy Hash: DD219C7A605219AFDB10AFA8CC88DFA73ACFF09364B048429FA15DB191D6749C81C764

Function 008177FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817868
SysAllocString.OLEAUT32(00000000), ref: 0081786B
SysAllocString.OLEAUT32 ref: 0081788C
SysFreeString.OLEAUT32 ref: 00817895
StringFromGUID2.OLE32(?,?,00000028), ref: 008178AF
SysAllocString.OLEAUT32(?), ref: 008178BD

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 7681bd24a57248b3c3fa65ffba1721cbbfd214dea498866a5450d465e65844cd
Instruction ID: 15a0a2aa352e7835d3628aaa5ccc35edd1ae092a56bd61a10fab9e2e7b81d063
Opcode Fuzzy Hash: 7681bd24a57248b3c3fa65ffba1721cbbfd214dea498866a5450d465e65844cd
Instruction Fuzzy Hash: F0213E75609208AF9B10AFA8DC88DEA77BCFF097607108139F915CB2A1D674DC81CB78

Function 008204D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 008204F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0082052E

Strings

nul, xrefs: 00820567

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 4eadd0d0f406ed8b37d85d1a844c9417d68d7bf44d1dd90423ea920de8a05be2
Instruction ID: 8f387ed2f0c2db72fc2c2410181b423b9adc0da78c6ef4113ae05e63b9ebc45c
Opcode Fuzzy Hash: 4eadd0d0f406ed8b37d85d1a844c9417d68d7bf44d1dd90423ea920de8a05be2
Instruction Fuzzy Hash: 9F216275600329ABDB209F69ED44A5A77F8FF45724F204A19F8A1E62E1D7B09980CF60

Function 008205A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 008205C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00820601

Strings

nul, xrefs: 00820639

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: d1d30adf5126f0eb903041bf036a9491207d0c5c8829c9e4900feedd0499b632
Instruction ID: 0a50b54d4eef082041caebc020258a3c34bedfe85ce6e8c1ce5863e85a8a15e9
Opcode Fuzzy Hash: d1d30adf5126f0eb903041bf036a9491207d0c5c8829c9e4900feedd0499b632
Instruction Fuzzy Hash: 28216775500325AFDB209F69EC44A5A77E8FF95724F200A19F8A1E72E6D7B099A0CF10

Function 008440AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
Part of subcall function 007B600E: GetStockObject.GDI32(00000011), ref: 007B6060
Part of subcall function 007B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00844112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0084411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0084412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00844139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00844145

Strings

Msctls_Progress32, xrefs: 008440E3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 74233505dac18087fe67519f97f4bef570f99e2ec352a1962b501147ec7b8ae8
Instruction ID: 48f1f3db62b34d7c1d21f2766930cbb49648fec5eaff06b5cc8e436533e29a80
Opcode Fuzzy Hash: 74233505dac18087fe67519f97f4bef570f99e2ec352a1962b501147ec7b8ae8
Instruction Fuzzy Hash: B41190B214021DBEEF119E64CC86EE77F5DFF18798F014111BA18E2150CA769C21DBA4

Function 007ED7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 007ED7A3: _free.LIBCMT ref: 007ED7CC

_free.LIBCMT ref: 007ED82D

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007ED838
_free.LIBCMT ref: 007ED843
_free.LIBCMT ref: 007ED897
_free.LIBCMT ref: 007ED8A2
_free.LIBCMT ref: 007ED8AD
_free.LIBCMT ref: 007ED8B8

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: bb49280d3295ce41be947cc3099dc98e118f2387f72571b85a4e8dd66a6e4271
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 3E112171542B88EAD531BFB2CC4FFCB7BDC6F08700F404825B699A64A3DA6DB9064A50

Function 0081DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0081DA74
LoadStringW.USER32(00000000), ref: 0081DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0081DA91
LoadStringW.USER32(00000000), ref: 0081DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0081DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 0081DAB9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 0c10b0d34af12b616334150b5399298cc02a490a04e45654805d7876532d5ec1
Instruction ID: 397092b9d2479e009854f95dc3065eeb54fcf66dcdef4eb4466dc10a41d40ec7
Opcode Fuzzy Hash: 0c10b0d34af12b616334150b5399298cc02a490a04e45654805d7876532d5ec1
Instruction Fuzzy Hash: 6D016DF69002187FE750EBE49D89EEB376CFB09305F404496B746E2041EA749E848F74

Function 0082096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(0106BDD0,0106BDD0), ref: 0082097B
EnterCriticalSection.KERNEL32(0106BDB0,00000000), ref: 0082098D
TerminateThread.KERNEL32(?,000001F6), ref: 0082099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 008209A9
CloseHandle.KERNEL32(?), ref: 008209B8
InterlockedExchange.KERNEL32(0106BDD0,000001F6), ref: 008209C8
LeaveCriticalSection.KERNEL32(0106BDB0), ref: 008209CF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: f8f19885ec25f99b793cb3409d946e5655ed91dabc2f03c6761e76172889a649
Instruction ID: c27ea578c84097ac68dfa3844e3a88c0e6e700d7df2165cc86b00996453fc88a
Opcode Fuzzy Hash: f8f19885ec25f99b793cb3409d946e5655ed91dabc2f03c6761e76172889a649
Instruction Fuzzy Hash: EFF0EC36543A22BBD7915FA4EE8DBD6BB39FF06702F402025F202908A1C7B594A5CF90

Function 007B5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 007B5D30
GetWindowRect.USER32(?,?), ref: 007B5D71
ScreenToClient.USER32(?,?), ref: 007B5D99
GetClientRect.USER32(?,?), ref: 007B5ED7
GetWindowRect.USER32(?,?), ref: 007B5EF8

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 4d16a9b7c4e20251a851246524c987ba5d43520c1eeac7b6ca8907a455d86baf
Instruction ID: 735e8d0b6caff71039bd0a7ef852065b70e4b6c7056a287e9183832cdee80c16
Opcode Fuzzy Hash: 4d16a9b7c4e20251a851246524c987ba5d43520c1eeac7b6ca8907a455d86baf
Instruction Fuzzy Hash: 00B15739A00A4ADBDB10CFA9C4807FAB7F1FF58310F14851AE9A9D7250DB38EA51DB54

Function 007E01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 007E00BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E00D6
__allrem.LIBCMT ref: 007E00ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E010B
__allrem.LIBCMT ref: 007E0122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E0140

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: b20514696396fda7d49a5843c09301fa8ca21e88b1e6ecd21a39ffc6a3bbf7db
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 49810672602746EBE7209F2ACC45B6F73F9AF49324F24453AF511DA381E7B8D9408790

Function 00831D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00833149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0083101C,00000000,?,?,00000000), ref: 00833195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00831DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00831DE1
WSAGetLastError.WSOCK32 ref: 00831DF2
inet_ntoa.WSOCK32(?), ref: 00831E8C
htons.WSOCK32(?,?,?,?,?), ref: 00831EDB
_strlen.LIBCMT ref: 00831F35

Part of subcall function 008139E8: _strlen.LIBCMT ref: 008139F2

Part of subcall function 007B6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,007CCF58,?,?,?), ref: 007B6DBA
Part of subcall function 007B6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,007CCF58,?,?,?), ref: 007B6DED

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: 4eebfdf1abf936de8f9db1d45a0fc00a3b2e52c0591a44ac401cbef1fbf1ca4f
Instruction ID: a91da524c14d3de9e1775de7390000fda70d04a2ea3ebf8fcd2f2a43937bb32b
Opcode Fuzzy Hash: 4eebfdf1abf936de8f9db1d45a0fc00a3b2e52c0591a44ac401cbef1fbf1ca4f
Instruction Fuzzy Hash: CAA1CE30204340AFC724DB24C889F6ABBA5FFC5718F54895CF5569B2A2CB75ED42CB92

Function 007E61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007D82D9,007D82D9,?,?,?,007E644F,00000001,00000001,8BE85006), ref: 007E6258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007E644F,00000001,00000001,8BE85006,?,?,?), ref: 007E62DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007E63D8
__freea.LIBCMT ref: 007E63E5

Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

__freea.LIBCMT ref: 007E63EE
__freea.LIBCMT ref: 007E6413

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 9402296ca708fc4792ad87e211bd88c132335c43ffb9a3d687f62096d0bfe413
Instruction ID: 156c82dfe7b9aa2514b5020d008673c770ba74f8bdd7a0ea57b22a5bbd12d1d8
Opcode Fuzzy Hash: 9402296ca708fc4792ad87e211bd88c132335c43ffb9a3d687f62096d0bfe413
Instruction Fuzzy Hash: 7E510472602296ABDB258F66CC85EBF77A9EF58790F144629FD05D7180EB38DC40C6A0

Function 0083BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083BD25
RegCloseKey.ADVAPI32(00000000), ref: 0083BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0083BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0083BDF3
RegCloseKey.ADVAPI32(?), ref: 0083BDFF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: ca870c8a068ea850fdccf6525713b15c595d9a4ff4f10a131849780150bf1f34
Instruction ID: 2a2830a9a89c550ffab2c42ac810b7802420bb4711ecf27d7a727d71da4d3fae
Opcode Fuzzy Hash: ca870c8a068ea850fdccf6525713b15c595d9a4ff4f10a131849780150bf1f34
Instruction Fuzzy Hash: 7281A070208241EFD714DF24C895E6ABBE5FF84308F14895DF6598B2A2DB31ED45CB92

Function 0080F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 0080F7B9
SysAllocString.OLEAUT32(00000001), ref: 0080F860
VariantCopy.OLEAUT32(0080FA64,00000000), ref: 0080F889
VariantClear.OLEAUT32(0080FA64), ref: 0080F8AD
VariantCopy.OLEAUT32(0080FA64,00000000), ref: 0080F8B1
VariantClear.OLEAUT32(?), ref: 0080F8BB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: c0daa87be509465dc15cb7dc44de345f60b467517157a08ccb9cd5abaf162445
Instruction ID: 4b932705aeb3ec34ec0f726314d81d7ebfaa5aede649a36723e624c1718585a2
Opcode Fuzzy Hash: c0daa87be509465dc15cb7dc44de345f60b467517157a08ccb9cd5abaf162445
Instruction Fuzzy Hash: E7511731600314EADFB0AB65DC95B69B7A8FF45314B20C42AEA02DF6D3D7748C40C796

Function 0082910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 008294E5
_wcslen.LIBCMT ref: 00829506
_wcslen.LIBCMT ref: 0082952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00829585

Strings

X, xrefs: 00829412

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 9485bcc7ac1a8acc7fd18ff802b66d8be47f5078eb84f1a6b5cede8c1c77c6c4
Instruction ID: 2fbcf54583fa761b377acb6f7820c5eccfc9df1326cc8bcf9d45b17c50c0e9f8
Opcode Fuzzy Hash: 9485bcc7ac1a8acc7fd18ff802b66d8be47f5078eb84f1a6b5cede8c1c77c6c4
Instruction Fuzzy Hash: 71E1AE31604310DFC724EF24D889BAAB7E4FF84314F14896DE9999B2A2DB34DD45CB92

Function 007C920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

BeginPaint.USER32(?,?,?), ref: 007C9241
GetWindowRect.USER32(?,?), ref: 007C92A5
ScreenToClient.USER32(?,?), ref: 007C92C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007C92D3
EndPaint.USER32(?,?,?,?,?), ref: 007C9321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008071EA

Part of subcall function 007C9339: BeginPath.GDI32(00000000), ref: 007C9357

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: e331c05b1789766830afaba4f11a83c2b7602612c1e4d8683a46b1080adbbe3f
Instruction ID: ac66086d4325e7e2a011fe797acfbd339b212d36ffc8b43932e60ec032e0dff3
Opcode Fuzzy Hash: e331c05b1789766830afaba4f11a83c2b7602612c1e4d8683a46b1080adbbe3f
Instruction Fuzzy Hash: 1E418C70505201EFDB51DF28CC88FAA7BA8FB56320F14066DFA95C72E1CB35A846DB61

Function 008207EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 0082080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00820847
EnterCriticalSection.KERNEL32(?), ref: 00820863
LeaveCriticalSection.KERNEL32(?), ref: 008208DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008208F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00820921

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 7d0ce0ab9e20f6e0f3d5c86711fc7bb73abc4e2c24b16ddb4b8683cafb48649b
Instruction ID: 05cd6cd3e21b83c3ee9e1bfccf5d61e33f8d31a31e4c79350daf2c97486b4793
Opcode Fuzzy Hash: 7d0ce0ab9e20f6e0f3d5c86711fc7bb73abc4e2c24b16ddb4b8683cafb48649b
Instruction Fuzzy Hash: F6416B71900215EBDF14AF64DC89A6A77B9FF04300F1440A9ED04DA297DB74DEA1DFA4

Function 008481DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0080F3AB,00000000,?,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0084824C
EnableWindow.USER32(?,00000000), ref: 00848272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 008482D1
ShowWindow.USER32(?,00000004), ref: 008482E5
EnableWindow.USER32(?,00000001), ref: 0084830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0084832F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: d34b490438f3b770e3ca7d68df8556ec132c2bfecfd2a476fa43e1cda6e6b118
Instruction ID: 560e613173ccbea6f468740666c0c89179e7c25fd6238db91fbc56e709dabd04
Opcode Fuzzy Hash: d34b490438f3b770e3ca7d68df8556ec132c2bfecfd2a476fa43e1cda6e6b118
Instruction Fuzzy Hash: BB41A534601658EFDF51CF29CC99BE87BE5FB0A714F185269E5188B262CB71AC41CB50

Function 00814C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00814C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00814CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00814CEA
_wcslen.LIBCMT ref: 00814D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00814D10
_wcsstr.LIBVCRUNTIME ref: 00814D1A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 3564b8b54709cf5a26147709583640c375eae3186e9a79249835ddfb1a1fd464
Instruction ID: dafa1353e084389a723a73f2631bd3020530227d14f701c609522a2e58ba2d6b
Opcode Fuzzy Hash: 3564b8b54709cf5a26147709583640c375eae3186e9a79249835ddfb1a1fd464
Instruction Fuzzy Hash: 9E213876205204BBEB555B39EC09EBB7BACEF45750F10907EF809CA192EA75DC81D2A0

Function 0082581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2

_wcslen.LIBCMT ref: 0082587B
CoInitialize.OLE32(00000000), ref: 00825995
CoCreateInstance.OLE32(0084FCF8,00000000,00000001,0084FB68,?), ref: 008259AE
CoUninitialize.OLE32 ref: 008259CC

Strings

.lnk, xrefs: 00825876, 008258C1, 00825985

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: f07f93dbc57686f00b6ebbb5e2df5cd26396f75515e79a0778075418720a209a
Instruction ID: 3aa551f535abcae5cf4e8a6e1f23ddd9778886301623694da6f0f7d8d77352cb
Opcode Fuzzy Hash: f07f93dbc57686f00b6ebbb5e2df5cd26396f75515e79a0778075418720a209a
Instruction Fuzzy Hash: 6CD15071608611DFC714DF24D488A6ABBE5FF89720F148859F88ADB361DB31EC85CB92

Function 0081175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00810FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00810FCA
Part of subcall function 00810FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00810FD6
Part of subcall function 00810FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00810FE5
Part of subcall function 00810FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00810FEC
Part of subcall function 00810FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00811002

GetLengthSid.ADVAPI32(?,00000000,00811335), ref: 008117AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 008117BA
HeapAlloc.KERNEL32(00000000), ref: 008117C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 008117DA
GetProcessHeap.KERNEL32(00000000,00000000,00811335), ref: 008117EE
HeapFree.KERNEL32(00000000), ref: 008117F5

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 43388ad88ae111a0e3ddeab9fe74fcf3b32928b59066d5211acfefd5fbdad174
Instruction ID: 1791a53b9c0f37753701697067b9e25a0c276fe39f103af1701c0a300f2c51dc
Opcode Fuzzy Hash: 43388ad88ae111a0e3ddeab9fe74fcf3b32928b59066d5211acfefd5fbdad174
Instruction Fuzzy Hash: BB118636602609EBDF109FA4CC49FEE7BADFF42359F104818E581E7294C736A980CB60

Function 008114CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008114FF
OpenProcessToken.ADVAPI32(00000000), ref: 00811506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00811515
CloseHandle.KERNEL32(00000004), ref: 00811520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0081154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00811563

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: a206740ca971809b4b692bdef07b1e2c230afe89498ca4c7da505547bb625867
Instruction ID: befebe8f913ca5f7072692a5b3c4c8e4d74bc3703ab63a3da87fb2a367805a30
Opcode Fuzzy Hash: a206740ca971809b4b692bdef07b1e2c230afe89498ca4c7da505547bb625867
Instruction Fuzzy Hash: BC11297660220DABDF118F98DD49FDE7BAEFF49744F044015FA05A2160C3758EA0DB61

Function 007D3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,007D3379,007D2FE5), ref: 007D3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007D339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007D33B7
SetLastError.KERNEL32(00000000,?,007D3379,007D2FE5), ref: 007D3409

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 70e49fe5c61183378dc5af9fa03b35a25b56d7f2a5985bd5c2fd3d1a2ca4324b
Instruction ID: 5a2af98d07fef3641b7fd9a02d44239554d3a57a71ada4ed1d44270af326a66c
Opcode Fuzzy Hash: 70e49fe5c61183378dc5af9fa03b35a25b56d7f2a5985bd5c2fd3d1a2ca4324b
Instruction Fuzzy Hash: 3D012432209711FEAA242BB4BC8D5262AB8FB05379320022FF414963F1EF198D819186

Function 007E2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,007E5686,007F3CD6,?,00000000,?,007E5B6A,?,?,?,?,?,007DE6D1,?,00878A48), ref: 007E2D78
_free.LIBCMT ref: 007E2DAB
_free.LIBCMT ref: 007E2DD3
SetLastError.KERNEL32(00000000,?,?,?,?,007DE6D1,?,00878A48,00000010,007B4F4A,?,?,00000000,007F3CD6), ref: 007E2DE0
SetLastError.KERNEL32(00000000,?,?,?,?,007DE6D1,?,00878A48,00000010,007B4F4A,?,?,00000000,007F3CD6), ref: 007E2DEC
_abort.LIBCMT ref: 007E2DF2

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 30691485b4a6b20d126be4be2b8801a9c5ac44aa787ae20c930edb3673c64dcb
Instruction ID: dcd59a9627bac9f6fcdb89895675d94b15d61b2987c9438e7278907d289b71f5
Opcode Fuzzy Hash: 30691485b4a6b20d126be4be2b8801a9c5ac44aa787ae20c930edb3673c64dcb
Instruction Fuzzy Hash: 8DF0F935607580B7C25267376C0EA1A265DBBCA7A4F314119F624D32A3EE2C88034160

Function 00848A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 007C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96A2
Part of subcall function 007C9639: BeginPath.GDI32(?), ref: 007C96B9
Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00848A4E
LineTo.GDI32(?,00000003,00000000), ref: 00848A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00848A70
LineTo.GDI32(?,00000000,00000003), ref: 00848A80
EndPath.GDI32(?), ref: 00848A90
StrokePath.GDI32(?), ref: 00848AA0

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 3d321a40a4a2f199871ad92441e7804a5175939dfea7f1ba3df9303118f39fef
Instruction ID: 6fc316a5b477960c6d52a3f73b5bf95c4b115089fbf2906a7f119267e4524209
Opcode Fuzzy Hash: 3d321a40a4a2f199871ad92441e7804a5175939dfea7f1ba3df9303118f39fef
Instruction Fuzzy Hash: F411057600111CFFEF129F94DC88EAA7F6CFB09394F048022FA199A1A1C771AD55DBA0

Function 008151FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00815218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00815229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00815230
ReleaseDC.USER32(00000000,00000000), ref: 00815238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 0081524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00815261

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 2b35a14a6b9404fa82cd2ee3cf8cede32e987296bda9735f90f77c51db30cb75
Instruction ID: 26fcf05aff55e071b714a06cb8017ff89b591e320e8addc1cc98217dd0ef9d72
Opcode Fuzzy Hash: 2b35a14a6b9404fa82cd2ee3cf8cede32e987296bda9735f90f77c51db30cb75
Instruction Fuzzy Hash: B1014F75A01719BBEB109BA69C49A5EBFBCFF49751F048066FA04E7291DA709800CFA0

Function 007B1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 007B1BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 007B1BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 007B1C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 007B1C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 007B1C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 007B1C22

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 63b053ac44c51eae03ab861f12dd4979592de3ca2760f43d626d9661ffc6f3f0
Instruction ID: 3f8686ace90b27130a065b1dffd0cc3d05dc5a0dd8acd1c2a841b472654460b8
Opcode Fuzzy Hash: 63b053ac44c51eae03ab861f12dd4979592de3ca2760f43d626d9661ffc6f3f0
Instruction Fuzzy Hash: B10167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CFE5

Function 0081EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0081EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0081EB46
GetWindowThreadProcessId.USER32(?,?), ref: 0081EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB75

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: e66797af8c43b99b37343f043edbcd3cdcb46727e616ce3037a06bf5ea47335d
Instruction ID: 901d6b6c9596cd258f93bb76504fc56fc0e80b314647739ba9a3f5df6893303c
Opcode Fuzzy Hash: e66797af8c43b99b37343f043edbcd3cdcb46727e616ce3037a06bf5ea47335d
Instruction Fuzzy Hash: D1F0BEBA202158BBE7605B629C0EEEF3E7CFFCBB11F004158FA02E1090D7A01A01C6B4

Function 00807439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00807452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00807469
GetWindowDC.USER32(?), ref: 00807475
GetPixel.GDI32(00000000,?,?), ref: 00807484
ReleaseDC.USER32(?,00000000), ref: 00807496
GetSysColor.USER32(00000005), ref: 008074B0

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: acb979966e7a7a8ae8b3401b6dc3d0b94f7d225158ff5ee21d12e7a87cc43d1b
Instruction ID: a1a110e5c03d7311928d127f5015a7cefbee78a13102714282868b4eb6ec928e
Opcode Fuzzy Hash: acb979966e7a7a8ae8b3401b6dc3d0b94f7d225158ff5ee21d12e7a87cc43d1b
Instruction Fuzzy Hash: 6D018635801605EFEB905FA4DC08BAE7BB9FB05321F224068FA16A21A1CB312E41EB14

Function 00811874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 0081187F
UnloadUserProfile.USERENV(?,?), ref: 0081188B
CloseHandle.KERNEL32(?), ref: 00811894
CloseHandle.KERNEL32(?), ref: 0081189C
GetProcessHeap.KERNEL32(00000000,?), ref: 008118A5
HeapFree.KERNEL32(00000000), ref: 008118AC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 16a481885e78c2fa61b1b01d01873b95588c74c7b80c024a57098c4260f90122
Instruction ID: 1c0937363f03f0a46bf8fc9774ef32a150b21399f27d2067bf766a607b505bf1
Opcode Fuzzy Hash: 16a481885e78c2fa61b1b01d01873b95588c74c7b80c024a57098c4260f90122
Instruction Fuzzy Hash: B1E0E53A206101BBDB415FA5ED0C90AFF3DFF4AB22B108220F22581170CB329420DF50

Function 0081C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0081C6EE
_wcslen.LIBCMT ref: 0081C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0081C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0081C7CA

Strings

0, xrefs: 0081C6AF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: d378e557efb11aed9cfaead9b92d2c877bff3fb23bc0d371c9f8dd0be77a9531
Instruction ID: eb8bf6c51b4bbe777219372a5a75404beadabe73d54c1f13d426a15ea12e24b4
Opcode Fuzzy Hash: d378e557efb11aed9cfaead9b92d2c877bff3fb23bc0d371c9f8dd0be77a9531
Instruction Fuzzy Hash: FE51AD716843019BD714AF28C889BEA77ECFF59314F040A2DF996D21E1DBA4D984CB52

Function 0083AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 0083AEA3

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

GetProcessId.KERNEL32(00000000), ref: 0083AF38
CloseHandle.KERNEL32(00000000), ref: 0083AF67

Strings

<, xrefs: 0083AE6B
@, xrefs: 0083AE72

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: a1e8e54d99908530fd31c87e4971018f6bd14dc05f2c7eeb71df1fd777beea8e
Instruction ID: 0e93e18584d8fd4e031ba74f8871918c6b0a72136bb4e8682d7f72f6ddc2bcfa
Opcode Fuzzy Hash: a1e8e54d99908530fd31c87e4971018f6bd14dc05f2c7eeb71df1fd777beea8e
Instruction Fuzzy Hash: 87718A75A00619DFCB18DF54C489A9EBBF4FF48314F048499E856AB3A2CB78ED41CB91

Function 0081719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00817206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0081723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0081724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008172CF

Strings

DllGetClassObject, xrefs: 00817242

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 38a6ffc5ca8cbca647b1fc7f10cd762c66a8f94732e9ebd2ada5964b33278f4b
Instruction ID: 1ca5c98b3e6a3f8f05037f39f97756a81cdd12291725abb556c542c6cfa0c9e7
Opcode Fuzzy Hash: 38a6ffc5ca8cbca647b1fc7f10cd762c66a8f94732e9ebd2ada5964b33278f4b
Instruction Fuzzy Hash: D9412971A04205AFDB15CF54C884ADA7BBDFF49314B1480ADBD0ADF20AD7B1D985CBA0

Function 00843D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00843E35
IsMenu.USER32(?), ref: 00843E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00843E92
DrawMenuBar.USER32 ref: 00843EA5

Strings

0, xrefs: 00843D89

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 45180c6f9bd4b2ccfb32527353aac6a5f9f7ddb61013cd8a837b161c1244ee81
Instruction ID: b52c46acbfc5dd71368a9f03236ddabf6cb1de7dcc274b189626b5d1a03da5cf
Opcode Fuzzy Hash: 45180c6f9bd4b2ccfb32527353aac6a5f9f7ddb61013cd8a837b161c1244ee81
Instruction Fuzzy Hash: CF414575A0220DEFDB10EF64D884AAABBB9FF49354F044129E915EB650D730AE45CF60

Function 00811DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00811E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00811E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00811EA9

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

Strings

ListBox, xrefs: 00811E25
ComboBox, xrefs: 00811DF0

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: a53d673d4eddfad0e43288959870c60e66c2f82700560289a58195870686ea9a
Instruction ID: 6dd28082749322f52527f9083762dc85afc477b2eb9fa2f146637e5ffa25ed64
Opcode Fuzzy Hash: a53d673d4eddfad0e43288959870c60e66c2f82700560289a58195870686ea9a
Instruction Fuzzy Hash: 6B210771A00108BADF14ABA4DC4DDFFB7BDFF45354B104119FA26E71E1DB3849459620

Function 0083C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0083C9F1
_wcslen.LIBCMT ref: 0083CA68
_wcslen.LIBCMT ref: 0083CA9E
_wcslen.LIBCMT ref: 0083CAF9
_wcslen.LIBCMT ref: 0083CB2F
_wcslen.LIBCMT ref: 0083CB7F

Strings

HKLM, xrefs: 0083CA98, 0083CA9D
HKEY_LOCAL_MACHINE, xrefs: 0083CA62, 0083CA67

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: 96e607f1653f1de3847f50a58d7f48ca195059fd82775beab904785784a4a181
Instruction ID: ad75427804bba44a9bc872dc04acdd8cf432934fbf873aaaf5179b6f6b166b7d
Opcode Fuzzy Hash: 96e607f1653f1de3847f50a58d7f48ca195059fd82775beab904785784a4a181
Instruction Fuzzy Hash: 6A31B1B2A001798BCB20EF6D98545BE33A1FBE1754F154029E855FB349EA75CD44D3E0

Function 00842F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00842F8D
LoadLibraryW.KERNEL32(?), ref: 00842F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00842FA9
DestroyWindow.USER32(?), ref: 00842FB1

Strings

SysAnimate32, xrefs: 00842F68

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: 62840c4a7149199b99da4e1aa952f25cc0ae62149e190b09335d082f571e427d
Instruction ID: d45e6647133c00990e823b7ae1700e6fe0e827252d86e0245c9451369a3b9770
Opcode Fuzzy Hash: 62840c4a7149199b99da4e1aa952f25cc0ae62149e190b09335d082f571e427d
Instruction Fuzzy Hash: 5821AE7120820DABEB205F64DC84EBB77BDFB69364F904218F950D2190DB71DC559760

Function 007D4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007D4D1E,007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002), ref: 007D4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007D4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,007D4D1E,007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000), ref: 007D4DC3

Strings

mscoree.dll, xrefs: 007D4D86
CorExitProcess, xrefs: 007D4D98

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 8400c6adf447e1ce7be9f633a421b9195ce8996fef8a6b3035f2c9ce3c026de3
Instruction ID: 009cc838ae82663efe9e218ba111b8a39ed9961825e89eb936bcd1728044c400
Opcode Fuzzy Hash: 8400c6adf447e1ce7be9f633a421b9195ce8996fef8a6b3035f2c9ce3c026de3
Instruction Fuzzy Hash: A6F04F35A41208BBDB519F90DC49BADBFB9FF48756F0000A9F909A2360DB359940CED0

Function 0080D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 0080D3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0080D3BF
FreeLibrary.KERNEL32(00000000), ref: 0080D3E5

Strings

X64, xrefs: 0080D2A8
GetSystemWow64DirectoryW, xrefs: 0080D3B9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 803d85b4c19a42dda54a395bf521526526d6d7a17e6ad91fb263cb61b7087ae2
Instruction ID: 50cf7d2b85a3fb04d981a5bf85736a1ed49d82a929f3706e93277faa45b8956b
Opcode Fuzzy Hash: 803d85b4c19a42dda54a395bf521526526d6d7a17e6ad91fb263cb61b7087ae2
Instruction Fuzzy Hash: 9EF05C75407714EBD7F117904C08A197718FF11705B558059F801E12C9EB24DD44C795

Function 007B4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4EAE
FreeLibrary.KERNEL32(00000000,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EC0

Strings

Wow64DisableWow64FsRedirection, xrefs: 007B4EA8
kernel32.dll, xrefs: 007B4E94

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 91501abc1e4e3c3b6cebd153be5206cabbfd4d53cfcfcd39315af6641b26217c
Instruction ID: 2cf28801316f23443af8c7466a14622f30a442b876fc85099be98b51582b6bda
Opcode Fuzzy Hash: 91501abc1e4e3c3b6cebd153be5206cabbfd4d53cfcfcd39315af6641b26217c
Instruction Fuzzy Hash: 05E01D39A036225BD3B11B296C19B9F755CFF82F667050115FD05D2256DB6CCD01C5A1

Function 007B4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4E74
FreeLibrary.KERNEL32(00000000,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E87

Strings

Wow64RevertWow64FsRedirection, xrefs: 007B4E6E
kernel32.dll, xrefs: 007B4E5B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 7891c0e88bb014a026f9a1884b5abb12965c8ba9d4e8197aa0781b516d3ca84e
Instruction ID: 9e149030d5132c0ccb954c4f8892cf3a71f8393d6646c3f192616eb68c94063c
Opcode Fuzzy Hash: 7891c0e88bb014a026f9a1884b5abb12965c8ba9d4e8197aa0781b516d3ca84e
Instruction Fuzzy Hash: 97D01239503A615756A21B256C1CECB7B1CFF86B653054515B905E2215CF69CD01C5E1

Function 00822947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822C05
DeleteFileW.KERNEL32(?), ref: 00822C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00822C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822CC0

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: e1418647f15477fc153d24a79e0b4b6c33fe898b344572febf70c5b13b463224
Instruction ID: 63e30089b1e106abe8d7d06f8cbb448471273090a60a21a06621a022785827c6
Opcode Fuzzy Hash: e1418647f15477fc153d24a79e0b4b6c33fe898b344572febf70c5b13b463224
Instruction Fuzzy Hash: BFB14E71900129ABDF21EBA4DC89EDEB77DFF49350F1040A6F509E6251EA349A848B61

Function 0083A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 0083A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0083A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0083A468
CloseHandle.KERNEL32(?), ref: 0083A63D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 60f922a95c2249ce0db227c371199d53537d4d707d0c83f6ba1aab96960eadcf
Instruction ID: e88a837d78b4ac00a62b3dc50a748321c95022841be92e8bd062cacdef286bf5
Opcode Fuzzy Hash: 60f922a95c2249ce0db227c371199d53537d4d707d0c83f6ba1aab96960eadcf
Instruction Fuzzy Hash: 15A18B71604300AFD724DF24C886F2AB7E5AF84714F14885DF99ADB292DBB4ED41CB92

Function 0081E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0081CF22,?), ref: 0081DDFD

Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0081CF22,?), ref: 0081DE16

Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A

lstrcmpiW.KERNEL32(?,?), ref: 0081E473
MoveFileW.KERNEL32(?,?), ref: 0081E4AC
_wcslen.LIBCMT ref: 0081E5EB
_wcslen.LIBCMT ref: 0081E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0081E650

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 51147a078b55d69c0d916ce7ce82d8b678ecd426660258f6de41b1658309781f
Instruction ID: 26cac6b81c3406e3b3c6c13bf8bc32650a8d8f255ae7dd6e01368d19f0ea68fa
Opcode Fuzzy Hash: 51147a078b55d69c0d916ce7ce82d8b678ecd426660258f6de41b1658309781f
Instruction Fuzzy Hash: 765162B24087459BC724DBA4DC859DBB3ECEF85340F00491EFA89D3151EF74A688C76A

Function 0083B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0083BB63
RegCloseKey.ADVAPI32(?,?), ref: 0083BBA6
RegCloseKey.ADVAPI32(00000000), ref: 0083BBB3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 976e26c04b20bc5a12d954d09e38dc3fbec1d8eeaebcadf6e6dbb938daf35e18
Instruction ID: 915a1bf8fdf480946be1e8e1bf6379da5583708308921a02e4bb1aa5b71d09d6
Opcode Fuzzy Hash: 976e26c04b20bc5a12d954d09e38dc3fbec1d8eeaebcadf6e6dbb938daf35e18
Instruction Fuzzy Hash: D161BE71209241EFC314DF24C494E6ABBE9FF84318F14899CF5998B2A2DB31ED45CB92

Function 00818BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00818BCD
VariantClear.OLEAUT32 ref: 00818C3E
VariantClear.OLEAUT32 ref: 00818C9D
VariantClear.OLEAUT32(?), ref: 00818D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00818D3B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: a192d7347853d5542ce2014cbe6a5da05734a6ca6751ca69ea49e780e344b7ca
Instruction ID: 0717e7c583a6d0fa4bff7d2146e98a97055155ff2052df60ec8de89695b084e9
Opcode Fuzzy Hash: a192d7347853d5542ce2014cbe6a5da05734a6ca6751ca69ea49e780e344b7ca
Instruction Fuzzy Hash: 0A5167B5A00219EFCB10CF68D884AAAB7F8FF89314B158559F909DB350E730E911CF90

Function 00828AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00828BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00828BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00828C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00828C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00828C5F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 2b984eb55d4475901035b574e47172ee16e081fb628804f5c909e8120298431a
Instruction ID: fa45f049807b4b4658e5e3b8ac8dea22e9d34fc12c947db5d23689723375dc57
Opcode Fuzzy Hash: 2b984eb55d4475901035b574e47172ee16e081fb628804f5c909e8120298431a
Instruction Fuzzy Hash: 75514A35A00215EFCB15DF64C885EA9BBF5FF49314F088498E849AB362DB35ED51CBA0

Function 00838EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00838F40
GetProcAddress.KERNEL32(00000000,?), ref: 00838FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00838FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00839032
FreeLibrary.KERNEL32(00000000), ref: 00839052

Part of subcall function 007CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00821043,?,753CE610), ref: 007CF6E6
Part of subcall function 007CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0080FA64,00000000,00000000,?,?,00821043,?,753CE610,?,0080FA64), ref: 007CF70D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 60b51738f433137863be13f074e00037ba21b3dfdb835d238feef0e5b49281e2
Instruction ID: a0350f6636dbbd63f69f6436dd1a36ffdc0ec5de9dcb23ca5d10eb111f0f1044
Opcode Fuzzy Hash: 60b51738f433137863be13f074e00037ba21b3dfdb835d238feef0e5b49281e2
Instruction Fuzzy Hash: FE514834605205DFCB14DF68C4989ADBBF1FF89314F0480A8E90AAB362DB75ED85CB90

Function 00846B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00846C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00846C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00846C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0082AB79,00000000,00000000), ref: 00846C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00846CC7

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 0bd301e41e89acbcd5a0d1cf7fe45fc9cea840b2b52f67f29b0494202971e972
Instruction ID: bf290d726349df6672adf69598dc108a22ab4fab9ab384f58dcfef6a0b400646
Opcode Fuzzy Hash: 0bd301e41e89acbcd5a0d1cf7fe45fc9cea840b2b52f67f29b0494202971e972
Instruction Fuzzy Hash: EB41D935A0410CAFD724CF68CC98FA57BA9FB0B364F150258F895D72E0E771AD61DA41

Function 007E2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 007E20C3
_free.LIBCMT ref: 007E20E3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 0eb78f96a2d8b70f85663c875dd3ea4a588c74c1f7e835f28c071646dbfae687
Instruction ID: a2ace22b2959035da55e73dfb98ff87d8fb33481e20233f5ce4637c4b0a496d2
Opcode Fuzzy Hash: 0eb78f96a2d8b70f85663c875dd3ea4a588c74c1f7e835f28c071646dbfae687
Instruction Fuzzy Hash: FB41E232A01204DFCB24DF79C885A5DB3B9EF89310F1545ADE515EB392EA35EE02CB80

Function 007C912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 007C9141
ScreenToClient.USER32(00000000,?), ref: 007C915E
GetAsyncKeyState.USER32(00000001), ref: 007C9183
GetAsyncKeyState.USER32(00000002), ref: 007C919D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: c7a1f87ea00286cef786fa22f82dcbcdb86e55a9ef9ba07dfde3bf59a246bcbc
Instruction ID: 53753f3889a0405dc13dd51329f2ab2f2b46feab1224bd42bfdc1a860809580f
Opcode Fuzzy Hash: c7a1f87ea00286cef786fa22f82dcbcdb86e55a9ef9ba07dfde3bf59a246bcbc
Instruction Fuzzy Hash: 0C416C31A0860AFBDF559F68C849BEEB774FB05324F248229E529A32E0C7346950CB91

Function 00823874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 008238CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00823922
TranslateMessage.USER32(?), ref: 0082394B
DispatchMessageW.USER32(?), ref: 00823955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00823966

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 4894f866e29422d1f4e86404c3d0eb82b22f019ffc277909dcf7b52d18bac3a0
Instruction ID: 83b34daef70e1c388b4c92db7a439930e9093cfff362392c97868da0fd45ed9a
Opcode Fuzzy Hash: 4894f866e29422d1f4e86404c3d0eb82b22f019ffc277909dcf7b52d18bac3a0
Instruction Fuzzy Hash: 6831C6709043659EEF25CB38A869BB67FACFB07304F04056DE462D65A0E7BCA6C5CB11

Function 0082CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 0082CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFF2

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 4101f05bc9bef8b04cb31701f682e2626987dc3601f44185d5e31de2c06d7a4e
Instruction ID: bc3f59297ca6893e6a1530d6481a83bac904f5691e828558d9d1594bb90b8d49
Opcode Fuzzy Hash: 4101f05bc9bef8b04cb31701f682e2626987dc3601f44185d5e31de2c06d7a4e
Instruction Fuzzy Hash: 12314C71600615EFDB20DFA5E984ABFBBFAFB15354B10442EF516D2150DBB0AE80DB60

Function 00811901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00811915
PostMessageW.USER32(00000001,00000201,00000001), ref: 008119C1
Sleep.KERNEL32(00000000,?,?,?), ref: 008119C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 008119DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 008119E2

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 9ac17af2adc12d955f4c2c8da24d0e2a6d1db0afabe856773213eb118223bd26
Instruction ID: 53003239f63097f18dc77db06ff1d4ddf5325693e3a1fbcb74e5d9ae406b500b
Opcode Fuzzy Hash: 9ac17af2adc12d955f4c2c8da24d0e2a6d1db0afabe856773213eb118223bd26
Instruction Fuzzy Hash: 40318A75A00219AFCB00CFA8C999ADE3BB9FF05315F108229FA21E72D1C7709984CB91

Function 00845706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00845745
SendMessageW.USER32(?,00001074,?,00000001), ref: 0084579D
_wcslen.LIBCMT ref: 008457AF
_wcslen.LIBCMT ref: 008457BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00845816

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 1dd6da03817f53a8a0e6af1bad776a351c0ddc6e953d428ac5c19a5d563f32e6
Instruction ID: fa9c51b16bf1c031e6374f46f664e51548d8e4c4e0cd00c7353d73df8f0b3b50
Opcode Fuzzy Hash: 1dd6da03817f53a8a0e6af1bad776a351c0ddc6e953d428ac5c19a5d563f32e6
Instruction Fuzzy Hash: 7C21A57590461CEBDB209F64CC85AEE7BBCFF15328F108226E929EA181D7709985CF50

Function 007C990F Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 007C98CC
SetTextColor.GDI32(?,?), ref: 007C98D6
SetBkMode.GDI32(?,00000001), ref: 007C98E9
GetStockObject.GDI32(00000005), ref: 007C98F1
GetWindowLongW.USER32(?,000000EB), ref: 007C9952

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: c4ed082e7e131905690d74d6f5a63ff9b4ed92afd4dc3dd7b5dcfad2ffd47669
Instruction ID: 459d8688670ddd7a197c83ef38b021c48ac8ab32e0af3e4620f31a56cfac5fce
Opcode Fuzzy Hash: c4ed082e7e131905690d74d6f5a63ff9b4ed92afd4dc3dd7b5dcfad2ffd47669
Instruction Fuzzy Hash: DA2147314462909FCBA24F34EC5CFE53FA4AF67321F09018EE6928B1E2D7396941CB10

Function 00830930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00830951
GetForegroundWindow.USER32 ref: 00830968
GetDC.USER32(00000000), ref: 008309A4
GetPixel.GDI32(00000000,?,00000003), ref: 008309B0
ReleaseDC.USER32(00000000,00000003), ref: 008309E8

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: fad088969bae27dec0015164babe6d7ddea8e4be3ed3f0492359b1ebcb207726
Instruction ID: 0aeea945fbd0d7a8874ef899441b9a99aabc184ccc356da6eecc438e4b021767
Opcode Fuzzy Hash: fad088969bae27dec0015164babe6d7ddea8e4be3ed3f0492359b1ebcb207726
Instruction Fuzzy Hash: A0219239A00214AFD714EF68D848AAEBBE9FF49700F04806DE846D7362CB74AD44CB90

Function 007ECDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 007ECDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007ECDE9

Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007ECE0F
_free.LIBCMT ref: 007ECE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007ECE31

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 33aceb5797cb3254fc29298eab8c0a9a4fcdae383b1d93a68b22f95d3662e208
Instruction ID: 3f4d337ff001e79b0e2f16a6c807ff4035643e2d2ce196f07aea564aa84c5f84
Opcode Fuzzy Hash: 33aceb5797cb3254fc29298eab8c0a9a4fcdae383b1d93a68b22f95d3662e208
Instruction Fuzzy Hash: 8E01847A6032957F23261ABB6C8DD7B796DEECBBA1315012DF905D7201EA698D0381B0

Function 007C9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
SelectObject.GDI32(?,00000000), ref: 007C96A2
BeginPath.GDI32(?), ref: 007C96B9
SelectObject.GDI32(?,00000000), ref: 007C96E2

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: b42091aa466ea46f667b2776bdd57513d1511fca4c010dcca144438f9a1a5a80
Instruction ID: 1c4e9ed553ffd97d0fef64e10dfb18dad075f3b0158eb04e6aff39dba5337549
Opcode Fuzzy Hash: b42091aa466ea46f667b2776bdd57513d1511fca4c010dcca144438f9a1a5a80
Instruction Fuzzy Hash: 58215B30802305EBDF519F68EC1CBA97FACBB51765F50421EF910A61F0DB78A892CB94

Function 00815711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00815726
_memcmp.LIBVCRUNTIME ref: 00815744
_memcmp.LIBVCRUNTIME ref: 00815757
_memcmp.LIBVCRUNTIME ref: 0081576F
_memcmp.LIBVCRUNTIME ref: 00815787

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: c7d7e5386ca98366bc7bcdfea1c093dc8d2f8b73e55b4e78a695707d4bc12b90
Instruction ID: 25413c5e84caaaa0e60dcf7b542649df44b55df32e25dd2d924a241bb88e8c26
Opcode Fuzzy Hash: c7d7e5386ca98366bc7bcdfea1c093dc8d2f8b73e55b4e78a695707d4bc12b90
Instruction Fuzzy Hash: 550192A564161DFAE20855109D83EFA635CFFA13A8B404425FE14DA382F664ED9086A0

Function 007E2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6), ref: 007E2DFD
_free.LIBCMT ref: 007E2E32
_free.LIBCMT ref: 007E2E59
SetLastError.KERNEL32(00000000,007B1129), ref: 007E2E66
SetLastError.KERNEL32(00000000,007B1129), ref: 007E2E6F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: df45c3b02200e14756d5238aba1600b52b08895b55219034174a70bf49f27482
Instruction ID: 521cf5eebcaeb6d580a6a3d346326abb610d3a6f98020daf690945c2b78d19fc
Opcode Fuzzy Hash: df45c3b02200e14756d5238aba1600b52b08895b55219034174a70bf49f27482
Instruction Fuzzy Hash: 3001F436207690A7C61227776C4ED2B265DBBCE7A5B214028F425E32A3EA2CCC034520

Function 0081000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?,?,0081035E), ref: 0081002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?), ref: 00810064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810070

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 96e983b06c80bb4208fd40589a61af3a1b8881d834301e66dc24c616ca5249da
Instruction ID: 64bdcb67ccf686346d9b879e84e4b9dc447b9c5ab1003b6c487e764d4845096f
Opcode Fuzzy Hash: 96e983b06c80bb4208fd40589a61af3a1b8881d834301e66dc24c616ca5249da
Instruction Fuzzy Hash: BE018F7A601608BFDB504F68DC04BEA7AADFF48791F144124F905D2211E7B1DE80CBA0

Function 0081E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 0081E997
QueryPerformanceFrequency.KERNEL32(?), ref: 0081E9A5
Sleep.KERNEL32(00000000), ref: 0081E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 0081E9B7
Sleep.KERNEL32 ref: 0081E9F3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 5231acbe761e7f8d81d2d6ec7d405eb1b813db9adbe56b3f7e54c47b760429ce
Instruction ID: edec36c4912ebf244bc602849d9cdb259264adeb50844a12292837b97211c565
Opcode Fuzzy Hash: 5231acbe761e7f8d81d2d6ec7d405eb1b813db9adbe56b3f7e54c47b760429ce
Instruction Fuzzy Hash: 9201203580262DDBCF40ABA4D849AEDBF7CFF0A700F000546E902B2241DB309690CBA2

Function 008110F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: cb6f4c165fb0fb4777619a384924a86f03e72a424da3677912162897220db374
Instruction ID: 4948babb6b55032bf9debff093acc5b7f3d2f3789d98eebd645afd4b7d59864a
Opcode Fuzzy Hash: cb6f4c165fb0fb4777619a384924a86f03e72a424da3677912162897220db374
Instruction Fuzzy Hash: 37011D79101205BFDB514FA5DC4DAAA7B6EFF86364B104419FA45D7360DA31DC40DA60

Function 00810FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00810FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00810FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00810FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00810FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00811002

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 567998ea6ecc569b2c923c110b2fb9ce9f7666ecd1e892198d061c37184415d0
Instruction ID: ccb2c210ecf68ee371e23e2ba8fff4d4b211dd63b5159a1e00ef72f49331ce83
Opcode Fuzzy Hash: 567998ea6ecc569b2c923c110b2fb9ce9f7666ecd1e892198d061c37184415d0
Instruction Fuzzy Hash: 62F06D39602701EBDB214FA4DC4DF963BADFF8ABA2F104415FA45C7251CA70DC80CA60

Function 00811014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0081102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00811036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0081104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811062

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 7fe515ebbb15722272c67178beac765ac5fc3883313d04f2c9e8ba271953a579
Instruction ID: 2bcc944d465dc3453d9a31218299b08047f1b907c3da8dc3b30b59fb1ac4fd26
Opcode Fuzzy Hash: 7fe515ebbb15722272c67178beac765ac5fc3883313d04f2c9e8ba271953a579
Instruction Fuzzy Hash: 4CF06D39602701EBDB219FA5EC4DF963BADFF8A761F100415FA45C7250CA70D880CA60

Function 0082030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820324
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820331
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 0082033E
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 0082034B
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820358
CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820365

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: df780eb3b1c922f1286d6ed0b8409bec9e61ab02a9f457bb54375860e4e4e8bd
Instruction ID: 0c63a696e60e79dc9cb794e17bf8f878aa9cfbcbd47e62372855c1293170ac94
Opcode Fuzzy Hash: df780eb3b1c922f1286d6ed0b8409bec9e61ab02a9f457bb54375860e4e4e8bd
Instruction Fuzzy Hash: B101A272801B259FC7309F66E880412FBF9FF503153158A3FD19692A32C371A994CF80

Function 007ED73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 007ED752

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007ED764
_free.LIBCMT ref: 007ED776
_free.LIBCMT ref: 007ED788
_free.LIBCMT ref: 007ED79A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b69ccbe27691a6ec38b43fee12e742f1ca277f1da36e9e5f952b85330fe1c2ec
Instruction ID: bd6ebfb9ac73924f51d1c557277c2270fc09ce7cbed4464583d9af027d63b1f6
Opcode Fuzzy Hash: b69ccbe27691a6ec38b43fee12e742f1ca277f1da36e9e5f952b85330fe1c2ec
Instruction Fuzzy Hash: D7F01232546288AB8671EB66F9CAC1A7BDDBB4C710B951819F058E7517C73CFCC08A64

Function 00815C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00815C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00815C6F
MessageBeep.USER32(00000000), ref: 00815C87
KillTimer.USER32(?,0000040A), ref: 00815CA3
EndDialog.USER32(?,00000001), ref: 00815CBD

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 16a0ae5c4d2fb85fe2779daa1bf284a94340040d0ceeb1ee761a69c692672ea0
Instruction ID: 627e3dc209650ed2377011df1c5101c19bfdd2a64e2d2a11bb0c088bb66bd2da
Opcode Fuzzy Hash: 16a0ae5c4d2fb85fe2779daa1bf284a94340040d0ceeb1ee761a69c692672ea0
Instruction Fuzzy Hash: D6016D74501B04EBEB205F50DD5EFE677BCFF51B05F010559A692A10E1DBF4AA84CA90

Function 007E22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 007E22BE

Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0

_free.LIBCMT ref: 007E22D0
_free.LIBCMT ref: 007E22E3
_free.LIBCMT ref: 007E22F4
_free.LIBCMT ref: 007E2305

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 472bfd149c02a6b76c73b535e97fe7867db6861468b3eff27b41f24d0901512c
Instruction ID: cd97b96eb10b8c821550071798ada21c1691fc384d3c32d3a7ed59b2041cd924
Opcode Fuzzy Hash: 472bfd149c02a6b76c73b535e97fe7867db6861468b3eff27b41f24d0901512c
Instruction Fuzzy Hash: 1CF030714021548B8A22AF59BC0A8083B6CFB1C760702551AF514E72B7CB3854539FA5

Function 007C95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 007C95D4
StrokeAndFillPath.GDI32(?,?,008071F7,00000000,?,?,?), ref: 007C95F0
SelectObject.GDI32(?,00000000), ref: 007C9603
DeleteObject.GDI32 ref: 007C9616
StrokePath.GDI32(?), ref: 007C9631

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 6eb0c816d0a68dbc80c67721d84fa3572191dbeab04b35dca851d55096734527
Instruction ID: 1e9463c47b0783279e18cc86912bea91b78c9048441a6df0216494a48cf85610
Opcode Fuzzy Hash: 6eb0c816d0a68dbc80c67721d84fa3572191dbeab04b35dca851d55096734527
Instruction Fuzzy Hash: C7F04934006A08EBDFA65F69ED1CBA43F69BB02322F448218F525650F0DB3499A2DF20

Function 007E0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 007E10F9
__freea.LIBCMT ref: 007E1117

Part of subcall function 007E1537: _free.LIBCMT ref: 007E154F

Strings

am/pm, xrefs: 007E117A
a/p, xrefs: 007E11DE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 98798344badbd48bda0d0f144e126e0b5095605fee537814fbbcf2a6dcf91ed8
Instruction ID: 3db4e4a99945eb99a5924fc0ee9c9661e8a8a4c076818f38f0d67e60aeb86a7a
Opcode Fuzzy Hash: 98798344badbd48bda0d0f144e126e0b5095605fee537814fbbcf2a6dcf91ed8
Instruction Fuzzy Hash: 2DD11771A02285CACB249F6AC85BBFEB7B5FF0E300FA44159E6019B654D37D9D80CB91

Function 00837B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 007D0242: EnterCriticalSection.KERNEL32(0088070C,00881884,?,?,007C198B,00882518,?,?,?,007B12F9,00000000), ref: 007D024D
Part of subcall function 007D0242: LeaveCriticalSection.KERNEL32(0088070C,?,007C198B,00882518,?,?,?,007B12F9,00000000), ref: 007D028A

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 007D00A3: __onexit.LIBCMT ref: 007D00A9

__Init_thread_footer.LIBCMT ref: 00837BFB

Part of subcall function 007D01F8: EnterCriticalSection.KERNEL32(0088070C,?,?,007C8747,00882514), ref: 007D0202
Part of subcall function 007D01F8: LeaveCriticalSection.KERNEL32(0088070C,?,007C8747,00882514), ref: 007D0235

Strings

G, xrefs: 00837C7F
5, xrefs: 00837C78
Variable must be of type 'Object'., xrefs: 00837C3A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: 66a08e135c1d1e6d268eee57146bbd1769b425eb253d553f9993e53c73791bb7
Instruction ID: 6cad68b10ba1a0657eed0d5186ee161fd164dd21ed18c516b8b9852417ea3775
Opcode Fuzzy Hash: 66a08e135c1d1e6d268eee57146bbd1769b425eb253d553f9993e53c73791bb7
Instruction Fuzzy Hash: 65917CB0A04209EFCB24EF98D8959ADB7B1FF85304F108059F806DB292DB75EE45CB91

Function 007E5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

Strings

JO{, xrefs: 007E5BA8, 007E5C6C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: JO{
API String ID: 0-846867066
Opcode ID: db4b4780b453edcbef913ad2e4f8ff9962b886cba1727ce5e0cb94b67ae62a1b
Instruction ID: 79a090f00dfc20f44a4340e164f320a29d4891ace195dfdb7bcb15e5fb5ce256
Opcode Fuzzy Hash: db4b4780b453edcbef913ad2e4f8ff9962b886cba1727ce5e0cb94b67ae62a1b
Instruction Fuzzy Hash: AD51D771D0268EDFCB119FA6C849FAE7BB4BF0D318F14005AF405A72A2D6799901CB61

Function 007E8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 007E8B6E
GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 007E8B7A
__dosmaperr.LIBCMT ref: 007E8B81

Strings

.}, xrefs: 007E8A63

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr
String ID: .}
API String ID: 2434981716-2266125135
Opcode ID: d46a6e18b7d10b955ebdf18155fa8791c0d367eb3b81288f56b547a0cad9b8e8
Instruction ID: 2bd3054b87ab96cd1e0d88641f715f099e9ff838e6c2bbe03631b14d30f6a939
Opcode Fuzzy Hash: d46a6e18b7d10b955ebdf18155fa8791c0d367eb3b81288f56b547a0cad9b8e8
Instruction Fuzzy Hash: F8417EF06051C5AFC7659F5AC880A7D7FA6EF8D304B1881AAF45D8B242DE35CC02C751

Function 00812716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0081B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008121D0,?,?,00000034,00000800,?,00000034), ref: 0081B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00812760

Part of subcall function 0081B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008121FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0081B3F8

Part of subcall function 0081B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0081B355
Part of subcall function 0081B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00812194,00000034,?,?,00001004,00000000,00000000), ref: 0081B365
Part of subcall function 0081B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00812194,00000034,?,?,00001004,00000000,00000000), ref: 0081B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008127CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0081281A

Strings

@, xrefs: 00812832

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 1cf53c891e77df89c195903dfc5316426fe48ed5dadcc877db4e6a7f0bf23a84
Instruction ID: 667b42cc3c2581723e5112010567061f9352b72673e8ad9c43916afa68b1c857
Opcode Fuzzy Hash: 1cf53c891e77df89c195903dfc5316426fe48ed5dadcc877db4e6a7f0bf23a84
Instruction Fuzzy Hash: 63410E76900218AFDB10DFA8CD85ADEBBB8FF09700F108099FA55B7181DB706E95CB61

Function 007E172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 007E1769
_free.LIBCMT ref: 007E1834
_free.LIBCMT ref: 007E183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 007E1760, 007E1767, 007E1796, 007E17CE

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: c60b4b2e19d71f017cd5cf9c9ca7eb3fb29e52fa69ab0629d7c72ab802417951
Instruction ID: a0fd80694d2f3a71f29ce4c1abd4ed44b8140ca84823a14b1729bd03d08485c0
Opcode Fuzzy Hash: c60b4b2e19d71f017cd5cf9c9ca7eb3fb29e52fa69ab0629d7c72ab802417951
Instruction Fuzzy Hash: 9931C271A01298EFCB21DB9A9C8AD9EBBFCEF89720B504166F404D7211D7749E41CB90

Function 0081C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0081C306
DeleteMenu.USER32(?,00000007,00000000), ref: 0081C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00881990,01075C40), ref: 0081C395

Strings

0, xrefs: 0081C2DF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: c313f3190f4823057509d40e889098223ec995e6ca8d8f40c877ca769163f721
Instruction ID: 4a42474d967ae21da25cfcc707abacc5cb04267dab61fcf0dce14183c7c1ebaa
Opcode Fuzzy Hash: c313f3190f4823057509d40e889098223ec995e6ca8d8f40c877ca769163f721
Instruction Fuzzy Hash: 5341AD312443019FD724DF29D884B9ABBE8FF85324F008A1EF9A5D7391D730A985CB62

Function 00844416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0084CC08,00000000,?,?,?,?), ref: 008444AA
GetWindowLongW.USER32 ref: 008444C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 008444D7

Strings

SysTreeView32, xrefs: 0084447C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 52808132590bf9e2a57b25bb5eced0ced1c14ba158a16bd354e300b9e096eed3
Instruction ID: 678c2a2f8208d07a7f7510120fe2889aac02b48f39ad2e0540155f51894a3524
Opcode Fuzzy Hash: 52808132590bf9e2a57b25bb5eced0ced1c14ba158a16bd354e300b9e096eed3
Instruction Fuzzy Hash: B7319C32201209ABDF209E38DC45BEA7BA9FB08334F219329F979E21D0D774EC509B50

Function 0083304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0083335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00833077,?,?), ref: 00833378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
_wcslen.LIBCMT ref: 0083309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00833106

Strings

255.255.255.255, xrefs: 00833095, 0083309A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 43439361629196dba8ee1a38035ea421ab47a523dacf2b87cfc29215e0f4e42c
Instruction ID: 1c35f26416379ed4bb949ce7da4d8c9fa5caf21feb0274e9bbfe3d4d2330df1b
Opcode Fuzzy Hash: 43439361629196dba8ee1a38035ea421ab47a523dacf2b87cfc29215e0f4e42c
Instruction Fuzzy Hash: 4031B039604605DFCB24CF68C595AAA77E0FF94318F248059E915CB3A2DB72EE45C7A0

Function 00843EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00843F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00843F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00843F78

Strings

SysMonthCal32, xrefs: 00843F0B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 85439976975d445f7486fb9a8b411f8c13875e0c0f436af981f40ef5680dba5f
Instruction ID: 44d0af4b02267bb7c0b32a61af1e5b3b1c41195c778b067b962fa4f5c5e83f2d
Opcode Fuzzy Hash: 85439976975d445f7486fb9a8b411f8c13875e0c0f436af981f40ef5680dba5f
Instruction Fuzzy Hash: 2321BC32600219BBDF219F94DC46FEA3B79FF48728F110214FE15AB1D0DAB5A854CBA0

Function 00844653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00844705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00844713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0084471A

Strings

msctls_updown32, xrefs: 00844684

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 1665c2315baae876d40db1625875509403ae9e949d2281dab25a0b37a9c37495
Instruction ID: a576bc07c0e531e035fb7637e39ad36ca8bf837efffc3141a1335f1b97ab0764
Opcode Fuzzy Hash: 1665c2315baae876d40db1625875509403ae9e949d2281dab25a0b37a9c37495
Instruction Fuzzy Hash: 93214CB560020DAFEB10DF68DC85EA737ADFB5A394B050059FA15DB351CB34EC12CA60

Function 008195AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0081961D

Strings

#OnAutoItStartRegister, xrefs: 008195F3
#notrayicon, xrefs: 008195B7
#requireadmin, xrefs: 008195D9

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 82b2bc4142944ed2496f4d944823270937b1d51264a430e921d53c122f974ed4
Instruction ID: c6fd24059aa02734bf3c7c14bc548ab0e3f2c20839342834fe7621f9b4ea49f3
Opcode Fuzzy Hash: 82b2bc4142944ed2496f4d944823270937b1d51264a430e921d53c122f974ed4
Instruction Fuzzy Hash: 74215B32104514A6D331AB24DC26FF773EDFFA1314F50402AF99AE7142EB59ADC1C2A5

Function 008437B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00843840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00843850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00843876

Strings

Listbox, xrefs: 0084380F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: f29e4770825a1aaa6f1549ae238ac7c92cf446dcfe312e45bf2ceb6e67f85814
Instruction ID: 2ca54342396679de7e0696ffc64cd80124c3b7fb04e23d79aa855f5d3a1e9d10
Opcode Fuzzy Hash: f29e4770825a1aaa6f1549ae238ac7c92cf446dcfe312e45bf2ceb6e67f85814
Instruction Fuzzy Hash: 5C21BE7260021CBBEF219F54CC85FAB7B6EFF89764F108124F9449B190CA75DC5287A0

Function 008249F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00824A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00824A5C
SetErrorMode.KERNEL32(00000000,?,?,0084CC08), ref: 00824AD0

Strings

%lu, xrefs: 00824A6F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 230fdffe052b330e5cb6c6c4761f7ac9f27bea84096d0347f6a16eb042cc4470
Instruction ID: a5bb1de06864e3dba977b6e363c4ab67559932025201e3dba44c93468f5fd2ec
Opcode Fuzzy Hash: 230fdffe052b330e5cb6c6c4761f7ac9f27bea84096d0347f6a16eb042cc4470
Instruction Fuzzy Hash: 1F313E75A00219EFDB10DF64C885EAA7BF8FF09308F1480A9E909DB252D775EE45CB61

Function 008441EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0084424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00844264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00844271

Strings

msctls_trackbar32, xrefs: 00844226

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 52fa0a5feae4908afdc35cd9b845dcb3983bb6329d7fb6f835eda5ee8b94b8af
Instruction ID: fd4c9d430e0483fbc0d19a81c24f16447997f07d4de477dfa704de68f15cdca4
Opcode Fuzzy Hash: 52fa0a5feae4908afdc35cd9b845dcb3983bb6329d7fb6f835eda5ee8b94b8af
Instruction Fuzzy Hash: F811A03124024CBEEF205E69CC06FAB3BACFF95B64F114624FA55E60A0D6B1D8519B20

Function 00812F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A

Part of subcall function 00812DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00812DC5
Part of subcall function 00812DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00812DD6
Part of subcall function 00812DA7: GetCurrentThreadId.KERNEL32 ref: 00812DDD
Part of subcall function 00812DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00812DE4

GetFocus.USER32 ref: 00812F78

Part of subcall function 00812DEE: GetParent.USER32(00000000), ref: 00812DF9

GetClassNameW.USER32(?,?,00000100), ref: 00812FC3
EnumChildWindows.USER32(?,0081303B), ref: 00812FEB

Strings

%s%d, xrefs: 00812FFF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 7605e713fbe674ab2f0055302b50a4e49f4aff4dfee9a38fcc9cb182caac3481
Instruction ID: 6d864dc5c5774d7c430060042c3e1e0f4e23c3d1d4aab316c091cbe00412f79b
Opcode Fuzzy Hash: 7605e713fbe674ab2f0055302b50a4e49f4aff4dfee9a38fcc9cb182caac3481
Instruction Fuzzy Hash: 0811C0B5200209ABCF446F64DC99FEE37AEFF98304F048079B909DB252DE3499858B70

Function 00845882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008458C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008458EE
DrawMenuBar.USER32(?), ref: 008458FD

Strings

0, xrefs: 0084588F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: ef89c0a736d63e01c89feb787392cf19c2d6ccc178ab7829fe7ac453c9ea2b9f
Instruction ID: 7aceac91597fe60d071b630399a89228b7d90c313046ff354b747c3d9f79646c
Opcode Fuzzy Hash: ef89c0a736d63e01c89feb787392cf19c2d6ccc178ab7829fe7ac453c9ea2b9f
Instruction Fuzzy Hash: DE016D3150121CEFDB619F11EC48BAEBFB9FB45764F108099E849DA152EB348A84EF21

Function 0081007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d1563dfdedfb384480aa6b12b83faa3fe602aea29808be2f7e8236cb936180
Instruction ID: a866da967c318a4f187228eb2b4e7c0d2a871cc6cb3fb0c5c370d03d6d2ce90d
Opcode Fuzzy Hash: f7d1563dfdedfb384480aa6b12b83faa3fe602aea29808be2f7e8236cb936180
Instruction Fuzzy Hash: 86C13A75A0020AEFDB15CFA8C894AAEB7B9FF48704F208598E515EB251D771EDC1CB90

Function 0083342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00833459
CoUninitialize.OLE32 ref: 00833463
VariantInit.OLEAUT32(?), ref: 0083346E
VariantClear.OLEAUT32(?), ref: 0083371B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 75b7353d982eb1e510f8e53a2ef54d8a8db8d23973a5207a08eea0dae982b883
Instruction ID: 92ce67a49cefdf139c223b5cde8093c237f6fd10137c43dda0d27d38cd258d19
Opcode Fuzzy Hash: 75b7353d982eb1e510f8e53a2ef54d8a8db8d23973a5207a08eea0dae982b883
Instruction Fuzzy Hash: 23A10575604200DFC714DF28C58AA6AB7E5FF89714F048859F98ADB362DB34EE41CB92

Function 00810436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0084FC08,?), ref: 008105F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0084FC08,?), ref: 00810608
CLSIDFromProgID.OLE32(?,?,00000000,0084CC40,000000FF,?,00000000,00000800,00000000,?,0084FC08,?), ref: 0081062D
_memcmp.LIBVCRUNTIME ref: 0081064E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: c65a2eaed473acbcabbf1b14353dca9d19b167a6e3a89d09569248e735c725f5
Instruction ID: 6dc64e35e544a9c4072dd6513a524f173a7db8d840d7a988e65c304a5456cd02
Opcode Fuzzy Hash: c65a2eaed473acbcabbf1b14353dca9d19b167a6e3a89d09569248e735c725f5
Instruction Fuzzy Hash: 2481B775A00209EFCB04DF94C984AEEB7B9FF89315F204558E516EB250DB71AE86CF60

Function 007F1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 007F14C0

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 32fa48d7415a19909b8190b49d30b651249d8c61a608c21a9ee576cc2183b6e4
Instruction ID: f3aa2bdd580eb7ddab53caec05328eafaf2aee629d84bff199b61a06b2966724
Opcode Fuzzy Hash: 32fa48d7415a19909b8190b49d30b651249d8c61a608c21a9ee576cc2183b6e4
Instruction Fuzzy Hash: C441313250018CEBDB256BFD9C496BE3AB4FF85370F544226F619D7392E63C48415671

Function 00846278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 008462E2
ScreenToClient.USER32(?,?), ref: 00846315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00846382

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 2828b9dcdc0ff39fcd2a647ef75036aed9943d27a0681dfa6a50cc024acf4ee1
Instruction ID: bb55c95fea430547b117a4c240ea1e73ca96b1ca5a051c331e0bd50b3f548383
Opcode Fuzzy Hash: 2828b9dcdc0ff39fcd2a647ef75036aed9943d27a0681dfa6a50cc024acf4ee1
Instruction Fuzzy Hash: 0A513A74A00249EFCF14DF68D884AAE7BB5FB46364F108259F815DB290E770ED91CB51

Function 00831AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00831AFD
WSAGetLastError.WSOCK32 ref: 00831B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00831B8A
WSAGetLastError.WSOCK32 ref: 00831B94

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 6665deaf2a74a8f154abda4d0dcd73083c38112c0f1c769ecec0018287a561a9
Instruction ID: edd746a5e746f2c5cc8df41684abfb45bdde96bb1e0a2ce7b018a806f65d2597
Opcode Fuzzy Hash: 6665deaf2a74a8f154abda4d0dcd73083c38112c0f1c769ecec0018287a561a9
Instruction Fuzzy Hash: 0E419035600200AFEB20AF24C88AF6677E5EB85718F54849CFA1A9F2D2D776DD41CBD0

Function 007EB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9108068d1149ba4d5a2882e77cbfdcb03d7c964b29cede1f05f572c0f4e29ca0
Instruction ID: 17ec7b6c3e38fc777425bb7cecab36a53ab7f859e837c94d787e9d951dba0b42
Opcode Fuzzy Hash: 9108068d1149ba4d5a2882e77cbfdcb03d7c964b29cede1f05f572c0f4e29ca0
Instruction Fuzzy Hash: 2741E4B2A01384EFD7249F79CC45B6BBFA9EB8D710F10452AF542DB2C2D779A9118780

Function 008256D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00825783
GetLastError.KERNEL32(?,00000000), ref: 008257A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008257CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008257FA

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 98d15047776dfd438f62c5f904add460fbdc1dd46be7705f111a0fc12e407fe0
Instruction ID: c7ba3682f19bdefb39a0457eb554ffafce1564d766c87f88b9f208be4261ab9e
Opcode Fuzzy Hash: 98d15047776dfd438f62c5f904add460fbdc1dd46be7705f111a0fc12e407fe0
Instruction Fuzzy Hash: 58412B39600610DFCB25DF15C445A5EBBE6FF89320B18C498E84AAB762CB74FD40CB91

Function 007ED8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,007D6D71,00000000,00000000,007D82D9,?,007D82D9,?,00000001,007D6D71,?,00000001,007D82D9,007D82D9), ref: 007ED910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007ED999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007ED9AB
__freea.LIBCMT ref: 007ED9B4

Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: a8d5c3998b6dea91c73d238f89002388254ce34ab4ff39e2401e3b881ae8f801
Instruction ID: 62d11487300ae86361eefad162754f9d9428c169aa3a29dc2cd312f2552c3e88
Opcode Fuzzy Hash: a8d5c3998b6dea91c73d238f89002388254ce34ab4ff39e2401e3b881ae8f801
Instruction Fuzzy Hash: AD31FE72A0124AABDF24CF66DC45EAE7BA5EF45310F054169FC04DB252EB39ED50CBA0

Function 008452C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00845352
GetWindowLongW.USER32(?,000000F0), ref: 00845375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00845382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008453A8

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: e62ed31fd5d1e050d23eba2cf42c4e8730d469434b17556289a5c05035504dc3
Instruction ID: 1155d0d8da569597d5be3e2e3f786d0f05c4c3c0c44215608415496398a0ba32
Opcode Fuzzy Hash: e62ed31fd5d1e050d23eba2cf42c4e8730d469434b17556289a5c05035504dc3
Instruction Fuzzy Hash: D7319E34A55A0CEFEB209E14CC19BED77A5FB06394F584145FA11D63E2C7B49D40DB41

Function 0081AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0081ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 0081AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 0081AC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0081ACC6

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 32992018e734a913a8e53b8ba64cb2e32f1250e21b4bcc7aea413c9b6f1279a0
Instruction ID: 6f33f02a91c2618ca841ad655a6c3c4291f9daa839fc37c28b1edfc861fe1440
Opcode Fuzzy Hash: 32992018e734a913a8e53b8ba64cb2e32f1250e21b4bcc7aea413c9b6f1279a0
Instruction Fuzzy Hash: 1E31F270A02618AFEB39CB69C8047FA7BAEFF89310F04421AE485D22D1D37589C587D2

Function 00847674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0084769A
GetWindowRect.USER32(?,?), ref: 00847710
PtInRect.USER32(?,?,00848B89), ref: 00847720
MessageBeep.USER32(00000000), ref: 0084778C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: ee4ace036fc9b6b76380c39d2c90543b1b0013ae8466de1f196d4961695f139d
Instruction ID: 2192f2049da4cba4b1fbd9aed070848eecea182820d74dfd39f7364943461e58
Opcode Fuzzy Hash: ee4ace036fc9b6b76380c39d2c90543b1b0013ae8466de1f196d4961695f139d
Instruction Fuzzy Hash: 3F41A038605259DFDB11CF58C898EA9BBF9FF49314F9680A9E414DB261C730E942CF90

Function 008416DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 008416EB

Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65

GetCaretPos.USER32(?), ref: 008416FF
ClientToScreen.USER32(00000000,?), ref: 0084174C
GetForegroundWindow.USER32 ref: 00841752

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: a91f512321ac22e7cbdf84f4e58311c564d3f0978e94eedf9e6c75f0ef576d72
Instruction ID: 0b8d8c4da40f51820a425779c94815b291c13322725b086a4ab5455a2d8e6567
Opcode Fuzzy Hash: a91f512321ac22e7cbdf84f4e58311c564d3f0978e94eedf9e6c75f0ef576d72
Instruction Fuzzy Hash: 28313D75D00149AFCB04EFA9C8859EEBBFDFF48304B5480AAE415E7211D6359E45CBA1

Function 0081DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

_wcslen.LIBCMT ref: 0081DFCB
_wcslen.LIBCMT ref: 0081DFE2
_wcslen.LIBCMT ref: 0081E00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0081E018

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 22fabb79f9fbbd2daafa28e131aebcb667a28093c113d98fa66a7745a542ecb0
Instruction ID: ff5705144ecf747d79a906bb6658590d888e378fda7c29b0378acbda2546a94a
Opcode Fuzzy Hash: 22fabb79f9fbbd2daafa28e131aebcb667a28093c113d98fa66a7745a542ecb0
Instruction Fuzzy Hash: 9921BF71900614EFCB209FA8D881BAEB7F8FF49750F144069E805FB342D6749E41CBA1

Function 0081D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0081D501
Process32FirstW.KERNEL32(00000000,?), ref: 0081D50F
Process32NextW.KERNEL32(00000000,?), ref: 0081D52F
CloseHandle.KERNEL32(00000000), ref: 0081D5DC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: a1ccf2014cc592bab459987a593b026a3ea143ba6fd07ef37e8f8eeb29746ffd
Instruction ID: 3aeea90104eb74051dd1f5db9c70921e7c62b55fc94638c7c2f57f4c9a66b9a1
Opcode Fuzzy Hash: a1ccf2014cc592bab459987a593b026a3ea143ba6fd07ef37e8f8eeb29746ffd
Instruction Fuzzy Hash: B1314D711083009FD301EF54C889BEABBE9FF99354F14092DF685861A1EB719985CB92

Function 00848FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

GetCursorPos.USER32(?), ref: 00849001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00807711,?,?,?,?,?), ref: 00849016
GetCursorPos.USER32(?), ref: 0084905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00807711,?,?,?), ref: 00849094

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 9c3dc55b092400d9bd754e59ab5f6aa56974abd71316e4b1acb6b22b8b7d18a7
Instruction ID: 895513a63db2c0a3cc037b4a17a9b0046352f141bfd8e24ea4f8b01b62a8e786
Opcode Fuzzy Hash: 9c3dc55b092400d9bd754e59ab5f6aa56974abd71316e4b1acb6b22b8b7d18a7
Instruction Fuzzy Hash: 9F21AB35601418EFDB25CF98CC58EEB7BB9FB8A350F014069F9458B261C735A990DB60

Function 0081D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,0084CB68), ref: 0081D2FB
GetLastError.KERNEL32 ref: 0081D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 0081D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0084CB68), ref: 0081D376

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 8b54ba8a630571cf7ead8ff8fb40e39efc4b37852b22a00fb85a8c930b7c5dcf
Instruction ID: a462225bb752836ea9add0e225db0aaadaa41b232c6f82c28d2365f80847a51a
Opcode Fuzzy Hash: 8b54ba8a630571cf7ead8ff8fb40e39efc4b37852b22a00fb85a8c930b7c5dcf
Instruction Fuzzy Hash: 90216D74509301DF8710DF28C885AAAB7ECFE56364F104A1DF4A9C73A1EB359986CB93

Function 00811571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00811014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0081102A
Part of subcall function 00811014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00811036
Part of subcall function 00811014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811045
Part of subcall function 00811014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0081104C
Part of subcall function 00811014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008115BE
_memcmp.LIBVCRUNTIME ref: 008115E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00811617
HeapFree.KERNEL32(00000000), ref: 0081161E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 5b592aac3eb90ee84384de33dfdb77ccadc5c668f7b27132b5841e26f9b9f257
Instruction ID: 2f0dd5b005da9f80202475da1c0be02c6201c66e130a7a0070ef5d4b5b12f4bd
Opcode Fuzzy Hash: 5b592aac3eb90ee84384de33dfdb77ccadc5c668f7b27132b5841e26f9b9f257
Instruction Fuzzy Hash: 0C215531E01108ABDF00DFA4C949BEEB7B9FF94344F084459E541AB241E731AA85CBA0

Function 00842782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 0084280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00842824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00842832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00842840

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 8743e5a52421e55d385458beaa0c5f62ca1de7c5a47c725df5cee526104246de
Instruction ID: 6d6edc6f218f67560697b2ee54c1284ed801a6fc73095bf80e1ca62de043452d
Opcode Fuzzy Hash: 8743e5a52421e55d385458beaa0c5f62ca1de7c5a47c725df5cee526104246de
Instruction Fuzzy Hash: 7021D335209119AFD714DB24C844FAA7B99FF46324F158258F826CB6E2CB75FC42CB91

Function 008178F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00818D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?), ref: 00818D8C
Part of subcall function 00818D7D: lstrcpyW.KERNEL32(00000000,?,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00818DB2
Part of subcall function 00818D7D: lstrcmpiW.KERNEL32(00000000,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?), ref: 00818DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817923
lstrcpyW.KERNEL32(00000000,?,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817984

Strings

cdecl, xrefs: 0081797B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: a89660e2b35abb6c13fdb6a1ac615492b6f359d3664075f7f3230b8d64516ecd
Instruction ID: fa8c2db5284cc1c2cf2ba900f07e2d27de3cadca98e5b613c606a79864a0dbb5
Opcode Fuzzy Hash: a89660e2b35abb6c13fdb6a1ac615492b6f359d3664075f7f3230b8d64516ecd
Instruction Fuzzy Hash: AA11D33A201302ABCB159F38D845EBA7BBDFF95350B50802EF946C72A4EB359855C7A1

Function 00847CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00847D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00847D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00847D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0082B7AD,00000000), ref: 00847D6B

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: c050399ff5e834137a3bcc14b2a59bbf8e53bebd721d06c56e078df5a18b5a02
Instruction ID: 87094aa5715eee062c8cb7f1d4169a6ab2205526acabfd8d8aded194f60d2b02
Opcode Fuzzy Hash: c050399ff5e834137a3bcc14b2a59bbf8e53bebd721d06c56e078df5a18b5a02
Instruction Fuzzy Hash: DC117235615619AFCB109F68CC08B6A3BA9FF46360B158728F939D72F0E7349D51CB50

Function 00845660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 008456BB
_wcslen.LIBCMT ref: 008456CD
_wcslen.LIBCMT ref: 008456D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00845816

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 0e4d1f276634818fcb86b1a879e1d557200c8c2cdf8c1fb243c237ff707999ff
Instruction ID: 3484552f2f3c67d321c276cb60f82bb38d1ce680c39090847b957b44be3e2dbf
Opcode Fuzzy Hash: 0e4d1f276634818fcb86b1a879e1d557200c8c2cdf8c1fb243c237ff707999ff
Instruction Fuzzy Hash: 9111D67560060CA7DF209F65DC85AEE7B7CFF11768B104026F915D6182EB74D984CB64

Function 007E1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a274c5cf5801c76e1aa9d3645680ea80ecbe37bb4d67c34d36d2e2504d840e92
Instruction ID: fe290e7e2c72f60db6776a24b9c03c6fedfcdf2f563bb5cfae85e83dbc079d88
Opcode Fuzzy Hash: a274c5cf5801c76e1aa9d3645680ea80ecbe37bb4d67c34d36d2e2504d840e92
Instruction Fuzzy Hash: 880126B230768A7EF620567A6CC6F27261CEF893B8F710325F520611D2DB788C008230

Function 00811A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00811A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A8A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fbab5c9d7572e63aaca50371be4c4583fe74d3473cbe7cff835f32adddc45524
Instruction ID: c4ce0156bd020ed29fc44fdca4a23a53a34c0b2258e02c5a40e9d9a51a564818
Opcode Fuzzy Hash: fbab5c9d7572e63aaca50371be4c4583fe74d3473cbe7cff835f32adddc45524
Instruction Fuzzy Hash: 3811157A901229FFEF109BA48985FADBB78FF08750F200091EA00B7290D6716E50DB94

Function 0081E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0081E1FD
MessageBoxW.USER32(?,?,?,?), ref: 0081E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0081E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0081E24D

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: f93c5fd011f796ec07efb20c578a342a3d16b6d9f3852c41420741f68444ab7d
Instruction ID: 5ed4ae3820332df490a8b6845d92a328e42ffdddab12b8037817139b0a97c0fd
Opcode Fuzzy Hash: f93c5fd011f796ec07efb20c578a342a3d16b6d9f3852c41420741f68444ab7d
Instruction Fuzzy Hash: 4511A176A04258ABCB119FACAC09ADA7BACFF46320F144255F925E3391D7B49D4487A0

Function 007DD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,007DCFF9,00000000,00000004,00000000), ref: 007DD218
GetLastError.KERNEL32 ref: 007DD224
__dosmaperr.LIBCMT ref: 007DD22B
ResumeThread.KERNEL32(00000000), ref: 007DD249

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 352b6130a77ccbddf48526a7e6c906f66062611a2b1cc07181f9c0b731c8a6d0
Instruction ID: e6c4c804c30b0d03289cef334efb6de2e75e4b90f32bfcfe37204c785bc332aa
Opcode Fuzzy Hash: 352b6130a77ccbddf48526a7e6c906f66062611a2b1cc07181f9c0b731c8a6d0
Instruction Fuzzy Hash: 7E01D236806208BBCB215BA5DC09BAE7A7DFF82330F10021BF925923D0DB799D01C6A0

Function 00849EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2

GetClientRect.USER32(?,?), ref: 00849F31
GetCursorPos.USER32(?), ref: 00849F3B
ScreenToClient.USER32(?,?), ref: 00849F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00849F7A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 680494a3136c8c5fcfdb74acc64cad369d0280f335facc23a24a5b0c55ed1445
Instruction ID: 5cafb044af27647778c73202dd575c9ba5e31d02f2852246e480be5465c7f854
Opcode Fuzzy Hash: 680494a3136c8c5fcfdb74acc64cad369d0280f335facc23a24a5b0c55ed1445
Instruction Fuzzy Hash: 9811363690111EABDB20DFA8D8499EE77BCFB46311F000455F941E3140DB34BE86CBA1

Function 007B600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
GetStockObject.GDI32(00000011), ref: 007B6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 045f1a72f3a26d05369785865b7cb313a5ddb26b8ebb23e05a574f5b3063e17a
Instruction ID: 3309361e98cc23b9cd5a51cf7ca7c9fe72dea1382fae584b3c3a91f7236cf04a
Opcode Fuzzy Hash: 045f1a72f3a26d05369785865b7cb313a5ddb26b8ebb23e05a574f5b3063e17a
Instruction Fuzzy Hash: 6D115B72502508BFEF529FA59C44EFABBADFF197A4F040216FB1452120D73A9C60DBA0

Function 007D3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 007D3B56

Part of subcall function 007D3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 007D3AD2
Part of subcall function 007D3AA3: ___AdjustPointer.LIBCMT ref: 007D3AED

_UnwindNestedFrames.LIBCMT ref: 007D3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 007D3B7C
CallCatchBlock.LIBVCRUNTIME ref: 007D3BA4

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: cce51fc8d84b2eb94deed27e5dbd3e9b0634cff22a8469cc805a35ee2300c8b5
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: 0C012D72100148BBDF115F95CC46DEB3F7AEF48754F04401AFE4856221C73AE961DBA1

Function 007E3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007B13C6,00000000,00000000,?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue), ref: 007E30A5
GetLastError.KERNEL32(?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue,00852290,FlsSetValue,00000000,00000364,?,007E2E46), ref: 007E30B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue,00852290,FlsSetValue,00000000), ref: 007E30BF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 21b25d95abe8e4727473bc62f650161a6e36fb394b710fd07915f4c96f78dbe8
Instruction ID: ffe4ef273f0a4e12a9df7f7297eb37be5b9a71668a13bdf0df0555b1d2048d34
Opcode Fuzzy Hash: 21b25d95abe8e4727473bc62f650161a6e36fb394b710fd07915f4c96f78dbe8
Instruction Fuzzy Hash: 1601F736303266ABCB718B7A9C4CA677B9EBF4AB61B200720F905E3140C729D901C6E0

Function 00817464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0081747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00817497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008174AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008174CA

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 650b28fb4d1f4606f36a3286b1f94754efeb9c36d5742fb40b42ceb42fb32aae
Instruction ID: 075e860acb4a582f8c5229e99f74c871f2bc8db29abf888d9e46979e1510225f
Opcode Fuzzy Hash: 650b28fb4d1f4606f36a3286b1f94754efeb9c36d5742fb40b42ceb42fb32aae
Instruction Fuzzy Hash: 99118BB9206315ABE7208F18DD08FD27BFCFF00B04F10856EA656D6191DBB0E984DBA4

Function 0081B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B126

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 48a2ef8fb6b148cdac123c23a5e487312f96d426a28dff42fe670c231cd38b89
Instruction ID: da1fa793a2001e17270a5096d12a3f86bbcd1b0f2dc09c75e3182ef8c50a4a9d
Opcode Fuzzy Hash: 48a2ef8fb6b148cdac123c23a5e487312f96d426a28dff42fe670c231cd38b89
Instruction Fuzzy Hash: 38113931C0292DE7CF00AFE4E958AEEBB7CFF0A711F114089D955B2181DB309690CB51

Function 00847E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00847E33
ScreenToClient.USER32(?,?), ref: 00847E4B
ScreenToClient.USER32(?,?), ref: 00847E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00847E8A

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 650e60726384ca0732650777651d1df83275e1d1b7f884e1c791fbf75fad9e48
Instruction ID: 0ddbd39e18f86e502b8d5086b5f87fbfb66fe1da482e0a9919193be094b3d241
Opcode Fuzzy Hash: 650e60726384ca0732650777651d1df83275e1d1b7f884e1c791fbf75fad9e48
Instruction Fuzzy Hash: 771153B9D0020AAFDB41CF98C884AEEBBF9FF19310F509166E915E3210D735AA54CF90

Function 00812DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00812DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00812DD6
GetCurrentThreadId.KERNEL32 ref: 00812DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00812DE4

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: ee6c6068d4d00478175ac7889816a09b3f5d876ebf92eab2c29cb7e5b680033f
Instruction ID: 47df54622771c2c631a9e814110f028368c56dbe4443fc2fb7b64ba95f0b0cba
Opcode Fuzzy Hash: ee6c6068d4d00478175ac7889816a09b3f5d876ebf92eab2c29cb7e5b680033f
Instruction Fuzzy Hash: 35E0EDB56022287AD7601BA2EC0DEEB7E6CFF57BA1F414119B506D10909AA58981C6B1

Function 00848863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 007C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96A2
Part of subcall function 007C9639: BeginPath.GDI32(?), ref: 007C96B9
Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00848887
LineTo.GDI32(?,?,?), ref: 00848894
EndPath.GDI32(?), ref: 008488A4
StrokePath.GDI32(?), ref: 008488B2

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 1d02b8c2d0304f3b9224204003e37026857f277bb04c0cdb940d10920d9ff681
Instruction ID: 20a38d9ed3dd85ae02279bfa6b9c1a4f6ad8188e8f8fe8181ec2984ddeb694ae
Opcode Fuzzy Hash: 1d02b8c2d0304f3b9224204003e37026857f277bb04c0cdb940d10920d9ff681
Instruction Fuzzy Hash: FFF03A3A042658FADB125F94AC0DFCE3F5DBF16310F448100FA11650E2CB795511CBA9

Function 007C98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 007C98CC
SetTextColor.GDI32(?,?), ref: 007C98D6
SetBkMode.GDI32(?,00000001), ref: 007C98E9
GetStockObject.GDI32(00000005), ref: 007C98F1

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: bb042d19db3b5bb4f6906f3dc882655ad4791df2d0d743e664fc3f8eb4fca947
Instruction ID: 87c73e50b79ce0d56a9dc8e4514ff6f1d15e70f6bbe25832d6a4961b6a7a5c5d
Opcode Fuzzy Hash: bb042d19db3b5bb4f6906f3dc882655ad4791df2d0d743e664fc3f8eb4fca947
Instruction Fuzzy Hash: 10E06D35645680AAEBA15B74AC09BE83F24FB16336F04821AF7FA980E1C7715640DB10

Function 0081162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00811634
OpenThreadToken.ADVAPI32(00000000,?,?,?,008111D9), ref: 0081163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008111D9), ref: 00811648
OpenProcessToken.ADVAPI32(00000000,?,?,?,008111D9), ref: 0081164F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: a078a80f433d401bac9efca365a8b1257342b8008e380df04017da6c866e0e6d
Instruction ID: e64f9d6bbc5286c102c18ad84a9b7e0be76c1581370867597684db660c95620a
Opcode Fuzzy Hash: a078a80f433d401bac9efca365a8b1257342b8008e380df04017da6c866e0e6d
Instruction Fuzzy Hash: AEE04F356022119BDBA01FA19D0DB867B6CFF56791F144809F246C9090D6644480CB50

Function 0080D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0080D858
GetDC.USER32(00000000), ref: 0080D862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0080D882
ReleaseDC.USER32(?), ref: 0080D8A3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 71af866e893cf2f108df2042461eec6fefa9a422a0a2af59f33a3eb0dc9d6d73
Instruction ID: 13321e3ed673f8acc9d190eacb0a759ad6745cbe7fdaf895e1cfbf6239a866b8
Opcode Fuzzy Hash: 71af866e893cf2f108df2042461eec6fefa9a422a0a2af59f33a3eb0dc9d6d73
Instruction Fuzzy Hash: 1AE01AB9801204DFCB919FA0D80CA6DBBB9FB19310F15D45DF806E7260C7388941EF40

Function 0080D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0080D86C
GetDC.USER32(00000000), ref: 0080D876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 0080D882
ReleaseDC.USER32(?), ref: 0080D8A3

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 92930487ac24d5aeb003586e5637af17dc9f4d468713c256e5f06a10f4043d81
Instruction ID: fb8f7df383d276537f4b873886af573eceff8f8f58ac5c3633cf56e53c440740
Opcode Fuzzy Hash: 92930487ac24d5aeb003586e5637af17dc9f4d468713c256e5f06a10f4043d81
Instruction Fuzzy Hash: 03E012B9801200EFCB91AFA0D80CA6DBBB9BB18310B15904DF80AE7260CB385901EF40

Function 00824D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00824ED4

Strings

LPT, xrefs: 00824DFB
*, xrefs: 00824E10

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 4486a246dbeed911b2aa277a325ae5d32884325d52cca0758779172d297efda7
Instruction ID: e455c64542f3f60f92b3bc824cbfb99804a26d372fdb64951ebe8365511e19c9
Opcode Fuzzy Hash: 4486a246dbeed911b2aa277a325ae5d32884325d52cca0758779172d297efda7
Instruction Fuzzy Hash: 90915D75A00214DFDB14DF54D584EA9BBF1FF84308F199099E80A9B3A2CB35ED85CBA1

Function 007DE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 007DE30D

Strings

pow, xrefs: 007DE2E5, 007DE302

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c24ba329d51ee94fb4fec6408fa400269111273a5592d596e66f879c91bccf1c
Instruction ID: d1aca00e533d87af2d3d85465686fa6d49425c17236073528bbe33e1683875b8
Opcode Fuzzy Hash: c24ba329d51ee94fb4fec6408fa400269111273a5592d596e66f879c91bccf1c
Instruction Fuzzy Hash: 55517D61A0D24296CB1BB715CD453793BB8FB44741F34899AF0D54A3E9EF3C8C81DA46

Function 007CE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 007CE1B1

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 731caa0cacfd3f05764a35a1f52625675a7d55b90583395a9d3c5173bf92b4da
Instruction ID: a0e0574afa566caabd0df11704e73db328291abee784368646056cd2d93df8d9
Opcode Fuzzy Hash: 731caa0cacfd3f05764a35a1f52625675a7d55b90583395a9d3c5173bf92b4da
Instruction Fuzzy Hash: 4A513335601246DFDB25DF28C885BFA7BA8FF55310F24845DE891DB2C0DA389D42CBA0

Function 007CF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 007CF2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 007CF2BB

Strings

@, xrefs: 007CF2AF

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 4231ab75b2eb5cab69395742c67e2dbbb786614f2f3ecc27fb58f946dee20a4e
Instruction ID: 3bde580d16c01c80ca60aa0703b44a4a87176a18361d47c7f36ffcf31841fa65
Opcode Fuzzy Hash: 4231ab75b2eb5cab69395742c67e2dbbb786614f2f3ecc27fb58f946dee20a4e
Instruction Fuzzy Hash: 26512472418744DBD320AF10D88ABABBBF8FB84300F85885DF199811A5EB748529CB67

Function 00835745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008357E0
_wcslen.LIBCMT ref: 008357EC

Strings

CALLARGARRAY, xrefs: 008357E6, 008357EB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 2a8cbcd6c6a20a1b1ad6bedc6c3ee26c616fc7a4865f1bb77bcf05fc963859a6
Instruction ID: 9b4aa4ad0486f56b69684687b479536400e46f84f8c4f47c98e3771e86572609
Opcode Fuzzy Hash: 2a8cbcd6c6a20a1b1ad6bedc6c3ee26c616fc7a4865f1bb77bcf05fc963859a6
Instruction Fuzzy Hash: CE417B71A00209DFCB14EFA9C8869AEBBB5FF99724F14406DE505E7291E7349D81CBA0

Function 0082D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0082D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0082D13A

Strings

|, xrefs: 0082D10B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: e6bdfb16a3302687b4c644f36a6cbc6ef092c59fb416fecf6aec27b1ca3c13bc
Instruction ID: 90cb027f29bb1966fd41cade51f9b97d776b7f7d4da69dfbe65080a66a028a56
Opcode Fuzzy Hash: e6bdfb16a3302687b4c644f36a6cbc6ef092c59fb416fecf6aec27b1ca3c13bc
Instruction Fuzzy Hash: DA313D71D00219EBCF15EFA4DC89AEEBFB9FF04304F100019F915A61A2E735AA56CB50

Function 0084356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00843621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0084365C

Strings

static, xrefs: 008435BC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: cde8ff80f452406edd14703b4eca76a618658a3134d7b99c46acd22e846fe70e
Instruction ID: b38273474efd00566f789cc8dc224cdf0dea4106e98ef89d1b150c0d8388403b
Opcode Fuzzy Hash: cde8ff80f452406edd14703b4eca76a618658a3134d7b99c46acd22e846fe70e
Instruction Fuzzy Hash: 2E318B71100208AEDB109F28DC81FFB73A9FF98724F01961DF9A5D7280DA34AD91D760

Function 00844537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0084461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00844634

Strings

', xrefs: 0084458E

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: ddc320d0b2ac1850c42bd35a704b1aa1591d15bcea3de07d3f71126650ad9518
Instruction ID: c4464c42456f18ed92abcffdef0fb7452e3bce76c10ba5e013144f27457a82e5
Opcode Fuzzy Hash: ddc320d0b2ac1850c42bd35a704b1aa1591d15bcea3de07d3f71126650ad9518
Instruction Fuzzy Hash: C1311674A0120A9FEF14CFA9C981BDABBB5FB09304F11516AE904EB341E770A941CF90

Function 008431EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0084327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00843287

Strings

Combobox, xrefs: 00843249

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 0f3fc38bb4fa408a60f52cc42f8321a926c22700b88828db42fa5a3438f93434
Instruction ID: 56c278f566167a7f9c7c240396078fed9a4896da22fac78da8aee52565d0a99f
Opcode Fuzzy Hash: 0f3fc38bb4fa408a60f52cc42f8321a926c22700b88828db42fa5a3438f93434
Instruction Fuzzy Hash: C811E27130021CBFFF219E54DC84EBB376AFB94365F104129F918E7290D6B19D518760

Function 00843710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 007B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
Part of subcall function 007B600E: GetStockObject.GDI32(00000011), ref: 007B6060
Part of subcall function 007B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A

GetWindowRect.USER32(00000000,?), ref: 0084377A
GetSysColor.USER32(00000012), ref: 00843794

Strings

static, xrefs: 00843757

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 98fb6cb6d2af43dfd6a7543cab4fda905cac549e0ee2f579513fbce18c972d3e
Instruction ID: bdebe9097ade9d6eb677833f92052c27917069f6c898326c9138d3eaf3068594
Opcode Fuzzy Hash: 98fb6cb6d2af43dfd6a7543cab4fda905cac549e0ee2f579513fbce18c972d3e
Instruction Fuzzy Hash: 1A1114B2610209AFDB00DFA8CC46AEA7BB8FB19314F014925F995E2250EB35E8519B60

Function 0082CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0082CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0082CDA6

Strings

<local>, xrefs: 0082CD66

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 7546942a85d1c6e1dbfb562718d782b7ccfa52b5ba45c7ef3892fb5f4ae9eb21
Instruction ID: 866c55de97b99e9a797e4d49d9dd54627f7970ff85f50d424ab671f10b64b5c5
Opcode Fuzzy Hash: 7546942a85d1c6e1dbfb562718d782b7ccfa52b5ba45c7ef3892fb5f4ae9eb21
Instruction Fuzzy Hash: CF11C675205635BAE7744B669C45EFBBE6CFF127A8F004226B109C3180D7749885D6F0

Function 00843429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 008434AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008434BA

Strings

edit, xrefs: 0084348F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 0b05aa99c5084f3edc06199eae86ab3daaf553215719654eefe4616b8dbdac49
Instruction ID: 5ffc070907786c82c05a7ef23b8bbafb895468806aa7979e660796b310a58703
Opcode Fuzzy Hash: 0b05aa99c5084f3edc06199eae86ab3daaf553215719654eefe4616b8dbdac49
Instruction Fuzzy Hash: 1E118C7120020CABEB129E68DC44AEB3B6EFB25378F504324FA65D31E0C775DD519B68

Function 00816C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

CharUpperBuffW.USER32(?,?,?), ref: 00816CB6
_wcslen.LIBCMT ref: 00816CC2

Strings

STOP, xrefs: 00816CBC, 00816CC1

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 0de969964638197b9059f1a4e327ba514083c316271e4de17f6dedfea8ee5a6e
Instruction ID: fe1d592cee2147167a732a5a081b95cd2af626aef173e5642108d64bb8716bb8
Opcode Fuzzy Hash: 0de969964638197b9059f1a4e327ba514083c316271e4de17f6dedfea8ee5a6e
Instruction Fuzzy Hash: 2001C832A005268BCB209FBDDC859FF77B9FF617147500524E9A2D6194FB35D990C690

Function 00811CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00811D4C

Strings

ListBox, xrefs: 00811D16
ComboBox, xrefs: 00811CEB

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 44c664b64b4fc40eae469592dcfb40b3089f4f476fe2ffc8a953e8b8bd079b3f
Instruction ID: 355a8ff5885acc09cf363920a7c1f8545435a2eda2ff57a6f7f2e6c743d8a9b7
Opcode Fuzzy Hash: 44c664b64b4fc40eae469592dcfb40b3089f4f476fe2ffc8a953e8b8bd079b3f
Instruction Fuzzy Hash: 3E01D875601218AB8F04EBA4DC59DFE776CFF56350B140519FA36A73C1EA345948C660

Function 00811BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00811C46

Strings

ListBox, xrefs: 00811C10
ComboBox, xrefs: 00811BE5

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: afcc4f6516009f8c547af5e5925e11f1a9e452c6337d5b4a97c9769845ccd119
Instruction ID: 3dbd65f795c5e87bdaf3cc0415f2a458daab8c1434daee9773a16fab64a6404e
Opcode Fuzzy Hash: afcc4f6516009f8c547af5e5925e11f1a9e452c6337d5b4a97c9769845ccd119
Instruction Fuzzy Hash: 24016775781108A7CF14EBA4C959AFFB7ACFF15340F140019BA27B7281EA649E48D6F1

Function 00811C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00811CC8

Strings

ListBox, xrefs: 00811C94
ComboBox, xrefs: 00811C69

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: c929876f72f8c983fd04f0f3843675249c88346ce7b9cad841efd8ec880a2e34
Instruction ID: af2df4fd33fa047b78ba71b34cd1b64b27c7ef02900a72a847b160a2c4dac923
Opcode Fuzzy Hash: c929876f72f8c983fd04f0f3843675249c88346ce7b9cad841efd8ec880a2e34
Instruction Fuzzy Hash: 16016775641118A7CF14E7A4CA59AFE77ACFF11340B540015BA16F3281EA659F48C6F1

Function 00811D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD

Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00811DD3

Strings

ListBox, xrefs: 00811DA0
ComboBox, xrefs: 00811D75

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: b9cad59d8d61aa57293a647d1a203afce2228bac2b7668dd5f16f7051381456e
Instruction ID: 8ed1e5e2453ce5bfbb9405e2f0c8d69b5130a39d5efa73596a3fa99c785b1b4a
Opcode Fuzzy Hash: b9cad59d8d61aa57293a647d1a203afce2228bac2b7668dd5f16f7051381456e
Instruction Fuzzy Hash: C7F0A471A41218A7DF04E7A4DC9ABFE776CFF02354F140919BA36E32C1EA64994882A1

Function 0083747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00837493
_wcslen.LIBCMT ref: 008374B9

Strings

3, 3, 16, 1, xrefs: 00837483

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: 9f12e271cb67e940d73a0713f41820832bd969109cbe90b71bf67f98d2b41939
Instruction ID: dc864e4d952e30fa594f8c27769b698985bfc8a4d0c7135bbed5b46ae303ab39
Opcode Fuzzy Hash: 9f12e271cb67e940d73a0713f41820832bd969109cbe90b71bf67f98d2b41939
Instruction Fuzzy Hash: 91E06182305320719331137BDCC597F5699EFC9750B10182BF9C5C236AFAA8ED9193E5

Function 00810B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00810B23

Strings

AutoIt, xrefs: 00810B17
Error allocating memory., xrefs: 00810B1C

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: caba219e3b5da8fe3256ef994c4a29f64d80ae7bb8af87367a6028fbb9836473
Instruction ID: a4b8b483dcb5d5ef85070187c6243648818fb49017b1517cb1003bd9dc536497
Opcode Fuzzy Hash: caba219e3b5da8fe3256ef994c4a29f64d80ae7bb8af87367a6028fbb9836473
Instruction Fuzzy Hash: C9E0923128931876D2102694BC07F897B88EF05B20F10442AF798955C38AE9649046E9

Function 007D0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 007CF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007D0D71,?,?,?,007B100A), ref: 007CF7CE

IsDebuggerPresent.KERNEL32(?,?,?,007B100A), ref: 007D0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007B100A), ref: 007D0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007D0D7F

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: e547f1605994cf4680165de67cd9b24f8a37a5bb0e7f236ba47e2b23c8bf0abc
Instruction ID: a4fdf2cc0019c5a3ee43742a9bfa33ad10526c74e515400b607aa2db2b9dba03
Opcode Fuzzy Hash: e547f1605994cf4680165de67cd9b24f8a37a5bb0e7f236ba47e2b23c8bf0abc
Instruction Fuzzy Hash: E7E06D742003118BD3609FB8E4087427BF5BB04741F00492EE482C6752DBF8E444CBE1

Function 00823017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0082302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00823044

Strings

aut, xrefs: 00823038

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 33406ae8aef0cf0af239201b697ae239ba2021ab5c21085c1b2a3ce0146b08ef
Instruction ID: e81a3babe13f0b0b7251f081ce54f30b2f972fbd36cee2666586f44e4729a2d9
Opcode Fuzzy Hash: 33406ae8aef0cf0af239201b697ae239ba2021ab5c21085c1b2a3ce0146b08ef
Instruction Fuzzy Hash: 98D05E7650133867DA60A7A4AC4EFCB7B6CEB05750F0002A1B655E2091EAF4D984CAD4

Function 0080D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0080D220

Strings

X64, xrefs: 0080D2A8
%.3d, xrefs: 0080D22B

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 7110b61ffbe97b82b312c7f374fa5a5703d167400860c87300c3b0d261b88ea1
Instruction ID: df0cb18d1ddec9aa742374055d307fbc4bcf8584641ed9bd7d9ab1f796f90e1b
Opcode Fuzzy Hash: 7110b61ffbe97b82b312c7f374fa5a5703d167400860c87300c3b0d261b88ea1
Instruction Fuzzy Hash: 5BD012A180931CEACBD096E0CC49DB9B37CFB18305F508466F80AD1080D768E948AB61

Function 00842322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0084233F

Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3

Strings

Shell_TrayWnd, xrefs: 00842325

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: c8576065b501445a9aae6b6921dc2c580df56daef686a73fc5c60daae4d3c665
Instruction ID: 936b23977f1e719fe3cf86902c85832c08ded0b433b843a78ac64a7cf2d884d5
Opcode Fuzzy Hash: c8576065b501445a9aae6b6921dc2c580df56daef686a73fc5c60daae4d3c665
Instruction Fuzzy Hash: 20D0A93A381300B6E2E8A7309C0FFCA6A18BB00B00F018A06770AEA1D0C8A4A801CA00

Function 00842356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084236C
PostMessageW.USER32(00000000), ref: 00842373

Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3

Strings

Shell_TrayWnd, xrefs: 00842365

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 4e1c624e1da4bd6ac43389eddc581ab89d77dc7f6dae138402ec877548a2774a
Instruction ID: 2d36e448977bbaa1e62ed39db9f3ddd06f4e3404d43831596448da2c508375ae
Opcode Fuzzy Hash: 4e1c624e1da4bd6ac43389eddc581ab89d77dc7f6dae138402ec877548a2774a
Instruction Fuzzy Hash: A6D0A9363823007AE2E8A7309C0FFCA6A18BB01B00F018A06770AEA1D0C8A4A801CA04

Function 007EBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 007EBE93
GetLastError.KERNEL32 ref: 007EBEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007EBEFC

Memory Dump Source

Source File: 00000000.00000002.2922404510.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true

Associated: 00000000.00000002.2922326916.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922513864.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922653377.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2922686808.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 7b6ada164a8ca295b88806f991881dc366a0924043faf2c6e5892e392aa0dff9
Instruction ID: 6ab9e0bb520bff7adada0835ff20473fbf7aa37c125d7e425345c7e21e527321
Opcode Fuzzy Hash: 7b6ada164a8ca295b88806f991881dc366a0924043faf2c6e5892e392aa0dff9
Instruction Fuzzy Hash: 5341D735602286EFCF218FA6CC84ABB7FA5AF49310F144169F959972A1DB349D01DB60

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.44

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre